VIRY.CZ

Zoek.exe v5.0.0.0 Updated 15-February-2014
Tool run by Administrator on so 15.02.2014 at 16:10:36,60.
Systém Microsoft Windows XP Professional 5.1.2600 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Administrator\Plocha\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

15.2.2014 16:11:47 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Creating Sample_15.02.2014_1617.zip ======================


C:\Documents and Settings\All Users\Plocha\sample_15.02.2014_1617.zip created successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2052111302-1844237615-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully
HKEY_USERS\S-1-5-21-2052111302-1844237615-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully
HKEY_USERS\S-1-5-21-2052111302-1844237615-725345543-500\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2052111302-1844237615-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\jqs@sun.com deleted successfully

==== Running Processes ======================

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SecretSauce\updateSecretSauce.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SecretSauce\bin\utilSecretSauce.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\Administrator\Data aplikací\32-bit.exe
C:\Documents and Settings\Administrator\Data aplikací\System.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FaceBookHacker.exe
C:\Documents and Settings\Administrator\Plocha\zoek.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util SecretSauce deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util SecretSauce deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Util SecretSauce deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Util SecretSauce deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update SecretSauce deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update SecretSauce deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Update SecretSauce deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Update SecretSauce deleted successfully

==== Deleting Files \ Folders ======================

C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\Adobe not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\Age of Empires 3 not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\Alternative Software Ltd not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\ashampoo not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\Atheros not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\ATI not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\AVAST Software not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\Big Fish Games not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\BigFishGamesCache not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\BioWare not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\Cyberlink not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\dingogames not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\DVD Shrink not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\EA Core not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\Electronic Arts not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\Malwarebytes not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable) not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\McAfee not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\McAfee Security Scan not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\Media Center Programs not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\Microsoft not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\Microsoft Games not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\Microsoft Help not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\MicroWorld not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\MumboJumbo not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\PMB Files not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\Real not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\Skype not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\Solidshield not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\Sun not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\TEMP not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\TP-LINK not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\TrackMania not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\vsosdk not found
C:\Documents and Settings\All Users\Data aplikacˇ\C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage not found
C:\Documents and Settings\Administrator\Data aplikací\32-bit.exe.tmp not found
C:\Documents and Settings\Administrator\Data aplikací\System.exe.tmp not found
C:\Documents and Settings\Jan Kubesa\Data aplikací\dach100.dll not found
C:\DOCUME~1\ADMINI~1\NABDKA~1\Programy\Po spuštění\gauswqussd.vbs not found
C:\DOCUME~1\ADMINI~1\NABDKA~1\Programy\Po spuštění\knphxyhaar.vbs not found
C:\DOCUME~1\ADMINI~1\NABDKA~1\Programy\Po spuštění\nzfqtgxiuu.vbs not found
C:\DOCUME~1\ADMINI~1\NABDKA~1\Programy\Po spuštění\rswfguhvuz.vbs not found
C:\DOCUME~1\ADMINI~1\NABDKA~1\Programy\Po spuštění\tmp62.tmp.vbs not found
C:\DOCUME~1\ADMINI~1\NABDKA~1\Programy\Po spuštění\tmp67.tmp.vbs not found
C:\DOCUME~1\ADMINI~1\NABDKA~1\Programy\Po spuštění\tmp68.tmp.vbs not found
C:\DOCUME~1\ADMINI~1\NABDKA~1\Programy\Po spuštění\tmp6E.tmp.vbs not found
C:\DOCUME~1\ADMINI~1\NABDKA~1\Programy\Po spuštění\tmp6F.tmp.vbs not found
C:\DOCUME~1\ADMINI~1\NABDKA~1\Programy\Po spuštění\tmpAD.tmp.vbs not found
C:\DOCUME~1\ADMINI~1\NABDKA~1\Programy\Po spuštění\wyfhxjicra.vbs not found
C:\DOCUME~1\ADMINI~1\NABDKA~1\Programy\Po spuštění\xaioytkasp.vbs not found
C:\DOCUME~1\ADMINI~1\NABDKA~1\Programy\Po spuštění\xjvlxdcaay.vbs not found
C:\Documents and Settings\Administrator\Data aplikací\32-bit.exe not found
C:\Documents and Settings\Administrator\Data aplikací\System.exe not found
C:\Documents and Settings\Jan Kubesa\Data aplikací\PnkBstrB.exe not found
"C:\Documents and Settings\Administrator\Data aplikací\ATI" not found
"C:\Documents and Settings\Administrator\Data aplikací\Sun" not found
"C:\Documents and Settings\Administrator\Data aplikací\Vso" not found
"C:\Documents and Settings\Administrator\Data aplikací\DivX" not found
"C:\Documents and Settings\Administrator\Data aplikací\Games" not found
"C:\Documents and Settings\Administrator\Data aplikací\SPORE" not found
"C:\Documents and Settings\Administrator\Data aplikací\Unity" not found
"C:\Documents and Settings\Administrator\Data aplikací\CLOUDY" not found
"C:\Documents and Settings\Administrator\Data aplikací\SecuROM" not found
C:\Program Files\ZoneAlarm_Security deleted
C:\Program Files\Free Download Manager deleted
"C:\Program Files\SecretSauce\updateSecretSauce.exe" deleted
"C:\Program Files\SecretSauce\updateSecretSauce.exe" deleted
"C:\Program Files\SecretSauce\bin\utilSecretSauce.exe" deleted
"C:\Program Files\SecretSauce\bin\utilSecretSauce.exe" deleted
"C:\Program Files\SecretSauce" not deleted
"C:\Program Files\SecretSauce" not deleted
"C:\Program Files\SecretSauce\bin" not deleted
"C:\Program Files\SecretSauce\bin" not deleted

======== System Restore Points ========

RP78: 11.2.2014 18:17:39 - ComboFix created restore point
RP79: 13.2.2014 15:51:47 - OTM Restore Point
RP80: 15.2.2014 16:11:47 - zoek.exe restore point

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Talkback - %AppDir%\extensions\talkback@mozilla.org
- Firefox default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

==== Firefox Plugins ======================


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dbpebffoameokfhnaaedmefjncfboino - C:\Program Files\SecretSauce\dbpebffoameokfhnaaedmefjncfboino.crx[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dbpebffoameokfhnaaedmefjncfboino deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 deleted successfully

==== HijackThis Entries ======================

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [tmp67] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp67.tmp.vbs"
O4 - HKLM\..\Run: [rswfguhvuz] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rswfguhvuz.vbs"
O4 - HKLM\..\Run: [knphxyhaar] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\knphxyhaar.vbs"
O4 - HKLM\..\Run: [xjvlxdcaay] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xjvlxdcaay.vbs"
O4 - HKLM\..\Run: [xaioytkasp] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xaioytkasp.vbs"
O4 - HKLM\..\Run: [tmp6E] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6E.tmp.vbs"
O4 - HKLM\..\Run: [tmp62] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp62.tmp.vbs"
O4 - HKLM\..\Run: [tmp68] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp68.tmp.vbs"
O4 - HKLM\..\Run: [tmp6F] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6F.tmp.vbs"
O4 - HKLM\..\Run: [gauswqussd] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gauswqussd.vbs"
O4 - HKLM\..\Run: [nzfqtgxiuu] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nzfqtgxiuu.vbs"
O4 - HKLM\..\Run: [tmpAD] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpAD.tmp.vbs"
O4 - HKLM\..\Run: [wyfhxjicra] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wyfhxjicra.vbs"
O4 - HKLM\..\Run: [f7f31eeefe847941e67af1a39aae51fc] "C:\Documents and Settings\Administrator\Data aplikací\32-bit.exe" ..
O4 - HKLM\..\Run: [5f805e177fa7c673482c92c255460b67] "C:\Documents and Settings\Administrator\Data aplikací\System.exe" ..
O4 - HKLM\..\Run: [84ed770416516c521a5ceebcdbdcddc5] "C:\Documents and Settings\Administrator\Local Settings\Temp\FaceBookHacker.exe" ..
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [RGSC] E:\Games\GTA_IV\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tmp67] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp67.tmp.vbs"
O4 - HKCU\..\Run: [rswfguhvuz] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rswfguhvuz.vbs"
O4 - HKCU\..\Run: [knphxyhaar] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\knphxyhaar.vbs"
O4 - HKCU\..\Run: [xjvlxdcaay] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xjvlxdcaay.vbs"
O4 - HKCU\..\Run: [xaioytkasp] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xaioytkasp.vbs"
O4 - HKCU\..\Run: [tmp6E] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6E.tmp.vbs"
O4 - HKCU\..\Run: [tmp62] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp62.tmp.vbs"
O4 - HKCU\..\Run: [tmp68] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp68.tmp.vbs"
O4 - HKCU\..\Run: [tmp6F] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6F.tmp.vbs"
O4 - HKCU\..\Run: [gauswqussd] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gauswqussd.vbs"
O4 - HKCU\..\Run: [nzfqtgxiuu] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nzfqtgxiuu.vbs"
O4 - HKCU\..\Run: [tmpAD] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpAD.tmp.vbs"
O4 - HKCU\..\Run: [wyfhxjicra] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wyfhxjicra.vbs"
O4 - HKCU\..\Run: [f7f31eeefe847941e67af1a39aae51fc] "C:\Documents and Settings\Administrator\Data aplikací\32-bit.exe" ..
O4 - HKCU\..\Run: [5f805e177fa7c673482c92c255460b67] "C:\Documents and Settings\Administrator\Data aplikací\System.exe" ..
O4 - HKCU\..\Run: [84ed770416516c521a5ceebcdbdcddc5] "C:\Documents and Settings\Administrator\Local Settings\Temp\FaceBookHacker.exe" ..
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: 5f805e177fa7c673482c92c255460b67.exe
O4 - Startup: 84ed770416516c521a5ceebcdbdcddc5.exe
O4 - Startup: f7f31eeefe847941e67af1a39aae51fc.exe
O4 - Startup: gauswqussd.vbs
O4 - Startup: knphxyhaar.vbs
O4 - Startup: nzfqtgxiuu.vbs
O4 - Startup: rswfguhvuz.vbs
O4 - Startup: tmp62.tmp.vbs
O4 - Startup: tmp67.tmp.vbs
O4 - Startup: tmp68.tmp.vbs
O4 - Startup: tmp6E.tmp.vbs
O4 - Startup: tmp6F.tmp.vbs
O4 - Startup: tmpAD.tmp.vbs
O4 - Startup: wyfhxjicra.vbs
O4 - Startup: xaioytkasp.vbs
O4 - Startup: xjvlxdcaay.vbs
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stáhnout všechny FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD 2002 Cz\InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Ovládací prvek AcDcToday) - file://C:\Program Files\AutoCAD 2002 Cz\AcDcToday.ocx
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002 Cz\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\AutoCAD 2002 Cz\AcPreview.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

==== Empty IE Cache ======================

C:\Documents and Settings\Administrator\Local Settings\temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=9 folders=8 1549439 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Program Files\SecretSauce" not found
"C:\Program Files\SecretSauce" not found

==== EOF on so 15.02.2014 at 18:24:15,07 ======================

Ty soubory ve složce C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění jsou pořád a přibyly tym nějaké .exe.
84ed770416516c521a5ceebcdbdcddc5.exe
f7f31eeefe847941e67af1a39aae51fc.exe
84ed770416516c521a5ceebcdbdcddc5.exe
ea245fdc7eb8b9a02f20365bd1579c02.exe

Stahni Avenger zde:
http://swandog46.geekstogo.com/avenger.exe
Spusť a všude souhlas „Yes“
Hlavní okno

dole dej fajfku do obou čtverečků

Do pole „Input script here“ zkopíruj zelený text scriptu -> „Execute“ -> „Yes“
Bude restart a je potřeba vyčkat na otevření Notepadu a jeho obsah sem vložit. (C:\avenger.txt)

Script

Stáhni OTM z jednoho odkazu a rozbal nejlépe na plochu.
http://oldtimer.geekstogo.com/OTM.exe
http://www.itxassociates.com/OT-Tools/OTM.exe

Spusť program „OTM.exe“ (pro Vistu a Win7 – pravým a „Run As Administrator“).
Do okna pod žlutou čáru vlož celý text zeleným písmem ze „Scriptu“

Klikni na červené „MoveIt!“

Při nabídce restartu „YES“
a log potom najdeš v C:\_OTM\MovedFiles\ - dej mi ho sem na kontrolu

Script OTM

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Documents and Settings\Administrator\Data aplikací\32-bit.exe" deleted successfully.
File "C:\Documents and Settings\Administrator\Data aplikací\System.exe" deleted successfully.
File "C:\Documents and Settings\Administrator\Local Settings\Temp\FaceBookHacker.exe" deleted successfully.

Error: file "C:\Documents and Settings\Administrator\Data aplikací\32-bit.exe .." not found!
Deletion of file "C:\Documents and Settings\Administrator\Data aplikací\32-bit.exe .." failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Documents and Settings\Administrator\Data aplikací\System.exe .." not found!
Deletion of file "C:\Documents and Settings\Administrator\Data aplikací\System.exe .." failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Documents and Settings\Administrator\Local Settings\Temp\FaceBookHacker.exe .." not found!
Deletion of file "C:\Documents and Settings\Administrator\Local Settings\Temp\FaceBookHacker.exe .." failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 395907518 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6983345 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jan Kubesa
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Simca

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 131072 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 384,00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Jan Kubesa
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Simca

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: Default User

User: Jan Kubesa
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Simca

Total Java Files Cleaned = 0,00 mb

========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\CSC\csc1.tmp moved successfully.
C:\Documents and Settings\Administrator\Data aplikací\32-bit.exe moved successfully.
C:\Documents and Settings\Administrator\Data aplikací\System.exe moved successfully.
File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FaceBookHacker.exe not found.
File/Folder C:\Program Files\SecretSauce not found.
\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\5f805e177fa7c673482c92c255460b67.exe moved successfully.
\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\84ed770416516c521a5ceebcdbdcddc5.exe moved successfully.
\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\f7f31eeefe847941e67af1a39aae51fc.exe moved successfully.
\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\gauswqussd.vbs moved successfully.
\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\knphxyhaar.vbs moved successfully.
\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\nzfqtgxiuu.vbs moved successfully.
\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\rswfguhvuz.vbs moved successfully.
\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\tmp62.tmp.vbs moved successfully.
\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\tmp67.tmp.vbs moved successfully.
\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\tmp68.tmp.vbs moved successfully.
\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\tmp6E.tmp.vbs moved successfully.
\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\tmp6F.tmp.vbs moved successfully.
\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\tmpAD.tmp.vbs moved successfully.
\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\wyfhxjicra.vbs moved successfully.
\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\xaioytkasp.vbs moved successfully.
\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\xjvlxdcaay.vbs moved successfully.
\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\ea245fdc7eb8b9a02f20365bd1579c02.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tmp67 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rswfguhvuz deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\knphxyhaar deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\xjvlxdcaay deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\xaioytkasp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tmp6E deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tmp62 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tmp68 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tmp6F deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\gauswqussd deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nzfqtgxiuu deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tmpAD deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wyfhxjicra deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\f7f31eeefe847941e67af1a39aae51fc deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\5f805e177fa7c673482c92c255460b67 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\84ed770416516c521a5ceebcdbdcddc5 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\tmp67 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\rswfguhvuz deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\knphxyhaar deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\xjvlxdcaay deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\xaioytkasp deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\tmp6E deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\tmp62 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\tmp68 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\tmp6F deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\gauswqussd deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\nzfqtgxiuu deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\tmpAD deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\wyfhxjicra deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\f7f31eeefe847941e67af1a39aae51fc deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\5f805e177fa7c673482c92c255460b67 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\84ed770416516c521a5ceebcdbdcddc5 deleted successfully.

OTM by OldTimer - Version 3.1.21.0 log created on 02162014_103104

Ve složce C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění ještě pořád visí jeden soubor f7d033c721d41cb10fc4a4adbd75874d.exe, který nejde odstranit.

Script pro Avenger Sript pro OTM
Po restartu nový RSIT

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\f7d033c721d41cb10fc4a4adbd75874d.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2014-02-16 15:22:04
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 54 GB (54%) free of 100 GB
Total RAM: 2046 MB (71% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll [2013-09-06 95648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-04-01 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-04-01 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-04-01 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-31 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\JMRaidSetup.exe [2006-11-17 1953792]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-07-27 98304]
"f7d033c721d41cb10fc4a4adbd75874d"=C:\WINDOWS\32-bit.exe [2014-02-15 24064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-17 490952]
"Steam"=C:\Program Files\Steam\Steam.exe [2014-02-11 1824000]
"Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2013-03-14 3093624]
"RGSC"=E:\Games\GTA_IV\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"f7d033c721d41cb10fc4a4adbd75874d"=C:\WINDOWS\32-bit.exe [2014-02-15 24064]

C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
f7d033c721d41cb10fc4a4adbd75874d.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2012-07-28 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\Games\CoD_4\iw3mp.exe"="E:\Games\CoD_4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"E:\Games\AoE_III\age3x.exe"="E:\Games\AoE_III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"E:\Games\AoE_III\age3y.exe"="E:\Games\AoE_III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties"
"E:\Games\Supreme_commander\Supreme Commander\bin\SupremeCommander.exe"="E:\Games\Supreme_commander\Supreme Commander\bin\SupremeCommander.exe:*:Enabled:Supreme Commander"
"E:\Games\Empire_Earth_III\EE3.exe"="E:\Games\Empire_Earth_III\EE3.exe:*:Enabled:Empire Earth III"
"E:\Games\Zoo_tycoon_2\zt.exe"="E:\Games\Zoo_tycoon_2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"E:\Games\Mass Effect\Binaries\MassEffect.exe"="E:\Games\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
"E:\Games\Mass Effect\MassEffectLauncher.exe"="E:\Games\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"E:\Games\CoD_5\CoDWaWmp.exe"="E:\Games\CoD_5\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"E:\Games\CoD_5\CoDWaW.exe"="E:\Games\CoD_5\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"E:\Games\Settlers_6\base\bin\Settlers6.exe"="E:\Games\Settlers_6\base\bin\Settlers6.exe:*:Enabled:THE SETTLERS - Rise of an Empire"
"E:\Games\Settlers_6\extra1\bin\Settlers6.exe"="E:\Games\Settlers_6\extra1\bin\Settlers6.exe:*:Enabled:THE SETTLERS - Rise of an Empire - The Eastern Realm"
"E:\Games\Dungeon_Siege_II\DungeonSiege2.exe"="E:\Games\Dungeon_Siege_II\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable"
"C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe"="C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio"
"C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program"
"C:\Program Files\CyberLink\PowerDirector Express\PDX.exe"="C:\Program Files\CyberLink\PowerDirector Express\PDX.exe:*:Enabled:CyberLink PowerDirector Express"
"E:\Games\Settlers_7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe"="E:\Games\Settlers_7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe:*:Enabled:The Settlers 7 - Paths to a Kingdom"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"E:\Games\MoH_Airborne\UnrealEngine3\Binaries\MOHA.exe"="E:\Games\MoH_Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"E:\Games\Zatazeno_obcas_trakare\Zataženo, občas trakaře\JadeEngine_Final.exe"="E:\Games\Zatazeno_obcas_trakare\Zataženo, občas trakaře\JadeEngine_Final.exe:*:Enabled:Zataženo, občas trakaře"
"E:\Games\Borderlands 2\Binaries\Win32\Borderlands2.exe"="E:\Games\Borderlands 2\Binaries\Win32\Borderlands2.exe:*:Enabled:Borderlands 2"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"E:\Games\World_of_Tanks\WorldOfTanks.exe"="E:\Games\World_of_Tanks\WorldOfTanks.exe:*:Enabled:World of Tanks"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"E:\Games\Crysis\Bin32\Crysis.exe"="E:\Games\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"E:\Games\Crysis\Bin32\CrysisDedicatedServer.exe"="E:\Games\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"E:\Games\Avatar\bin\Avatar.exe"="E:\Games\Avatar\bin\Avatar.exe:*:Enabled:James Cameron's AVATAR(tm): THE GAME"
"E:\Games\Avatar\bin\AvatarLauncher.exe"="E:\Games\Avatar\bin\AvatarLauncher.exe:*:Enabled:Updater"
"E:\Games\GTA_IV\Rockstar Games Social Club\RGSCLauncher.exe"="E:\Games\GTA_IV\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"D:\LOTR_II\game.dat"="D:\LOTR_II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"E:\Games\Mass Effect 2\Binaries\MassEffect2.exe"="E:\Games\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Hra"
"E:\Games\Mass Effect 2\MassEffect2Launcher.exe"="E:\Games\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Spustit"
"E:\Games\TmNationsForever\TmForever.exe"="E:\Games\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"D:\SteamLibrary\SteamApps\common\CookServeDelicious\CSDSteamBuild.exe"="D:\SteamLibrary\SteamApps\common\CookServeDelicious\CSDSteamBuild.exe:*:Enabled:Cook, Serve, Delicious!"
"E:\Games\World_of_Tanks\WOTLauncher.exe"="E:\Games\World_of_Tanks\WOTLauncher.exe:*:Enabled:World of Tanks Launcher"
"C:\Program Files\Techland\Call of Juarez\CoJ.exe"="C:\Program Files\Techland\Call of Juarez\CoJ.exe:*:Enabled:The Call of Juarez"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Administrator\Data aplikací\System.exe"="C:\Documents and Settings\Administrator\Data aplikací\System.exe:*:Enabled:System.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\32Bit.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\32Bit.exe:*:Enabled:32Bit.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\FaceBookHacker.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\FaceBookHacker.exe:*:Enabled:FaceBookHacker.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\32-Bit.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\32-Bit.exe:*:Enabled:32-Bit.exe"
"C:\Documents and Settings\Administrator\Data aplikací\32-bit.exe"="C:\Documents and Settings\Administrator\Data aplikací\32-bit.exe:*:Enabled:32-bit.exe"
"C:\WINDOWS\32-bit.exe"="C:\WINDOWS\32-bit.exe:*:Enabled:32-bit.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.scr - open - C:\WINDOWS\NOTEPAD.EXE "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2014-02-16 14:58:14 ----A---- C:\WINDOWS\ntbtlog.txt
2014-02-16 14:34:51 ----A---- C:\avenger.txt
2014-02-16 10:31:04 ----D---- C:\_OTM
2014-02-16 10:08:21 ----N---- C:\WINDOWS\system32\smtpapi.dll
2014-02-16 10:08:21 ----N---- C:\WINDOWS\system32\rwnh.dll
2014-02-16 10:08:14 ----N---- C:\WINDOWS\system32\aaclient.dll
2014-02-16 10:08:13 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2014-02-16 10:08:13 ----N---- C:\WINDOWS\system32\azroles.dll
2014-02-16 10:08:12 ----N---- C:\WINDOWS\system32\dot3svc.dll
2014-02-16 10:08:12 ----N---- C:\WINDOWS\system32\dot3msm.dll
2014-02-16 10:08:12 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2014-02-16 10:08:12 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2014-02-16 10:08:12 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2014-02-16 10:08:12 ----N---- C:\WINDOWS\system32\dot3api.dll
2014-02-16 10:08:12 ----N---- C:\WINDOWS\system32\dimsroam.dll
2014-02-16 10:08:12 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2014-02-16 10:08:12 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2014-02-16 10:08:12 ----N---- C:\WINDOWS\system32\credssp.dll
2014-02-16 10:08:11 ----N---- C:\WINDOWS\system32\eapsvc.dll
2014-02-16 10:08:11 ----N---- C:\WINDOWS\system32\eapqec.dll
2014-02-16 10:08:11 ----N---- C:\WINDOWS\system32\eappprxy.dll
2014-02-16 10:08:11 ----N---- C:\WINDOWS\system32\eapphost.dll
2014-02-16 10:08:11 ----N---- C:\WINDOWS\system32\eappgnui.dll
2014-02-16 10:08:11 ----N---- C:\WINDOWS\system32\eappcfg.dll
2014-02-16 10:08:11 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2014-02-16 10:08:11 ----N---- C:\WINDOWS\system32\eapolqec.dll
2014-02-16 10:08:11 ----N---- C:\WINDOWS\system32\dot3ui.dll
2014-02-16 10:08:09 ----N---- C:\WINDOWS\system32\kbdpash.dll
2014-02-16 10:08:09 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2014-02-16 10:08:09 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2014-02-16 10:08:09 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2014-02-16 10:08:08 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2014-02-16 10:08:08 ----N---- C:\WINDOWS\system32\kmsvc.dll
2014-02-16 10:08:07 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2014-02-16 10:08:07 ----N---- C:\WINDOWS\system32\mssha.dll
2014-02-16 10:08:07 ----N---- C:\WINDOWS\system32\mmcperf.exe
2014-02-16 10:08:07 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2014-02-16 10:08:07 ----N---- C:\WINDOWS\system32\mmcex.dll
2014-02-16 10:08:07 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2014-02-16 10:08:06 ----N---- C:\WINDOWS\system32\onex.dll
2014-02-16 10:08:06 ----N---- C:\WINDOWS\system32\napstat.exe
2014-02-16 10:08:06 ----N---- C:\WINDOWS\system32\napmontr.dll
2014-02-16 10:08:06 ----N---- C:\WINDOWS\system32\napipsec.dll
2014-02-16 10:08:05 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2014-02-16 10:08:05 ----N---- C:\WINDOWS\system32\rasqec.dll
2014-02-16 10:08:05 ----N---- C:\WINDOWS\system32\qutil.dll
2014-02-16 10:08:05 ----N---- C:\WINDOWS\system32\qcliprov.dll
2014-02-16 10:08:05 ----N---- C:\WINDOWS\system32\qagentrt.dll
2014-02-16 10:08:05 ----N---- C:\WINDOWS\system32\qagent.dll
2014-02-16 10:08:04 ----N---- C:\WINDOWS\system32\setupn.exe
2014-02-16 10:08:01 ----N---- C:\WINDOWS\system32\tspkg.dll
2014-02-16 10:08:01 ----N---- C:\WINDOWS\system32\tsgqec.dll
2014-02-16 10:08:00 ----N---- C:\WINDOWS\system32\wlanapi.dll
2014-02-16 10:07:58 ----D---- C:\WINDOWS\system32\cs-cz
2014-02-16 10:07:57 ----D---- C:\WINDOWS\system32\cs
2014-02-16 10:07:57 ----D---- C:\WINDOWS\l2schemas
2014-02-16 10:07:56 ----D---- C:\WINDOWS\system32\bits
2014-02-16 10:01:34 ----D---- C:\WINDOWS\network diagnostic
2014-02-16 08:24:53 ----D---- C:\Avenger
2014-02-15 22:07:08 ----A---- C:\WINDOWS\32-bit.exe
2014-02-15 18:26:18 ----SHD---- C:\RECYCLER
2014-02-15 16:22:18 ----D---- C:\WINDOWS\Temp
2014-02-15 16:22:18 ----A---- C:\WINDOWS\zoek-delete.exe
2014-02-15 16:22:01 ----D---- C:\Program Files\HiJackThis
2014-02-15 16:10:28 ----D---- C:\zoek_backup
2014-02-15 15:28:45 ----A---- C:\Documents and Settings\Administrator\Data aplikací\System.exe.tmp
2014-02-15 13:03:48 ----A---- C:\Documents and Settings\Administrator\Data aplikací\32-bit.exe.tmp
2014-02-13 18:28:51 ----D---- C:\AdwCleaner
2014-02-13 18:18:49 ----D---- C:\WINDOWS\ERUNT
2014-02-13 17:49:09 ----A---- C:\TDSSKiller.3.0.0.23_13.02.2014_17.49.09_log.txt
2014-02-13 17:48:42 ----A---- C:\TDSSKiller.2.8.16.0_13.02.2014_17.48.42_log.txt
2014-02-13 17:04:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-02-13 17:04:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2014-02-11 18:24:33 ----A---- C:\ComboFix.txt
2014-01-18 19:25:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\TrackMania

======List of files/folders modified in the last 1 months======

2014-02-16 15:22:05 ----D---- C:\Program Files\trend micro
2014-02-16 15:20:17 ----D---- C:\WINDOWS\system32\CatRoot2
2014-02-16 15:19:56 ----D---- C:\Program Files\Steam
2014-02-16 14:58:14 ----D---- C:\WINDOWS
2014-02-16 14:40:02 ----SHD---- C:\WINDOWS\CSC
2014-02-16 14:34:03 ----D---- C:\WINDOWS\system32\drivers
2014-02-16 10:48:31 ----D---- C:\WINDOWS\Minidump
2014-02-16 10:48:31 ----D---- C:\WINDOWS\Debug
2014-02-16 10:47:38 ----D---- C:\WINDOWS\system32
2014-02-16 10:47:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-16 10:24:05 ----SHD---- C:\WINDOWS\Installer
2014-02-16 10:24:05 ----D---- C:\Config.Msi
2014-02-16 10:18:21 ----D---- C:\WINDOWS\system32\Setup
2014-02-16 10:18:21 ----D---- C:\WINDOWS\AppPatch
2014-02-16 10:18:20 ----RSD---- C:\WINDOWS\Fonts
2014-02-16 10:18:20 ----D---- C:\WINDOWS\system32\wbem
2014-02-16 10:17:04 ----D---- C:\WINDOWS\security
2014-02-16 10:10:38 ----HD---- C:\WINDOWS\inf
2014-02-16 10:10:30 ----D---- C:\WINDOWS\system32\CatRoot
2014-02-16 10:08:33 ----D---- C:\WINDOWS\WinSxS
2014-02-16 10:08:28 ----D---- C:\Program Files\Messenger
2014-02-16 10:08:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-02-16 10:08:22 ----D---- C:\WINDOWS\EHome
2014-02-16 10:08:21 ----D---- C:\WINDOWS\system32\inetsrv
2014-02-16 10:08:20 ----D---- C:\WINDOWS\ime
2014-02-16 10:08:20 ----D---- C:\WINDOWS\Help
2014-02-16 10:07:58 ----D---- C:\WINDOWS\system32\usmt
2014-02-16 10:07:57 ----D---- C:\Program Files\Internet Explorer
2014-02-16 10:07:56 ----D---- C:\WINDOWS\peernet
2014-02-16 10:07:56 ----D---- C:\Program Files\Movie Maker
2014-02-16 10:04:10 ----D---- C:\WINDOWS\system32\Restore
2014-02-16 10:04:10 ----D---- C:\WINDOWS\system32\npp
2014-02-16 10:04:09 ----D---- C:\WINDOWS\msagent
2014-02-16 10:04:06 ----D---- C:\WINDOWS\srchasst
2014-02-16 10:04:05 ----D---- C:\Program Files\NetMeeting
2014-02-16 10:04:04 ----D---- C:\WINDOWS\system32\Com
2014-02-16 10:04:00 ----D---- C:\Program Files\Windows Media Player
2014-02-16 10:03:59 ----D---- C:\Program Files\Windows NT
2014-02-16 10:03:59 ----D---- C:\Program Files\Outlook Express
2014-02-16 10:03:53 ----D---- C:\Program Files\Common Files\System
2014-02-16 10:03:31 ----D---- C:\WINDOWS\system32\oobe
2014-02-16 10:03:29 ----D---- C:\WINDOWS\system
2014-02-16 10:00:11 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2014-02-16 08:24:53 ----RD---- C:\Program Files
2014-02-13 18:39:40 ----SHD---- C:\System Volume Information
2014-02-13 18:29:49 ----D---- C:\Program Files\Mozilla Firefox
2014-02-13 16:54:32 ----D---- C:\WINDOWS\Logs
2014-02-13 16:54:00 ----D---- C:\Program Files\CCleaner
2014-02-13 15:52:01 ----SD---- C:\WINDOWS\Tasks
2014-02-13 15:51:57 ----D---- C:\WINDOWS\system32\DirectX
2014-02-11 18:24:35 ----D---- C:\Qoobox
2014-02-11 18:22:58 ----A---- C:\WINDOWS\system.ini
2014-02-11 18:21:36 ----D---- C:\Program Files\Common Files
2014-02-11 15:25:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2014-02-11 15:12:27 ----D---- C:\WINDOWS\pss
2014-01-18 19:24:00 ----RSD---- C:\WINDOWS\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-09-04 21035]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-04-05 281760]
R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2006-11-15 38144]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-04-05 25888]
R3 AR9271;Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw.sys [2011-07-28 1763584]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2012-07-28 6646784]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-11-01 4620288]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-09-26 47360]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-11-22 250496]
S2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501); C:\WINDOWS\system32\DRIVERS\adusbmdm65.sys [2005-05-02 64896]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501); C:\WINDOWS\system32\DRIVERS\adusbser65.sys [2005-05-02 64896]
S3 atxpnv61;atxpnv61; C:\WINDOWS\system32\drivers\atxpnv61.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\system32\drivers\CDANT.SYS []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Everest Ultimate WAR\kerneld.wnt []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-14 163584]
S3 rtl8185;Realtek RTL8185 54M Wireless LAN Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\rtl8185.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2012-07-28 643072]
R2 C-DillaSrv;C-DillaSrv; C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE [2008-03-17 46080]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-04-01 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2013-03-19 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-12-19 272024]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-09 136176]
S2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-26 251248]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 DfSdkS;Defragmentation-Service; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe [2009-08-24 406016]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-10 654848]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-09 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-09-06 235216]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-03-16 407336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

Ten soubor tam je pořád f7d033c721d41cb10fc4a4adbd75874d.exe . Když pouštím OTM z normálního stavu, hodí se PC do modré smrti a musím restartovat. Tak jsem ho pouštěl z nouzáku.

Tak ještě jeden Avenger

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\32-bit.exe" deleted successfully.
File "C:\Documents and Settings\Administrator\Data aplikací\System.exe.tmp" deleted successfully.
File "C:\Documents and Settings\Administrator\Data aplikací\32-bit.exe.tmp" deleted successfully.
File "C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\f7d033c721d41cb10fc4a4adbd75874d.exe" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list|C:\WINDOWS\32-bit.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Vypadá to, že jsi ho sejmul.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2014-02-16 16:17:45
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 54 GB (54%) free of 100 GB
Total RAM: 2046 MB (71% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll [2013-09-06 95648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-04-01 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-04-01 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-04-01 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-31 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\JMRaidSetup.exe [2006-11-17 1953792]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-07-27 98304]
"f7d033c721d41cb10fc4a4adbd75874d"=C:\WINDOWS\32-bit.exe .. []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-17 490952]
"Steam"=C:\Program Files\Steam\Steam.exe [2014-02-11 1824000]
"Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2013-03-14 3093624]
"RGSC"=E:\Games\GTA_IV\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"f7d033c721d41cb10fc4a4adbd75874d"=C:\WINDOWS\32-bit.exe .. []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2012-07-28 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\Games\CoD_4\iw3mp.exe"="E:\Games\CoD_4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"E:\Games\AoE_III\age3x.exe"="E:\Games\AoE_III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"E:\Games\AoE_III\age3y.exe"="E:\Games\AoE_III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties"
"E:\Games\Supreme_commander\Supreme Commander\bin\SupremeCommander.exe"="E:\Games\Supreme_commander\Supreme Commander\bin\SupremeCommander.exe:*:Enabled:Supreme Commander"
"E:\Games\Empire_Earth_III\EE3.exe"="E:\Games\Empire_Earth_III\EE3.exe:*:Enabled:Empire Earth III"
"E:\Games\Zoo_tycoon_2\zt.exe"="E:\Games\Zoo_tycoon_2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"E:\Games\Mass Effect\Binaries\MassEffect.exe"="E:\Games\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
"E:\Games\Mass Effect\MassEffectLauncher.exe"="E:\Games\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"E:\Games\CoD_5\CoDWaWmp.exe"="E:\Games\CoD_5\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"E:\Games\CoD_5\CoDWaW.exe"="E:\Games\CoD_5\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"E:\Games\Settlers_6\base\bin\Settlers6.exe"="E:\Games\Settlers_6\base\bin\Settlers6.exe:*:Enabled:THE SETTLERS - Rise of an Empire"
"E:\Games\Settlers_6\extra1\bin\Settlers6.exe"="E:\Games\Settlers_6\extra1\bin\Settlers6.exe:*:Enabled:THE SETTLERS - Rise of an Empire - The Eastern Realm"
"E:\Games\Dungeon_Siege_II\DungeonSiege2.exe"="E:\Games\Dungeon_Siege_II\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable"
"C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe"="C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio"
"C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program"
"C:\Program Files\CyberLink\PowerDirector Express\PDX.exe"="C:\Program Files\CyberLink\PowerDirector Express\PDX.exe:*:Enabled:CyberLink PowerDirector Express"
"E:\Games\Settlers_7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe"="E:\Games\Settlers_7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe:*:Enabled:The Settlers 7 - Paths to a Kingdom"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"E:\Games\MoH_Airborne\UnrealEngine3\Binaries\MOHA.exe"="E:\Games\MoH_Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"E:\Games\Zatazeno_obcas_trakare\Zataženo, občas trakaře\JadeEngine_Final.exe"="E:\Games\Zatazeno_obcas_trakare\Zataženo, občas trakaře\JadeEngine_Final.exe:*:Enabled:Zataženo, občas trakaře"
"E:\Games\Borderlands 2\Binaries\Win32\Borderlands2.exe"="E:\Games\Borderlands 2\Binaries\Win32\Borderlands2.exe:*:Enabled:Borderlands 2"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"E:\Games\World_of_Tanks\WorldOfTanks.exe"="E:\Games\World_of_Tanks\WorldOfTanks.exe:*:Enabled:World of Tanks"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"E:\Games\Crysis\Bin32\Crysis.exe"="E:\Games\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"E:\Games\Crysis\Bin32\CrysisDedicatedServer.exe"="E:\Games\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"E:\Games\Avatar\bin\Avatar.exe"="E:\Games\Avatar\bin\Avatar.exe:*:Enabled:James Cameron's AVATAR(tm): THE GAME"
"E:\Games\Avatar\bin\AvatarLauncher.exe"="E:\Games\Avatar\bin\AvatarLauncher.exe:*:Enabled:Updater"
"E:\Games\GTA_IV\Rockstar Games Social Club\RGSCLauncher.exe"="E:\Games\GTA_IV\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"D:\LOTR_II\game.dat"="D:\LOTR_II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"E:\Games\Mass Effect 2\Binaries\MassEffect2.exe"="E:\Games\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Hra"
"E:\Games\Mass Effect 2\MassEffect2Launcher.exe"="E:\Games\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Spustit"
"E:\Games\TmNationsForever\TmForever.exe"="E:\Games\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"D:\SteamLibrary\SteamApps\common\CookServeDelicious\CSDSteamBuild.exe"="D:\SteamLibrary\SteamApps\common\CookServeDelicious\CSDSteamBuild.exe:*:Enabled:Cook, Serve, Delicious!"
"E:\Games\World_of_Tanks\WOTLauncher.exe"="E:\Games\World_of_Tanks\WOTLauncher.exe:*:Enabled:World of Tanks Launcher"
"C:\Program Files\Techland\Call of Juarez\CoJ.exe"="C:\Program Files\Techland\Call of Juarez\CoJ.exe:*:Enabled:The Call of Juarez"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Administrator\Data aplikací\System.exe"="C:\Documents and Settings\Administrator\Data aplikací\System.exe:*:Enabled:System.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\32Bit.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\32Bit.exe:*:Enabled:32Bit.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\FaceBookHacker.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\FaceBookHacker.exe:*:Enabled:FaceBookHacker.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\32-Bit.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\32-Bit.exe:*:Enabled:32-Bit.exe"
"C:\Documents and Settings\Administrator\Data aplikací\32-bit.exe"="C:\Documents and Settings\Administrator\Data aplikací\32-bit.exe:*:Enabled:32-bit.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.scr - open - C:\WINDOWS\NOTEPAD.EXE "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2014-02-16 16:10:01 ----A---- C:\avenger.txt
2014-02-16 14:58:14 ----A---- C:\WINDOWS\ntbtlog.txt
2014-02-16 10:31:04 ----D---- C:\_OTM
2014-02-16 10:08:21 ----N---- C:\WINDOWS\system32\smtpapi.dll
2014-02-16 10:08:21 ----N---- C:\WINDOWS\system32\rwnh.dll
2014-02-16 10:08:14 ----N---- C:\WINDOWS\system32\aaclient.dll
2014-02-16 10:08:13 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2014-02-16 10:08:13 ----N---- C:\WINDOWS\system32\azroles.dll
2014-02-16 10:08:12 ----N---- C:\WINDOWS\system32\dot3svc.dll
2014-02-16 10:08:12 ----N---- C:\WINDOWS\system32\dot3msm.dll
2014-02-16 10:08:12 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2014-02-16 10:08:12 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2014-02-16 10:08:12 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2014-02-16 10:08:12 ----N---- C:\WINDOWS\system32\dot3api.dll
2014-02-16 10:08:12 ----N---- C:\WINDOWS\system32\dimsroam.dll
2014-02-16 10:08:12 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2014-02-16 10:08:12 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2014-02-16 10:08:12 ----N---- C:\WINDOWS\system32\credssp.dll
2014-02-16 10:08:11 ----N---- C:\WINDOWS\system32\eapsvc.dll
2014-02-16 10:08:11 ----N---- C:\WINDOWS\system32\eapqec.dll
2014-02-16 10:08:11 ----N---- C:\WINDOWS\system32\eappprxy.dll
2014-02-16 10:08:11 ----N---- C:\WINDOWS\system32\eapphost.dll
2014-02-16 10:08:11 ----N---- C:\WINDOWS\system32\eappgnui.dll
2014-02-16 10:08:11 ----N---- C:\WINDOWS\system32\eappcfg.dll
2014-02-16 10:08:11 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2014-02-16 10:08:11 ----N---- C:\WINDOWS\system32\eapolqec.dll
2014-02-16 10:08:11 ----N---- C:\WINDOWS\system32\dot3ui.dll
2014-02-16 10:08:09 ----N---- C:\WINDOWS\system32\kbdpash.dll
2014-02-16 10:08:09 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2014-02-16 10:08:09 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2014-02-16 10:08:09 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2014-02-16 10:08:08 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2014-02-16 10:08:08 ----N---- C:\WINDOWS\system32\kmsvc.dll
2014-02-16 10:08:07 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2014-02-16 10:08:07 ----N---- C:\WINDOWS\system32\mssha.dll
2014-02-16 10:08:07 ----N---- C:\WINDOWS\system32\mmcperf.exe
2014-02-16 10:08:07 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2014-02-16 10:08:07 ----N---- C:\WINDOWS\system32\mmcex.dll
2014-02-16 10:08:07 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2014-02-16 10:08:06 ----N---- C:\WINDOWS\system32\onex.dll
2014-02-16 10:08:06 ----N---- C:\WINDOWS\system32\napstat.exe
2014-02-16 10:08:06 ----N---- C:\WINDOWS\system32\napmontr.dll
2014-02-16 10:08:06 ----N---- C:\WINDOWS\system32\napipsec.dll
2014-02-16 10:08:05 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2014-02-16 10:08:05 ----N---- C:\WINDOWS\system32\rasqec.dll
2014-02-16 10:08:05 ----N---- C:\WINDOWS\system32\qutil.dll
2014-02-16 10:08:05 ----N---- C:\WINDOWS\system32\qcliprov.dll
2014-02-16 10:08:05 ----N---- C:\WINDOWS\system32\qagentrt.dll
2014-02-16 10:08:05 ----N---- C:\WINDOWS\system32\qagent.dll
2014-02-16 10:08:04 ----N---- C:\WINDOWS\system32\setupn.exe
2014-02-16 10:08:01 ----N---- C:\WINDOWS\system32\tspkg.dll
2014-02-16 10:08:01 ----N---- C:\WINDOWS\system32\tsgqec.dll
2014-02-16 10:08:00 ----N---- C:\WINDOWS\system32\wlanapi.dll
2014-02-16 10:07:58 ----D---- C:\WINDOWS\system32\cs-cz
2014-02-16 10:07:57 ----D---- C:\WINDOWS\system32\cs
2014-02-16 10:07:57 ----D---- C:\WINDOWS\l2schemas
2014-02-16 10:07:56 ----D---- C:\WINDOWS\system32\bits
2014-02-16 10:01:34 ----D---- C:\WINDOWS\network diagnostic
2014-02-16 08:24:53 ----D---- C:\Avenger
2014-02-15 18:26:18 ----SHD---- C:\RECYCLER
2014-02-15 16:22:18 ----D---- C:\WINDOWS\Temp
2014-02-15 16:22:18 ----A---- C:\WINDOWS\zoek-delete.exe
2014-02-15 16:22:01 ----D---- C:\Program Files\HiJackThis
2014-02-15 16:10:28 ----D---- C:\zoek_backup
2014-02-13 18:28:51 ----D---- C:\AdwCleaner
2014-02-13 18:18:49 ----D---- C:\WINDOWS\ERUNT
2014-02-13 17:49:09 ----A---- C:\TDSSKiller.3.0.0.23_13.02.2014_17.49.09_log.txt
2014-02-13 17:48:42 ----A---- C:\TDSSKiller.2.8.16.0_13.02.2014_17.48.42_log.txt
2014-02-13 17:04:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-02-13 17:04:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2014-02-11 18:24:33 ----A---- C:\ComboFix.txt
2014-01-18 19:25:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\TrackMania

======List of files/folders modified in the last 1 months======

2014-02-16 16:17:46 ----D---- C:\Program Files\trend micro
2014-02-16 16:12:39 ----D---- C:\WINDOWS\system32\CatRoot2
2014-02-16 16:12:19 ----D---- C:\Program Files\Steam
2014-02-16 16:10:01 ----D---- C:\WINDOWS
2014-02-16 16:08:58 ----D---- C:\WINDOWS\system32\drivers
2014-02-16 14:40:02 ----SHD---- C:\WINDOWS\CSC
2014-02-16 10:48:31 ----D---- C:\WINDOWS\Minidump
2014-02-16 10:48:31 ----D---- C:\WINDOWS\Debug
2014-02-16 10:47:38 ----D---- C:\WINDOWS\system32
2014-02-16 10:47:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-16 10:24:05 ----SHD---- C:\WINDOWS\Installer
2014-02-16 10:24:05 ----D---- C:\Config.Msi
2014-02-16 10:18:21 ----D---- C:\WINDOWS\system32\Setup
2014-02-16 10:18:21 ----D---- C:\WINDOWS\AppPatch
2014-02-16 10:18:20 ----RSD---- C:\WINDOWS\Fonts
2014-02-16 10:18:20 ----D---- C:\WINDOWS\system32\wbem
2014-02-16 10:17:04 ----D---- C:\WINDOWS\security
2014-02-16 10:10:38 ----HD---- C:\WINDOWS\inf
2014-02-16 10:10:30 ----D---- C:\WINDOWS\system32\CatRoot
2014-02-16 10:08:33 ----D---- C:\WINDOWS\WinSxS
2014-02-16 10:08:28 ----D---- C:\Program Files\Messenger
2014-02-16 10:08:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-02-16 10:08:22 ----D---- C:\WINDOWS\EHome
2014-02-16 10:08:21 ----D---- C:\WINDOWS\system32\inetsrv
2014-02-16 10:08:20 ----D---- C:\WINDOWS\ime
2014-02-16 10:08:20 ----D---- C:\WINDOWS\Help
2014-02-16 10:07:58 ----D---- C:\WINDOWS\system32\usmt
2014-02-16 10:07:57 ----D---- C:\Program Files\Internet Explorer
2014-02-16 10:07:56 ----D---- C:\WINDOWS\peernet
2014-02-16 10:07:56 ----D---- C:\Program Files\Movie Maker
2014-02-16 10:04:10 ----D---- C:\WINDOWS\system32\Restore
2014-02-16 10:04:10 ----D---- C:\WINDOWS\system32\npp
2014-02-16 10:04:09 ----D---- C:\WINDOWS\msagent
2014-02-16 10:04:06 ----D---- C:\WINDOWS\srchasst
2014-02-16 10:04:05 ----D---- C:\Program Files\NetMeeting
2014-02-16 10:04:04 ----D---- C:\WINDOWS\system32\Com
2014-02-16 10:04:00 ----D---- C:\Program Files\Windows Media Player
2014-02-16 10:03:59 ----D---- C:\Program Files\Windows NT
2014-02-16 10:03:59 ----D---- C:\Program Files\Outlook Express
2014-02-16 10:03:53 ----D---- C:\Program Files\Common Files\System
2014-02-16 10:03:31 ----D---- C:\WINDOWS\system32\oobe
2014-02-16 10:03:29 ----D---- C:\WINDOWS\system
2014-02-16 10:00:11 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2014-02-16 08:24:53 ----RD---- C:\Program Files
2014-02-13 18:39:40 ----SHD---- C:\System Volume Information
2014-02-13 18:29:49 ----D---- C:\Program Files\Mozilla Firefox
2014-02-13 16:54:32 ----D---- C:\WINDOWS\Logs
2014-02-13 16:54:00 ----D---- C:\Program Files\CCleaner
2014-02-13 15:52:01 ----SD---- C:\WINDOWS\Tasks
2014-02-13 15:51:57 ----D---- C:\WINDOWS\system32\DirectX
2014-02-11 18:24:35 ----D---- C:\Qoobox
2014-02-11 18:22:58 ----A---- C:\WINDOWS\system.ini
2014-02-11 18:21:36 ----D---- C:\Program Files\Common Files
2014-02-11 15:25:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2014-02-11 15:12:27 ----D---- C:\WINDOWS\pss
2014-01-18 19:24:00 ----RSD---- C:\WINDOWS\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-09-04 21035]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-04-05 281760]
R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2006-11-15 38144]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-04-05 25888]
R3 AR9271;Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw.sys [2011-07-28 1763584]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2012-07-28 6646784]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-11-01 4620288]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-09-26 47360]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-11-22 250496]
S2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501); C:\WINDOWS\system32\DRIVERS\adusbmdm65.sys [2005-05-02 64896]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501); C:\WINDOWS\system32\DRIVERS\adusbser65.sys [2005-05-02 64896]
S3 at9p9vkt;at9p9vkt; C:\WINDOWS\system32\drivers\at9p9vkt.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\system32\drivers\CDANT.SYS []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Everest Ultimate WAR\kerneld.wnt []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-14 163584]
S3 rtl8185;Realtek RTL8185 54M Wireless LAN Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\rtl8185.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2012-07-28 643072]
R2 C-DillaSrv;C-DillaSrv; C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE [2008-03-17 46080]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-04-01 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2013-03-19 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-12-19 272024]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-09 136176]
S2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-26 251248]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 DfSdkS;Defragmentation-Service; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe [2009-08-24 406016]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-10 654848]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-09 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-09-06 235216]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-03-16 407336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

Tak honem ještě opravit registry

Script OTM a znovu restart + RSIT

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 1538 bytes
->Temporary Internet Files folder emptied: 114489 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6762757 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jan Kubesa
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Simca

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7,00 mb

========== FILES ==========
\_OTM\MovedFiles\02162014_103104\C_Documents and Settings\Administrator\Data aplikací\32-bit.exe moved successfully.
\_OTM\MovedFiles\02162014_164940\_OTM\MovedFiles\02162014_103104\C_Documents and Settings\Administrator\Data aplikací\32-bit.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\f7d033c721d41cb10fc4a4adbd75874d deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\f7d033c721d41cb10fc4a4adbd75874d deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\Administrator\Data aplikací\System.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\Administrator\Local Settings\Temp\32Bit.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\Administrator\Local Settings\Temp\FaceBookHacker.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\Administrator\Local Settings\Temp\32-Bit.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\Administrator\Data aplikací\32-bit.exe deleted successfully.

OTM by OldTimer - Version 3.1.21.0 log created on 02162014_164940

Files moved on Reboot...

Registry entries deleted on Reboot...