VIRY.CZ

Dobrý den.

Rsit:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Jana at 2011-07-16 20:13:05
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (11%) free of 30 GB
Total RAM: 1023 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:13:32, on 16.7.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\USB TV\EM28XX\BDARemote.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Jana\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Jana.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BDARemote.lnk = ?
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E8A8EF4-568B-4009-A3C7-1CC0BEC404F8}: NameServer = 156.154.70.25,156.154.71.25
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5523 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Norton Security Scan for Jana.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.facebook.com/"
prefs.js - "extensions.enabledItems" - "{800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9, {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1, DTToolbar@toolbarnet.com:1.1.7.0190, toolbar@ask.com:3.12.2.16749, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
NPOFFICE.DLL
nppdf32.dll
npwachk.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\
askcom.xml
daemon-search.xml
facebook.xml
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.xml
winamp-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-10-28 7307264]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-10-28 86016]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-07-12 74752]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-06-21 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-06-21 126976]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2011-06-30 2554696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-04-18 17095048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
C:\Program Files\Atheros\ACU.exe [2007-10-23 376921]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2006-10-30 16269312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-25 786521]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 2]
C:\Program Files\Wireless Console 2\wcourier.exe [2007-07-05 1040384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe [2007-05-22 2756608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jana^Nabídka Start^Programy^Po spuštění^CCC.lnk]
C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-S~1\CCC.exe [2006-09-29 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TOSHIBA Bluetooth Service"=2
"NMIndexingService"=3
"LightScribeService"=2
"Ati HotKey Poller"=2
"ACS"=2

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
BDARemote.lnk - C:\Program Files\USB TV\EM28XX\BDARemote.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-02-02 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-06-21 348160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=serwvdrv.dll
"wave2"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2016-09-09 19:17:30 ----A---- C:\WINDOWS\system32\nms32.dll
2016-09-09 19:17:30 ----A---- C:\WINDOWS\system32\imon.dll
2016-09-09 19:17:30 ----A---- C:\WINDOWS\system32\drivers\amon.sys
2016-09-09 19:16:54 ----D---- C:\Program Files\ESET
2011-07-16 20:13:04 ----D---- C:\rsit
2011-07-16 19:52:21 ----D---- C:\Documents and Settings\Jana\Data aplikací\Malwarebytes
2011-07-16 19:52:15 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-07-16 19:52:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-07-16 19:52:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-07-16 19:52:10 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-07-16 19:48:48 ----D---- C:\Program Files\COMODO
2011-07-16 19:48:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\Comodo
2011-07-16 19:47:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\Comodo Downloader
2011-07-16 19:41:05 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-07-16 19:41:05 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-07-16 19:41:03 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-07-16 19:41:02 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-07-16 19:41:02 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-07-16 19:41:01 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-07-16 19:41:01 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-07-16 19:41:00 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-07-16 19:40:37 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-07-16 19:40:37 ----A---- C:\WINDOWS\avastSS.scr
2011-07-16 19:40:21 ----D---- C:\Program Files\AVAST Software
2011-07-16 19:40:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2011-07-16 18:48:16 ----RAS---- C:\boot.ini
2011-07-16 18:45:59 ----ASH---- C:\pagefile.sys
2011-07-16 18:29:50 ----D---- C:\Program Files\CCleaner
2011-07-16 18:26:00 ----SHD---- C:\RECYCLER
2011-07-16 18:24:46 ----D---- C:\WINDOWS\temp
2011-07-16 18:15:21 ----A---- C:\Boot.bak
2011-07-16 18:15:16 ----RASHD---- C:\cmdcons
2011-07-16 18:13:42 ----D---- C:\WINDOWS\ERDNT
2011-07-16 18:01:58 ----A---- C:\WINDOWS\IE4 Error Log.txt
2011-07-16 18:01:43 ----A---- C:\WINDOWS\Farm Frenzy 3 Uninstall Log.txt
2011-07-16 17:51:02 ----D---- C:\Program Files\VirusTotalUploader2
2011-07-16 17:35:17 ----D---- C:\Program Files\trend micro
2011-07-06 14:30:19 ----RD---- C:\MSOCache
2011-06-30 09:38:16 ----A---- C:\WINDOWS\system32\drivers\inspect.sys
2011-06-30 09:38:14 ----A---- C:\WINDOWS\system32\drivers\cmdhlp.sys
2011-06-30 09:38:14 ----A---- C:\WINDOWS\system32\drivers\cmdGuard.sys
2011-06-30 09:38:12 ----A---- C:\WINDOWS\system32\drivers\cmderd.sys
2011-06-30 09:37:26 ----A---- C:\WINDOWS\system32\guard32.dll
2011-06-20 07:34:09 ----D---- C:\Program Files\Common Files\Adobe
2011-06-20 07:34:09 ----D---- C:\Program Files\Adobe
2011-06-19 18:50:36 ----D---- C:\WINDOWS\system32\appmgmt

======List of files/folders modified in the last 1 month======

2011-07-16 20:03:15 ----D---- C:\Documents and Settings\Jana\Data aplikací\Skype
2011-07-16 20:02:23 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-16 19:59:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-16 19:52:15 ----D---- C:\WINDOWS\system32\drivers
2011-07-16 19:52:10 ----RD---- C:\Program Files
2011-07-16 19:51:09 ----SHD---- C:\WINDOWS\Installer
2011-07-16 19:48:51 ----D---- C:\WINDOWS\system32
2011-07-16 19:45:49 ----D---- C:\WINDOWS
2011-07-16 19:40:54 ----D---- C:\WINDOWS\WinSxS
2011-07-16 19:40:53 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-07-16 19:37:12 ----HD---- C:\WINDOWS\inf
2011-07-16 18:30:03 ----D---- C:\WINDOWS\Prefetch
2011-07-16 18:22:33 ----A---- C:\WINDOWS\system.ini
2011-07-16 18:19:31 ----D---- C:\WINDOWS\AppPatch
2011-07-16 18:19:26 ----D---- C:\Program Files\Common Files
2011-07-16 18:13:54 ----SHD---- C:\System Volume Information
2011-07-16 18:13:54 ----D---- C:\WINDOWS\system32\Restore
2011-07-16 18:02:10 ----D---- C:\Program Files\Farm Frenzy 3
2011-07-16 17:51:22 ----SD---- C:\WINDOWS\Tasks
2011-07-16 17:42:33 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-07-16 14:12:02 ----A---- C:\WINDOWS\NeroDigital.ini
2011-07-04 10:20:10 ----D---- C:\Program Files\ICQ7.5
2011-06-25 20:51:45 ----D---- C:\Documents and Settings\Jana\Data aplikací\ICQ
2011-06-24 13:05:13 ----D---- C:\Program Files\Mozilla Firefox
2011-06-23 12:29:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-06-21 17:23:32 ----D---- C:\WINDOWS\Help
2011-06-20 07:37:42 ----D---- C:\Documents and Settings\Jana\Data aplikací\Adobe
2011-06-20 07:34:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-06-19 18:52:04 ----D---- C:\Program Files\Counter-Strike Source
2011-06-19 18:50:12 ----D---- C:\Program Files\Winamp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2011-06-30 97504]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-08-03 691696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-07-04 30808]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-07-04 441176]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-07-04 43608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2011-06-30 242600]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2011-06-30 29400]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-05-24 64000]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-07-04 102616]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-01-08 812416]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-10-28 3532000]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\System32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 WSIMD;wsimd Service; C:\WINDOWS\System32\DRIVERS\wsimd.sys [2007-07-03 57344]
S2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
S3 aalol8sp;aalol8sp; C:\WINDOWS\system32\drivers\aalol8sp.sys []
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\System32\DRIVERS\ar5211.sys [2007-10-26 549184]
S3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\WINDOWS\System32\DRIVERS\l251x86.sys [2007-08-21 30208]
S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2007-02-02 1975296]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-21 807998]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-03 4394496]
S3 mbr;mbr; \??\C:\DOCUME~1\Jana\LOCALS~1\Temp\mbr.sys []
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ATKACPI.sys [2007-08-24 5760]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 RTSTOR;USB Mass Stroage Device; C:\WINDOWS\system32\drivers\RTSTOR.SYS [2006-06-10 27520]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-11-22 982272]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [2007-10-01 1769984]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2006-05-25 193088]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\System32\DRIVERS\tosrfbd.sys [2007-04-24 113920]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\System32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\DRIVERS\tosrfusb.sys [2007-06-11 41856]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2008-11-11 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2008-11-11 19968]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2008-11-11 24832]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2011-06-30 1793712]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-10-28 131139]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 ACS;Konfigurační služba Atheros; C:\WINDOWS\System32\acs.exe [2007-10-23 364629]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2007-02-02 446464]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S4 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 125048]

-----------------EOF-----------------

Na test.bezpečnosti mi to píše toto riziko na portu 2000:
-vzdálený přístup, sleduje stisknuté klávesy, sleduje komunikaci ICQ a AIM, odchytáva hesla, stahuje další trojské koně, vytváří další trojské koně Aktivní

Nejde mi aktualizovat mbam - vždy to píše, že je již aktuální. Log je bez nálezu nákazy.

Dále log z mbr:
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600JB-98REA0 rev.20.00K20 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86F6B1F8]<<
1 nt!IofCallDriver[0x804E19BC] -> \Device\Harddisk0\DR0[0x86ECBAB8]
3 CLASSPNP[0xF766F05B] -> nt!IofCallDriver[0x804E19BC] -> \Device\00000062[0x86F1F828]
5 ACPI[0xF74DA620] -> nt!IofCallDriver[0x804E19BC] -> \Device\Ide\IdeDeviceP0T0L0-3[0x86FA9940]
\Driver\atapi[0x86F1C5C8] -> IRP_MJ_CREATE -> 0x86F6B1F8
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi -> 0x86f6b1f8
user & kernel MBR OK
Warning: possible MBR rootkit infection !

Gmer:
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-07-16 20:20:34
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600JB-98REA0 rev.20.00K20
Running: 2k918nl1.exe; Driver: C:\DOCUME~1\Jana\LOCALS~1\Temp\pfxyipod.sys

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF58BABF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF58BAA5D]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF593A398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 86F6B1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 86F6B1F8
Device \Driver\atapi \Device\Ide\IdePort1 86F6B1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 86F6B1F8
Device \Driver\aalol8sp \Device\Scsi\aalol8sp1 86C95500
Device \Driver\aalol8sp \Device\Scsi\aalol8sp1Port2Path0Target1Lun0 86C95500
Device \Driver\aalol8sp \Device\Scsi\aalol8sp1Port2Path0Target0Lun0 86C95500
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 86F6A1F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

Děkuji za radu.

Zdravim a pekny vecer preji

Stahnete SPTD http://www.duplexsecure.com/en/downloads

Vyberte z uvedene stranky verzi dle sveho operacniho systemu (32(x86)bit ci 64(x64)bit)
Ulozte na plochu a spustte
Zvolte moznost Uninstall a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete Defogger http://www.jpshortstuff.247fixes.com/Defogger.exe

Ulozte na plochu a spustte
Kliknete na Disable a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe ale nespoustejte

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
"%userprofile%\plocha\mbr" -t -s
```
Kliknete na OK
Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte

Zdravím.

1. SPTD našlo starý ovladač - unistall
2. Deffoger - SPTD -> Already disabled
3.Mbr:
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600JB-98REA0 rev.20.00K20 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
1 nt!IofCallDriver[0x804E19BC] -> \Device\Harddisk0\DR0[0x86F91AB8]
3 CLASSPNP[0xF766F05B] -> nt!IofCallDriver[0x804E19BC] -> \Device\00000062[0x86F5EF18]
5 ACPI[0xF75E5620] -> nt!IofCallDriver[0x804E19BC] -> \Device\Ide\IdeDeviceP0T0L0-3[0x86F60940]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user & kernel MBR OK

Takze mbr virus tam nemate - to falesne hlaseni zpusoboval ovladac sptd.sys (coz je ovladac virtualnich mechani - deamon, alcohol apod) - chova se podobne jako mbr rootkit ale neni rootkitem. Proto je potreba tyto utility spoustet pouze na doporuceni, jinak dochazi k podobnym problemum.

Presto tam neco malo mate, takze na to mrknem poradne

Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

Stahnete OTL (viz muj podpis) a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

Otl.txt:
OTL logfile created on: 17.7.2011 10:48:27 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Jana\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1023,48 Mb Total Physical Memory | 553,77 Mb Available Physical Memory | 54,11% Memory free
2,90 Gb Paging File | 2,53 Gb Available in Paging File | 87,28% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 3,31 Gb Free Space | 11,30% Space Free | Partition Type: NTFS
Drive D: | 100,21 Gb Total Space | 22,89 Gb Free Space | 22,84% Space Free | Partition Type: NTFS
Drive E: | 7,79 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: JDIFHE-NOTEBOOK | User Name: Jana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2011.07.17 10:45:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jana\Plocha\OTL.exe
PRC - [2011.07.04 13:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011.07.04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.06.30 09:37:28 | 001,793,712 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011.06.30 09:37:06 | 002,554,696 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011.06.24 13:04:44 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.07.12 18:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2007.06.26 12:22:42 | 000,081,997 | ---- | M] () -- C:\Program Files\USB TV\EM28XX\BDARemote.exe
PRC - [2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011.07.17 10:45:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jana\Plocha\OTL.exe
MOD - [2011.07.04 13:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2011.06.30 09:37:26 | 000,285,256 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2004.08.17 15:48:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011.07.04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.06.30 09:37:28 | 001,793,712 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2007.10.23 19:35:40 | 000,364,629 | ---- | M] (Atheros) [Disabled | Stopped] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2007.02.25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)

========== Driver Services (SafeList) ==========

DRV - [2016.09.09 19:16:56 | 000,300,048 | ---- | M] (Eset) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)
DRV - [2011.07.04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.07.04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.07.04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.07.04 13:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011.07.04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.07.04 13:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.07.04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.06.30 09:38:16 | 000,097,504 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011.06.30 09:38:14 | 000,242,600 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011.06.30 09:38:14 | 000,029,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2008.11.11 14:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008.11.11 14:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008.11.11 14:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007.10.26 02:20:36 | 000,549,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007.10.01 08:59:46 | 001,769,984 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007.08.24 05:46:48 | 000,005,760 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2007.08.21 10:50:54 | 000,030,208 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002)
DRV - [2007.07.03 19:46:24 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007.06.11 14:25:28 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007.05.24 14:27:30 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007.04.24 13:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007.03.01 16:53:10 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007.02.02 09:03:24 | 001,975,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.11.22 11:35:00 | 000,982,272 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.20 17:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006.11.03 03:32:30 | 004,394,496 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.10.10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005.01.06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004.08.04 00:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1060284298-57989841-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-1060284298-57989841-839522115-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1060284298-57989841-839522115-1003\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-1060284298-57989841-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/sli ... ie7&query="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.7.0190
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.16749

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.07.16 19:40:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.24 13:04:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.20 09:41:19 | 000,000,000 | ---D | M]

[2010.02.10 17:40:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Extensions
[2011.07.16 17:48:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\extensions
[2011.07.16 10:03:59 | 000,002,396 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\askcom.xml
[2010.08.03 19:03:43 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\daemon-search.xml
[2011.07.12 09:21:15 | 000,001,018 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\facebook.xml
[2011.07.12 09:21:15 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-1.xml
[2011.03.06 10:52:27 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-10.xml
[2011.03.26 09:45:52 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-11.xml
[2011.03.31 20:38:33 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-12.xml
[2011.05.02 18:27:12 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-13.xml
[2011.06.24 13:05:14 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-14.xml
[2011.06.25 08:43:49 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-15.xml
[2010.02.13 16:26:07 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-2.xml
[2010.02.19 20:08:38 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-3.xml
[2010.03.11 21:40:59 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-4.xml
[2010.03.26 21:08:08 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-5.xml
[2010.04.03 10:32:53 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-6.xml
[2010.07.28 18:24:32 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-7.xml
[2010.08.03 20:35:34 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-8.xml
[2011.03.04 15:50:29 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-9.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin.xml
[2004.06.01 02:06:48 | 000,001,246 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\winamp-search.xml
[2010.08.25 14:36:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.02.08 17:59:53 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
File not found (No name found) --
[2011.07.16 19:40:42 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011.06.24 13:04:44 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.06.20 09:41:15 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2011.06.20 09:41:15 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.01.04 16:47:55 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2011.06.20 09:41:15 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2011.06.20 09:41:15 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011.06.20 09:41:15 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2001.10.25 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1060284298-57989841-839522115-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1060284298-57989841-839522115-1003\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\BDARemote.lnk = C:\Program Files\USB TV\EM28XX\BDARemote.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-57989841-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1060284298-57989841-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1060284298-57989841-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1060284298-57989841-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.132.178.71
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Jana\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jana\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.09.08 17:17:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 7 Days ==========

[2016.09.09 19:17:30 | 000,300,048 | ---- | C] (Eset) -- C:\WINDOWS\System32\drivers\amon.sys
[2016.09.09 19:16:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.07.17 10:45:15 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jana\Plocha\OTL.exe
[2011.07.16 20:13:04 | 000,000,000 | ---D | C] -- C:\rsit
[2011.07.16 19:52:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jana\Data aplikací\Malwarebytes
[2011.07.16 19:52:15 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.07.16 19:52:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2011.07.16 19:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2011.07.16 19:52:10 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.07.16 19:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.07.16 19:49:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\COMODO
[2011.07.16 19:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011.07.16 19:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Comodo
[2011.07.16 19:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Comodo Downloader
[2011.07.16 19:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\avast! Free Antivirus
[2011.07.16 19:41:05 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011.07.16 19:41:05 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011.07.16 19:41:03 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011.07.16 19:41:02 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011.07.16 19:41:02 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011.07.16 19:41:01 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011.07.16 19:41:01 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011.07.16 19:41:00 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011.07.16 19:40:37 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011.07.16 19:40:37 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011.07.16 19:40:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011.07.16 19:40:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2011.07.16 18:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\CCleaner
[2011.07.16 18:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.07.16 18:27:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jana\Plocha\autoruns
[2011.07.16 18:26:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011.07.16 18:24:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011.07.16 18:15:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.07.16 18:13:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.07.16 18:13:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jana\Nabídka Start\Programy\Nástroje pro správu
[2011.07.16 17:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\VirusTotalUploader2
[2011.07.16 17:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jana\Nabídka Start\Programy\VirusTotal Uploader 2.0
[2011.07.16 17:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro

========== Files - Modified Within 7 Days ==========

[2016.09.09 19:17:33 | 000,000,442 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2016.09.09 19:16:56 | 000,300,048 | ---- | M] (Eset) -- C:\WINDOWS\System32\drivers\amon.sys
[2016.09.09 19:16:56 | 000,245,760 | ---- | M] () -- C:\WINDOWS\System32\imon.dll
[2016.09.09 19:16:56 | 000,114,688 | ---- | M] () -- C:\WINDOWS\System32\nms32.dll
[2011.07.17 10:45:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jana\Plocha\OTL.exe
[2011.07.17 10:42:50 | 000,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011.07.17 10:41:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.07.17 08:21:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jana\defogger_reenable
[2011.07.17 08:21:19 | 000,000,281 | R-S- | M] () -- C:\boot.ini
[2011.07.16 20:00:36 | 000,124,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.07.16 19:57:47 | 000,089,088 | ---- | M] () -- C:\Documents and Settings\Jana\Plocha\mbr.exe
[2011.07.16 19:52:15 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.07.16 19:49:41 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\COMODO Firewall.lnk
[2011.07.16 19:41:06 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2011.07.16 19:41:01 | 000,002,552 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011.07.16 19:17:38 | 002,142,396 | ---- | M] () -- C:\Documents and Settings\Jana\Dokumenty\AutoRuns.arn
[2011.07.16 18:39:46 | 000,000,958 | ---- | M] () -- C:\Documents and Settings\Jana\Dokumenty\bk2.reg
[2011.07.16 18:39:32 | 000,000,974 | ---- | M] () -- C:\Documents and Settings\Jana\Dokumenty\bk.reg
[2011.07.16 18:31:12 | 000,001,190 | ---- | M] () -- C:\Documents and Settings\Jana\Dokumenty\cc_20110716_183110.reg
[2011.07.16 18:30:40 | 000,085,158 | ---- | M] () -- C:\Documents and Settings\Jana\Dokumenty\cc_20110716_183035.reg
[2011.07.16 18:29:51 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
[2011.07.16 18:15:21 | 000,000,327 | RHS- | M] () -- C:\3
[2011.07.16 17:43:33 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Jana\Plocha\2k918nl1.exe
[2011.07.16 17:36:39 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\Jana\Plocha\Zástupce - Přidat nebo odebrat programy.lnk
[2011.07.16 17:26:30 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Jana.job
[2011.07.16 14:12:02 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.07.16 14:12:00 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Jana\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.16 10:02:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.07.13 13:56:13 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

========== Files Created - No Company Name ==========

[2016.09.09 19:17:33 | 000,000,442 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2016.09.09 19:17:30 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\imon.dll
[2016.09.09 19:17:30 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\nms32.dll
[2011.07.17 08:21:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jana\defogger_reenable
[2011.07.16 19:57:46 | 000,089,088 | ---- | C] () -- C:\Documents and Settings\Jana\Plocha\mbr.exe
[2011.07.16 19:52:15 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.07.16 19:49:41 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\COMODO Firewall.lnk
[2011.07.16 19:41:06 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2011.07.16 19:17:35 | 002,142,396 | ---- | C] () -- C:\Documents and Settings\Jana\Dokumenty\AutoRuns.arn
[2011.07.16 18:48:16 | 000,000,281 | R-S- | C] () -- C:\boot.ini
[2011.07.16 18:39:45 | 000,000,958 | ---- | C] () -- C:\Documents and Settings\Jana\Dokumenty\bk2.reg
[2011.07.16 18:39:32 | 000,000,974 | ---- | C] () -- C:\Documents and Settings\Jana\Dokumenty\bk.reg
[2011.07.16 18:31:11 | 000,001,190 | ---- | C] () -- C:\Documents and Settings\Jana\Dokumenty\cc_20110716_183110.reg
[2011.07.16 18:30:37 | 000,085,158 | ---- | C] () -- C:\Documents and Settings\Jana\Dokumenty\cc_20110716_183035.reg
[2011.07.16 18:29:51 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
[2011.07.16 18:15:21 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011.07.16 18:15:18 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2011.07.16 17:43:33 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Jana\Plocha\2k918nl1.exe
[2011.07.16 17:36:39 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\Jana\Plocha\Zástupce - Přidat nebo odebrat programy.lnk
[2011.06.01 10:12:33 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.01.31 22:51:33 | 000,319,488 | R--- | C] () -- C:\WINDOWS\System32\MafiaSetup.exe
[2010.12.24 23:09:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010.08.25 14:08:34 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.07.28 09:40:28 | 000,221,291 | ---- | C] () -- C:\WINDOWS\Imei_dll.dll
[2010.07.28 09:40:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\Sublock.dll
[2010.04.04 22:49:34 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo.dll
[2010.04.04 22:48:55 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010.03.28 17:36:45 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010.02.25 16:35:42 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\Jana\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.08 16:38:23 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010.02.08 16:38:23 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010.02.08 16:38:23 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010.02.08 16:37:34 | 000,069,090 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2010.02.08 16:20:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.02.07 19:39:02 | 000,086,016 | R--- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2010.02.07 19:33:05 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2010.02.07 19:33:04 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2010.02.07 19:33:03 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2010.02.07 19:33:03 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2010.02.07 19:33:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2010.02.07 19:33:02 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2010.02.07 19:33:02 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2010.02.07 19:33:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2010.02.07 19:30:40 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.09.09 00:39:15 | 000,004,265 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.09.09 00:38:09 | 000,124,520 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.09.08 18:32:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008.09.08 18:25:12 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2008.09.08 18:05:13 | 001,769,984 | R--- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008.09.08 18:05:13 | 000,028,160 | R--- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2008.09.08 17:56:43 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008.09.08 17:56:43 | 000,128,813 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008.09.08 17:56:06 | 000,005,760 | R--- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2008.09.08 17:19:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.09.08 17:15:11 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006.12.05 13:05:04 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.10.28 17:06:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005.10.28 17:06:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2005.10.28 17:06:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005.10.28 17:06:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2005.10.28 17:06:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005.10.28 17:06:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005.10.28 17:06:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005.10.28 17:06:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2005.10.28 17:06:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2005.10.28 17:06:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005.07.22 21:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004.08.02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003.03.21 14:37:56 | 000,016,056 | ---- | C] () -- C:\Program Files\owcstp16.dll1
[2002.09.20 18:19:36 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002.03.25 20:02:14 | 000,011,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001.10.25 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.10.25 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.10.25 14:00:00 | 000,395,336 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.10.25 14:00:00 | 000,393,192 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2001.10.25 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.10.25 14:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2001.10.25 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.10.25 14:00:00 | 000,070,106 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2001.10.25 14:00:00 | 000,059,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.10.25 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.10.25 14:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2001.10.25 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.10.25 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.10.25 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010.09.05 11:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AlawarWrapper
[2011.07.16 19:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2010.08.03 19:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2010.04.04 22:48:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DVD X Studios
[2010.03.12 23:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\FarmFrenzy3
[2011.06.05 19:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.09.28 14:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jana\Data aplikací\Ascaron Entertainment
[2010.08.03 19:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jana\Data aplikací\DAEMON Tools Lite
[2011.06.25 20:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jana\Data aplikací\ICQ
[2010.12.25 17:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jana\Data aplikací\LG Electronics
[2010.12.25 13:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jana\Data aplikací\My Games

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2011.04.18 17:30:48 | 017,095,048 | R--- | M] (Skype Technologies S.A.)

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.06.20 07:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jana\Data aplikací\Adobe
[2010.02.25 17:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jana\Data aplikací\Ahead
[2010.09.28 14:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jana\Data aplikací\Ascaron Entertainment
[2008.09.08 18:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jana\Data aplikací\ATI
[2010.02.22 21:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jana\Data aplikací\CyberLink
[2010.08.03 19:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jana\Data aplikací\DAEMON Tools Lite
[2011.06.25 20:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jana\Data aplikací\ICQ
[2008.09.08 17:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jana\Data aplikací\Identities
[2008.09.08 18:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jana\Data aplikací\InstallShield
[2010.12.25 17:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jana\Data aplikací\LG Electronics
[2010.02.08 18:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jana\Data aplikací\Macromedia
[2011.07.16 19:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jana\Data aplikací\Malwarebytes
[2011.06.07 15:51:37 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Jana\Data aplikací\Microsoft
[2010.02.10 17:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jana\Data aplikací\Mozilla
[2010.12.25 13:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jana\Data aplikací\My Games
[2011.07.17 10:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jana\Data aplikací\Skype
[2004.06.01 02:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jana\Data aplikací\Winamp
[2011.03.27 14:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jana\Data aplikací\WinRAR

< %APPDATA%\*.exe /s >
[2008.09.08 18:00:03 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{01FF2C26-DBCE-DADA-BEE5-0928E0F8F623}\ARPPRODUCTICON.exe
[2008.09.08 18:00:10 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{05F4ABAC-8697-2291-16D8-4BFD7DD78B59}\ARPPRODUCTICON.exe
[2008.09.08 17:59:50 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{07C85A90-668F-A807-5C67-975E0777A9E8}\ARPPRODUCTICON.exe
[2008.09.08 17:59:35 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{0EA06F05-4320-E4DC-4374-E6C0986C964D}\ARPPRODUCTICON.exe
[2008.09.08 17:59:47 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{137C5C08-8B6F-497A-1529-502359B3BA88}\ARPPRODUCTICON.exe
[2008.09.08 18:00:05 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{17EE76BB-5264-8946-DA8F-D564ED25EDDD}\ARPPRODUCTICON.exe
[2008.09.08 18:00:08 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{27599825-6BD9-1081-D1CC-0BFC01157204}\ARPPRODUCTICON.exe
[2008.09.08 17:59:51 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{2E13776F-DEAF-7C83-C2A9-3BF073D51BFD}\ARPPRODUCTICON.exe
[2008.09.08 17:59:45 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{3482A5D0-F16D-A6C9-397F-8D85EA61BF93}\ARPPRODUCTICON.exe
[2008.09.08 17:59:44 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{3C3CA756-9FB1-60D9-4435-6D9FEB42C637}\ARPPRODUCTICON.exe
[2008.09.08 17:59:53 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{3E4039F8-5DA8-0414-B7E1-8DA8C8FC1565}\ARPPRODUCTICON.exe
[2008.09.08 18:00:14 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{4A0FAC3C-852D-C0A3-1715-6F844C184CF0}\ARPPRODUCTICON.exe
[2008.09.08 18:00:07 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{4B29B49E-F274-58CE-25D2-791570F1619A}\ARPPRODUCTICON.exe
[2008.09.08 17:59:32 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{4B546AE5-DF17-6D39-A846-A9ECD0153C9A}\ARPPRODUCTICON.exe
[2008.09.08 17:59:43 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{57EF4BC7-0C52-1872-C0CE-AEAB996E5626}\ARPPRODUCTICON.exe
[2008.09.08 17:59:36 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{5B701396-48C3-A3FA-43DB-FF975446759C}\ARPPRODUCTICON.exe
[2008.09.08 18:00:13 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{5ECA8F33-8F8E-1042-2082-5F02E64D6140}\ARPPRODUCTICON.exe
[2008.09.08 17:59:30 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{68B84920-CD46-8C5B-DABE-EC0FF6F0C703}\ARPPRODUCTICON.exe
[2008.09.08 18:00:17 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{6AF75C96-2093-51F4-0412-501CB317A7F9}\ARPPRODUCTICON.exe
[2008.09.08 17:59:41 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{6D219284-A368-A0A5-AA55-8BAAE9EA60CC}\ARPPRODUCTICON.exe
[2008.09.08 18:00:07 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{732442CA-AFFC-E75D-C586-2A3C71D8CFFE}\ARPPRODUCTICON.exe
[2008.09.08 18:00:18 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{815B5312-F7B5-EDD5-A899-B0228C3C7F3A}\ARPPRODUCTICON.exe
[2010.08.25 14:48:02 | 000,009,158 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
[2008.09.08 17:59:33 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{89EAD7B4-1CAC-CC9E-F040-FE041A2EA77C}\ARPPRODUCTICON.exe
[2008.09.08 17:59:48 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{8BE3174F-3BFE-8822-4493-A0519D1E4E94}\ARPPRODUCTICON.exe
[2008.09.08 17:59:38 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{9D7802F0-3C39-ED52-10D9-AE8A7FB5A94C}\ARPPRODUCTICON.exe
[2008.09.08 18:00:01 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{AB1E9EC2-42E4-E801-83BB-AAFF86DDEC7E}\ARPPRODUCTICON.exe
[2008.09.08 17:59:39 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{B02A3921-F7B7-C73F-395B-8172C9EE4006}\ARPPRODUCTICON.exe
[2008.09.08 18:00:11 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{BD17DEF2-8970-E4F5-337A-C10DE4D33F29}\ARPPRODUCTICON.exe
[2008.09.08 18:00:04 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{C5A2542D-CF79-3EE6-7673-2CEDA2338172}\ARPPRODUCTICON.exe
[2008.09.08 17:59:59 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{C69B9631-B617-B714-7FE2-6FCD5B891ACD}\ARPPRODUCTICON.exe
[2008.09.08 18:00:19 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{C6D7BC96-A608-0908-F6E7-53C118423087}\ARPPRODUCTICON.exe
[2008.09.08 18:00:06 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{C8A4038E-4DA5-879D-A353-7443FC3EE22C}\ARPPRODUCTICON.exe
[2008.09.08 18:00:16 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{C9B7D4A2-7A42-96BC-DE77-6EB23F1116A8}\ARPPRODUCTICON.exe
[2008.09.08 18:00:15 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{CE344E77-B015-C6D0-9A1B-0EA0043E7A52}\ARPPRODUCTICON.exe
[2008.09.08 18:00:12 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{D9D45F79-D38C-9BCA-4023-6F3E365D5D25}\ARPPRODUCTICON.exe
[2008.09.08 17:59:26 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{DCE907E3-4D72-4CD3-A08A-BEFC8C7A5869}\ARPPRODUCTICON.exe
[2008.09.08 17:59:26 | 000,009,158 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{DCE907E3-4D72-4CD3-A08A-BEFC8C7A5869}\NewShortcut1_45160C5661F6468DA5B09FAE2C3E68D6.exe
[2008.09.08 17:59:55 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{E91EBA1F-DA25-58B2-365F-FB76BDC81F86}\ARPPRODUCTICON.exe
[2008.09.08 18:00:02 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{EE78C2A7-1413-105B-DC86-3F9FA6B10C2F}\ARPPRODUCTICON.exe
[2008.09.08 18:00:09 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{F2AAE965-966C-104E-ECCD-9F111A83139C}\ARPPRODUCTICON.exe
[2008.09.08 17:59:57 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{F3AEE6A8-5FA3-F9AA-8CA7-D1AAD6352065}\ARPPRODUCTICON.exe
[2008.09.08 18:00:13 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{F7F564DD-A790-D01A-5390-6D1386AA5621}\ARPPRODUCTICON.exe
[2008.09.08 18:00:20 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Microsoft\Installer\{FD9B0D38-7B82-5A3A-E046-D8DBF3F06A93}\ARPPRODUCTICON.exe

< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2002.09.20 18:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2002.08.29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\temp\$ntservicepackuninstall$\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2002.09.20 18:05:14 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=82CD2AA659D68781D29BA87421BE0E40 -- C:\temp\$ntservicepackuninstall$\autochk.exe
[2004.08.17 15:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\cmdcons\autochk.exe
[2004.08.17 15:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2004.08.17 15:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\system32\autochk.exe

< MD5 for: CDROM.SYS >
[2002.09.20 18:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys
[2002.08.29 01:27:56 | 000,047,488 | ---- | M] (Microsoft Corporation) MD5=6506E033AD04CFEC9EE56DBEFD1083DD -- C:\temp\$ntservicepackuninstall$\cdrom.sys
[2004.08.03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2004.08.03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2002.09.20 18:03:40 | 000,053,248 | ---- | M] (Microsoft Corporation) MD5=031E7FF41B13B658CAE7D6C98086F76A -- C:\temp\$ntservicepackuninstall$\cryptsvc.dll
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll
[2002.09.20 18:03:50 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=E8508E7F865490D8AE71D00C8DF4D227 -- C:\temp\$ntservicepackuninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2002.09.20 18:05:24 | 001,004,544 | ---- | M] (Microsoft Corporation) MD5=11D80755545CFB5EB9659EE88440EAE2 -- C:\temp\$ntservicepackuninstall$\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: HAL.DLL >
[2002.09.20 18:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:hal.dll
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:hal.dll
[2002.08.29 01:05:04 | 000,129,920 | ---- | M] (Microsoft Corporation) MD5=308709E92843DFF3A5CDCA069F6F5C61 -- C:\temp\$ntservicepackuninstall$\hal.dll
[2004.08.03 22:59:20 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=C321C95318495909A0066FB0EDC97287 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2004.08.03 22:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\system32\HAL.DLL

< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys
[2004.08.03 23:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: ISAPNP.SYS >
[2001.10.25 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2002.09.20 18:05:32 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=32F7074BAC9A5F899CCA9C046C9FA6EB -- C:\temp\$ntservicepackuninstall$\lsass.exe
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2002.08.29 02:09:26 | 000,167,552 | ---- | M] (Microsoft Corporation) MD5=3B350E5A2A5E951453F3993275A4523A -- C:\temp\$ntservicepackuninstall$\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
[2002.09.20 18:04:34 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=CF03E300B5CEEFFEFBE6F67532BD0EF1 -- C:\temp\$ntservicepackuninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
[2002.09.20 18:04:42 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B2666CAB5E8C8A741D63F18D551A47FB -- C:\temp\$ntservicepackuninstall$\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2002.09.20 18:05:44 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7763D73255AD4046FA999D42EAF22C26 -- C:\temp\$ntservicepackuninstall$\smss.exe

< MD5 for: SVCHOST.EXE >
[2001.10.25 14:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=329945887A0C684C38A4845330BC9100 -- C:\temp\$ntservicepackuninstall$\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2002.08.29 01:58:12 | 000,332,928 | ---- | M] (Microsoft Corporation) MD5=244A2F9816BC9B593957281EF577D976 -- C:\temp\$ntservicepackuninstall$\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\drivers\tcpip.sys

< MD5 for: USERINIT.EXE >
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe
[2002.09.20 18:05:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B26871B5CE92F9D95AE6E62119799EB9 -- C:\temp\$ntservicepackuninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
[2002.09.20 18:05:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=FF8857D1AF59071F172C0FAD0FD33E87 -- C:\temp\$ntservicepackuninstall$\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
[2001.10.25 14:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=748494B94A871A828C64D1D5C738D2B7 -- C:\temp\$ntservicepackuninstall$\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008.09.09 00:37:30 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008.09.09 00:37:30 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008.09.09 00:37:30 | 000,421,888 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >
[2016.09.09 19:16:56 | 000,300,048 | ---- | M] (Eset) -- C:\WINDOWS\system32\drivers\amon.sys

< %systemroot%\system32\*.* /3 >
[2011.07.16 19:41:01 | 000,002,552 | ---- | M] () -- C:\WINDOWS\system32\CONFIG.NT
[2011.07.16 20:00:36 | 000,124,520 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2016.09.09 19:16:56 | 000,245,760 | ---- | M] () -- C:\WINDOWS\system32\imon.dll
[2016.09.09 19:17:33 | 000,000,442 | ---- | M] () -- C:\WINDOWS\system32\mapisvc.inf
[2016.09.09 19:16:56 | 000,114,688 | ---- | M] () -- C:\WINDOWS\system32\nms32.dll
[2011.07.17 10:42:50 | 000,039,472 | ---- | M] () -- C:\WINDOWS\system32\nvapps.xml
[2011.07.16 10:02:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl

< End of report >

Extras.txt:
OTL Extras logfile created on: 17.7.2011 10:48:27 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Jana\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1023,48 Mb Total Physical Memory | 553,77 Mb Available Physical Memory | 54,11% Memory free
2,90 Gb Paging File | 2,53 Gb Available in Paging File | 87,28% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 3,31 Gb Free Space | 11,30% Space Free | Partition Type: NTFS
Drive D: | 100,21 Gb Total Space | 22,89 Gb Free Space | 22,84% Space Free | Partition Type: NTFS
Drive E: | 7,79 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: JDIFHE-NOTEBOOK | User Name: Jana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ7.0\ICQ.exe" = C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7
"C:\Program Files\ICQ7.0\aolload.exe" = C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe
"C:\Program Files\ICQ7.5\ICQ.exe" = C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Valve\hl.exe" = C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\ICQ7.5\ICQ.exe" = C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FF2C26-DBCE-DADA-BEE5-0928E0F8F623}" = CCC Help German
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05F4ABAC-8697-2291-16D8-4BFD7DD78B59}" = CCC Help Japanese
"{07119BED-86AE-4AE3-97A5-45A118A3F06A}" = Call of Juarez
"{07C85A90-668F-A807-5C67-975E0777A9E8}" = Catalyst Control Center Localization Russian
"{0A755762-EED8-47AB-A446-505766F93D43}" = Atheros Communications Inc.(R) L2 Fast Ethernet Driver
"{0EA06F05-4320-E4DC-4374-E6C0986C964D}" = Catalyst Control Center Localization Finnish
"{137C5C08-8B6F-497A-1529-502359B3BA88}" = Catalyst Control Center Localization Polish
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{17EE76BB-5264-8946-DA8F-D564ED25EDDD}" = CCC Help English
"{1C00A3F1-6DA0-49F8-94E4-01AB6FC01029}" = Nero 7 Essentials
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB Video Driver
"{27599825-6BD9-1081-D1CC-0BFC01157204}" = CCC Help Hungarian
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2E13776F-DEAF-7C83-C2A9-3BF073D51BFD}" = Catalyst Control Center Localization Swedish
"{33CE2580-2B1E-4B4C-8E91-27FC58A548E4}" = Port Royale 2
"{3482A5D0-F16D-A6C9-397F-8D85EA61BF93}" = Catalyst Control Center Localization Norwegian
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3AFD938F-D1FF-490A-9154-82774A9E977E}" = Sid Meier's Civilization 4
"{3C3CA756-9FB1-60D9-4435-6D9FEB42C637}" = Catalyst Control Center Localization Dutch
"{3E4039F8-5DA8-0414-B7E1-8DA8C8FC1565}" = Catalyst Control Center Localization Thai
"{48D4215F-414F-1554-8534-E3D8156C0666}" = Skins
"{4A0FAC3C-852D-C0A3-1715-6F844C184CF0}" = CCC Help Portuguese
"{4B29B49E-F274-58CE-25D2-791570F1619A}" = CCC Help French
"{4B546AE5-DF17-6D39-A846-A9ECD0153C9A}" = Catalyst Control Center Localization Greek
"{53B9A1FE-FF04-4431-B394-B110FE794200}" = Bad Boys 2
"{57EF4BC7-0C52-1872-C0CE-AEAB996E5626}" = Catalyst Control Center Localization Korean
"{5B701396-48C3-A3FA-43DB-FF975446759C}" = Catalyst Control Center Localization French
"{5ECA8F33-8F8E-1042-2082-5F02E64D6140}" = CCC Help Polish
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68B84920-CD46-8C5B-DABE-EC0FF6F0C703}" = Catalyst Control Center Localization German
"{6AF75C96-2093-51F4-0412-501CB317A7F9}" = CCC Help Thai
"{6D219284-A368-A0A5-AA55-8BAAE9EA60CC}" = Catalyst Control Center Localization Japanese
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{732442CA-AFFC-E75D-C586-2A3C71D8CFFE}" = CCC Help Finnish
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{767EE8DA-A2AA-00A9-1A21-9584E00867B8}" = Catalyst Control Center Core Implementation
"{815B5312-F7B5-EDD5-A899-B0228C3C7F3A}" = CCC Help Turkish
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{857D4360-762B-978B-76AD-491AA719E47A}" = ccc-core-static
"{86552A3A-0437-319B-46C5-569FC9F7ACA9}" = ccc-utility
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89EAD7B4-1CAC-CC9E-F040-FE041A2EA77C}" = Catalyst Control Center Localization Spanish
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8BE3174F-3BFE-8822-4493-A0519D1E4E94}" = Catalyst Control Center Localization Portuguese
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{91120405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9D7802F0-3C39-ED52-10D9-AE8A7FB5A94C}" = Catalyst Control Center Localization Hungarian
"{9F303CF8-2998-4541-C9F7-C3AAEC2B88B0}" = Catalyst Control Center Graphics Full Existing
"{A042FD6F-D051-ECE5-71C9-52ABFE36EBF9}" = Catalyst Control Center Localization Czech
"{A125DDDB-E0C0-08E0-F04C-7B5409DFFC79}" = Catalyst Control Center Graphics Light
"{A26E0062-7CBE-449A-B75D-25812386E838}" = Tortuga
"{AB1E9EC2-42E4-E801-83BB-AAFF86DDEC7E}" = CCC Help Czech
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.5 - Czech
"{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted
"{B02A3921-F7B7-C73F-395B-8172C9EE4006}" = Catalyst Control Center Localization Italian
"{BD17DEF2-8970-E4F5-337A-C10DE4D33F29}" = CCC Help Korean
"{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C5A2542D-CF79-3EE6-7673-2CEDA2338172}" = CCC Help Greek
"{C69B9631-B617-B714-7FE2-6FCD5B891ACD}" = Catalyst Control Center Localization Chinese Traditional
"{C6D7BC96-A608-0908-F6E7-53C118423087}" = CCC Help Chinese Standard
"{C8A4038E-4DA5-879D-A353-7443FC3EE22C}" = CCC Help Spanish
"{C9B7D4A2-7A42-96BC-DE77-6EB23F1116A8}" = CCC Help Swedish
"{CE344E77-B015-C6D0-9A1B-0EA0043E7A52}" = CCC Help Russian
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D9D45F79-D38C-9BCA-4023-6F3E365D5D25}" = CCC Help Dutch
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCE907E3-4D72-4CD3-A08A-BEFC8C7A5869}" = Branding
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E4BCF2E7-B181-C240-B6EC-04A8FA633EEF}" = Catalyst Control Center Graphics Full New
"{E91EBA1F-DA25-58B2-365F-FB76BDC81F86}" = Catalyst Control Center Localization Turkish
"{EA2F03AD-BF9D-EECC-F24C-549046AEC17A}" = Catalyst Control Center Localization Danish
"{ECFCC0F4-649F-4544-AB74-1DEA35350216}" = LG PC Suite III
"{EE78C2A7-1413-105B-DC86-3F9FA6B10C2F}" = CCC Help Danish
"{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1CECE09-7CBE-4E98-B435-DA87CDA86167}" = Skype™ 5.3
"{F2AAE965-966C-104E-ECCD-9F111A83139C}" = CCC Help Italian
"{F3AEE6A8-5FA3-F9AA-8CA7-D1AAD6352065}" = Catalyst Control Center Localization Chinese Standard
"{F7F564DD-A790-D01A-5390-6D1386AA5621}" = CCC Help Norwegian
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FD9B0D38-7B82-5A3A-E046-D8DBF3F06A93}" = CCC Help Chinese Traditional
"69083DC58646DE46A09847A522A1CC487F918039" = Balíček ovladače systému Windows - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)
"9722CA1E8F72F362E93CBEC75A707FDABFC8D880" = Balíček ovladače systému Windows - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"C-Media Audio" = C-Media 3D Audio
"Diablo II" = Diablo II
"DVD X Player 5.4 Professional_is1" = DVD X Player 5.4 Professional
"EAX Unified" = EAX Unified
"InstallShield_{07119BED-86AE-4AE3-97A5-45A118A3F06A}" = Call of Juarez
"InterActual Player" = InterActual Player
"Mafia Game" = Mafia Game
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware verze 1.51.0.1200
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox 5.0 (x86 cs)" = Mozilla Firefox 5.0 (x86 cs)
"NeroVision!UninstallKey" = NeroVision Express 2
"NMPUninstallKey" = Nero Media Player
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = The KMPlayer (remove only)
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR 4.00 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1060284298-57989841-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26.2.2011 14:07:53 | Computer Name = JDIFHE-NOTEBOOK | Source = Userenv | ID = 1081
Description = Systém Windows nemůže zosobnit uživatele. (Neplatný popisovač. ).
Zpracovávání zásad skupin bylo zastaveno.

Error - 26.2.2011 15:48:55 | Computer Name = JDIFHE-NOTEBOOK | Source = Userenv | ID = 1081
Description = Systém Windows nemůže zosobnit uživatele. (Neplatný popisovač. ).
Zpracovávání zásad skupin bylo zastaveno.

Error - 26.2.2011 16:05:26 | Computer Name = JDIFHE-NOTEBOOK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 6.0.2900.2180, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 26.2.2011 16:26:58 | Computer Name = JDIFHE-NOTEBOOK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace Game.exe, verze 1.0.7.0, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.

Error - 28.2.2011 12:25:59 | Computer Name = JDIFHE-NOTEBOOK | Source = Userenv | ID = 1081
Description = Systém Windows nemůže zosobnit uživatele. (Neplatný popisovač. ).
Zpracovávání zásad skupin bylo zastaveno.

Error - 28.2.2011 13:56:00 | Computer Name = JDIFHE-NOTEBOOK | Source = Userenv | ID = 1081
Description = Systém Windows nemůže zosobnit uživatele. (Neplatný popisovač. ).
Zpracovávání zásad skupin bylo zastaveno.

Error - 28.2.2011 15:30:00 | Computer Name = JDIFHE-NOTEBOOK | Source = Userenv | ID = 1081
Description = Systém Windows nemůže zosobnit uživatele. (Neplatný popisovač. ).
Zpracovávání zásad skupin bylo zastaveno.

Error - 28.2.2011 17:21:01 | Computer Name = JDIFHE-NOTEBOOK | Source = Userenv | ID = 1081
Description = Systém Windows nemůže zosobnit uživatele. (Neplatný popisovač. ).
Zpracovávání zásad skupin bylo zastaveno.

Error - 1.3.2011 15:36:46 | Computer Name = JDIFHE-NOTEBOOK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace Game.exe, verze 1.0.7.0, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.

Error - 1.3.2011 15:36:51 | Computer Name = JDIFHE-NOTEBOOK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace Game.exe, verze 1.0.7.0, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.

[ System Events ]
Error - 16.7.2011 12:46:19 | Computer Name = JDIFHE-NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = Služba AMON neuspěla při spuštění v důsledku následující chyby: %%2

Error - 16.7.2011 13:19:08 | Computer Name = JDIFHE-NOTEBOOK | Source = sr | ID = 1
Description = Filtr nástroje Obnovení systému zjistil neočekávanou chybu 0xC000009A
při zpracování souboru ashBase.dll na svazku HarddiskVolume1. Sledování svazku
bylo ukončeno.

Error - 16.7.2011 13:22:56 | Computer Name = JDIFHE-NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = Služba AMON neuspěla při spuštění v důsledku následující chyby: %%2

Error - 16.7.2011 13:28:21 | Computer Name = JDIFHE-NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = Služba AMON neuspěla při spuštění v důsledku následující chyby: %%2

Error - 16.7.2011 13:28:42 | Computer Name = JDIFHE-NOTEBOOK | Source = System Error | ID = 1003
Description = Kód chyby 00000019, parametr1 00000020, parametr2 85ea9000, parametr3
85ea9828, parametr4 1b050000.

Error - 16.7.2011 13:38:47 | Computer Name = JDIFHE-NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = Služba AMON neuspěla při spuštění v důsledku následující chyby: %%2

Error - 16.7.2011 14:02:02 | Computer Name = JDIFHE-NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = Služba AMON neuspěla při spuštění v důsledku následující chyby: %%2

Error - 17.7.2011 2:14:19 | Computer Name = JDIFHE-NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = Služba AMON neuspěla při spuštění v důsledku následující chyby: %%2

Error - 17.7.2011 2:20:43 | Computer Name = JDIFHE-NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = Služba AMON neuspěla při spuštění v důsledku následující chyby: %%2

Error - 17.7.2011 4:43:11 | Computer Name = JDIFHE-NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = Služba AMON neuspěla při spuštění v důsledku následující chyby: %%2

< End of report >

Díky

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1060284298-57989841-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-1060284298-57989841-839522115-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1060284298-57989841-839522115-1003\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.7.0190
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.16749
[2011.07.16 10:03:59 | 000,002,396 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\askcom.xml
[2010.08.03 19:03:43 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\daemon-search.xml
[2011.07.12 09:21:15 | 000,001,018 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\facebook.xml
[2011.07.12 09:21:15 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-1.xml
[2011.03.06 10:52:27 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-10.xml
[2011.03.26 09:45:52 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-11.xml
[2011.03.31 20:38:33 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-12.xml
[2011.05.02 18:27:12 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-13.xml
[2011.06.24 13:05:14 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-14.xml
[2011.06.25 08:43:49 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-15.xml
[2010.02.13 16:26:07 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-2.xml
[2010.02.19 20:08:38 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-3.xml
[2010.03.11 21:40:59 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-4.xml
[2010.03.26 21:08:08 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-5.xml
[2010.04.03 10:32:53 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-6.xml
[2010.07.28 18:24:32 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-7.xml
[2010.08.03 20:35:34 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-8.xml
[2011.03.04 15:50:29 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-9.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin.xml
[2004.06.01 02:06:48 | 000,001,246 | ---- | M] () -- C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\winamp-search.xml
[2010.02.08 17:59:53 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
File not found (No name found) -- 
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1060284298-57989841-839522115-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1060284298-57989841-839522115-1003\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"=-
"WinampAgent"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=- 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

:files
C:\Program Files\Winamp Toolbar
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Log:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\ deleted successfully.
C:\Program Files\Winamp Toolbar\winamptb.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKU\S-1-5-21-1060284298-57989841-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1060284298-57989841-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1060284298-57989841-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\ not found.
File C:\Program Files\Winamp Toolbar\winamptb.dll not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "http://slirsredirect.search.aol.com/sli ... ie7&query=" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: DTToolbar@toolbarnet.com:1.1.7.0190 removed from extensions.enabledItems
Prefs.js: toolbar@ask.com:3.12.2.16749 removed from extensions.enabledItems
C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\askcom.xml moved successfully.
C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\daemon-search.xml moved successfully.
C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\facebook.xml moved successfully.
C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-14.xml moved successfully.
C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-15.xml moved successfully.
C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\icqplugin.xml moved successfully.
C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\kpvktcu2.default\searchplugins\winamp-search.xml moved successfully.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
File C:\Program Files\Winamp Toolbar\winamptb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}\ deleted successfully.
File C:\Program Files\Winamp Toolbar\winamptb.dll not found.
Registry value HKEY_USERS\S-1-5-21-1060284298-57989841-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-21-1060284298-57989841-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ not found.
File C:\Program Files\Winamp Toolbar\winamptb.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\ deleted successfully.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\WINDOWS\Downloaded Program Files\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RemoteControl deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck\ deleted successfully.
========== FILES ==========
C:\Program Files\Winamp Toolbar folder moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jana
->Temp folder emptied: 47094932 bytes
->Temporary Internet Files folder emptied: 43379058 bytes
->FireFox cache emptied: 47825317 bytes
->Flash cache emptied: 858 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 132,00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: Jana
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.

OTL by OldTimer - Version 3.2.26.1 log created on 07172011_120855

Files\Folders moved on Reboot...
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Dále jsem měl prosbu - zůstal tam viset driver od esetu ale nyní mám avast:
DRV - [2016.09.09 19:16:56 | 000,300,048 | ---- | M] (Eset) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)
Díky

Vezmeho po hlave - dalsi skript pro OTL

Kód: Vybrat vše

:otl
DRV - [2016.09.09 19:16:56 | 000,300,048 | ---- | M] (Eset) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)

:commands
[REBOOT]

Bylo to chvíli zajímavé, protože po restartu to zůstalo viset na obrazovce "Příprava spuštění počítače", ale druhý restart to vyřešil.
V autoruns už driver od esetu vidět není.
Bohužel ten prvotní problém s tím otevřeným portem 2000 a aktualizací mbam zůstává.

MBAM ma ted s aktualizacemi problemy, vi se o tom a pracuje se

O tom portu jeste pohledam

Děkuji.

Mezitím doinstaluji tuny aktualizací od windows, které se naráz objevily. Asi to bylo blokováno.

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

C:\Documents and Settings\Jana\Plocha\2k918nl1.exe
Kliknete na Prochazet
Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
Kliknete na Send File
Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
Vysledek analyzy sem vlozte (jako odkaz)

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

Provedte aktualizaci - treti zalozka
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

Zdravím.

Uvedený soubor byl gmer, ale je již smazán.

MBAM provedu později, jelikož budu na týden pryč.

Zatím děkuji za pomoc.

VIRY.CZ

mbr virus?

mbr virus?

Re: mbr virus?

Re: mbr virus?

Re: mbr virus?

Re: mbr virus?

Re: mbr virus?

Re: mbr virus?

Re: mbr virus?

Re: mbr virus?

Re: mbr virus?

Re: mbr virus?

Re: mbr virus?

Re: mbr virus?

Re: mbr virus?

Re: mbr virus?