VIRY.CZ

Dobrý den,
při instalaci Avira se při odstraňování staré verze napíše, že tato nelze odstranit,že ji mám odstranit manuálně. Nevím jak, protože ji ani nemůžu najít. Asi jsem ji odstranil dříve,ale nevím kdy a jak.
Co s tím můžu udělat?

Tom

Zdravim

Zkuste jejich odinstalator
http://dlpro.antivir.com/package/remova ... n32-en.exe

Potom zkuste procistit registry CCleanerem

Stahnete Ccleaner http://www.stahuj.centrum.cz/utility_a_ ... /ccleaner/ a spustte.
Pri instalaci pozor na toolbar, jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vysype ho
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows, takze muzete pouzit take

Kdyby to nepomohlo, dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=105895 a zkusime ji odpalit rucne

Logfile of random's system information tool 1.09 (written by random/random)
Run by Marie at 2012-02-24 18:18:02
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 105 GB (71%) free of 148 GB
Total RAM: 1014 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:18:15, on 24.2.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\QSTART.SYS\config\DVMExportService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\All Users\Data aplikací\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Marie\Plocha\RSIT.exe
C:\Program Files\trend micro\Marie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Marie\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Badoo Desktop] C:\Documents and Settings\All Users\Data aplikací\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: PicNotify - PicNotify.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\QSTART.SYS\config\DVMExportService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 7131 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1159581433-68580018-2259586109-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1159581433-68580018-2259586109-1006UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-08-30 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"EnergyUtility"=C:\Program Files\Lenovo\Energy Management\utility.exe [2009-01-04 4462464]
"Energy Management"=C:\Program Files\Lenovo\Energy Management\Energy Management.exe [2008-12-26 1277952]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-09-24 16859648]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"AzMixerSel"=C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe [2006-07-17 53248]
"VeriFaceManager"=C:\Program Files\Lenovo\VeriFaceIII\PManage.exe [2011-03-03 323584]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-05-23 1146880]
"WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2008-03-05 188416]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-28 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-28 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-28 137752]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2011-08-31 40368]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-29 937920]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-01-13 460872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Marie\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-03-07 136176]
"Badoo Desktop"=C:\Documents and Settings\All Users\Data aplikací\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe [2011-10-05 1051760]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PicNotify]
C:\WINDOWS\system32\PicNotify.dll [2011-03-03 1167360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\StepMania\Program\StepMania-SSE2.exe"="C:\Program Files\StepMania\Program\StepMania-SSE2.exe:*:Disabled:StepMania"
"C:\Program Files\StepMania\Program\StepMania.exe"="C:\Program Files\StepMania\Program\StepMania.exe:*:Enabled:StepMania"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"vidc.ffds"=ff_vfw.dll
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm

======List of files/folders created in the last 1 month======

2012-02-24 18:16:53 ----D---- C:\Program Files\trend micro
2012-02-24 18:16:51 ----D---- C:\rsit
2012-02-24 18:02:13 ----HD---- C:\dvmexp
2012-02-18 21:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-18 20:59:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-16 03:01:01 ----N---- C:\WINDOWS\system32\iacenc.dll
2012-01-28 15:28:05 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2012-01-28 15:28:05 ----A---- C:\WINDOWS\system32\xvidcore.dll
2012-01-28 15:28:03 ----A---- C:\WINDOWS\system32\unrar.dll
2012-01-28 15:28:01 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2012-01-28 15:27:55 ----D---- C:\Program Files\K-Lite Codec Pack
2012-01-28 01:38:45 ----D---- C:\Config.Msi
2012-01-27 23:39:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2585542$

======List of files/folders modified in the last 1 month======

2012-02-24 18:17:01 ----D---- C:\WINDOWS\Prefetch
2012-02-24 18:16:53 ----RD---- C:\Program Files
2012-02-24 18:06:28 ----AD---- C:\WINDOWS\system32
2012-02-24 18:06:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-02-24 18:02:18 ----AD---- C:\WINDOWS
2012-02-24 18:02:13 ----HD---- C:\temp
2012-02-24 13:47:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-02-24 13:45:09 ----D---- C:\WINDOWS\Temp
2012-02-24 11:51:19 ----D---- C:\WINDOWS\system32\drivers
2012-02-24 11:43:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-02-24 11:27:42 ----D---- C:\WINDOWS\system32\CatRoot2
2012-02-24 11:27:21 ----SHD---- C:\WINDOWS\Installer
2012-02-24 11:19:55 ----D---- C:\WINDOWS\Debug
2012-02-18 21:43:13 ----RSD---- C:\WINDOWS\assembly
2012-02-18 21:36:32 ----D---- C:\WINDOWS\Microsoft.NET
2012-02-18 21:06:48 ----D---- C:\WINDOWS\WinSxS
2012-02-18 21:00:27 ----A---- C:\WINDOWS\system32\MRT.exe
2012-02-18 21:00:22 ----HD---- C:\WINDOWS\inf
2012-02-18 21:00:21 ----ASHDC---- C:\WINDOWS\system32\dllcache
2012-02-18 21:00:07 ----D---- C:\Program Files\Internet Explorer
2012-02-18 20:59:48 ----HD---- C:\WINDOWS\$hf_mig$
2012-01-28 15:13:58 ----D---- C:\WINDOWS\system32\CatRoot
2012-01-28 15:13:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2646524$
2012-01-28 15:13:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2631813$
2012-01-28 15:13:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2639417$
2012-01-28 15:10:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2598479$
2012-01-28 15:09:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2624667$
2012-01-28 15:03:43 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2012-01-28 15:03:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2603381$
2012-01-28 15:03:04 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2012-01-28 15:02:43 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2012-01-28 15:02:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2633952$
2012-01-28 15:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2619339$
2012-01-28 15:02:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2618451$
2012-01-28 15:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2012-01-28 15:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2620712$
2012-01-28 15:01:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2584146$
2012-01-28 15:01:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2633171$
2012-01-28 14:24:41 ----D---- C:\WINDOWS\system32\config
2012-01-28 14:24:29 ----D---- C:\WINDOWS\system32\wbem
2012-01-28 14:24:28 ----D---- C:\WINDOWS\Registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2007-01-24 8704]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 PMEM;PMEM; \??\C:\WINDOWS\system32\drivers\PMEMNT.SYS []
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\WINDOWS\system32\DRIVERS\AcpiVpc.sys [2008-01-11 9472]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2008-06-19 176640]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-09-10 1386624]
R3 BTKRNL;Enumenátor sběrnice Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-06-23 991400]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-06-11 47272]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-09-24 4818432]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-02-19 21376]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RTS5121.sys [2008-07-23 157696]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-06-28 66616]
S3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2007-12-25 14336]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-14 28672]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys [2009-12-17 13440]
S3 PCDSRVC{E9084A43-01CBFFD7-06000000}_0;PCDSRVC{E9084A43-01CBFFD7-06000000}_0 - PCDR Kernel Mode Service Helper Driver; \??\d:\pcdoctor\pcdsrvc.pkms []
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 Rts516xIR;Realtek IR Driver; C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-05-23 225280]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\WINDOWS\system32\DRIVERS\Rts5161ccid.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2007-05-23 128104]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WSVD;WSVD; \??\C:\WINDOWS\system32\drivers\WSVD.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe [2008-06-23 346720]
R2 DvmMDES;DeviceVM Meta Data Export Service; C:\QSTART.SYS\config\DVMExportService.exe [2008-12-01 307200]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2011-04-18 28672]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 usnjsvc;Služba Čtení deníku USN sdílených složek programu Messenger; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Ccleaner pouzivam pravidelne. Avira removal tool mi napsal ze nenasel zadny malware.

Neco od Aviry jsem nasel, tak to smaznem a uvidime, jestli to pomuze



Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe , ulozte nejlepe na plochu a spustte
Do leveho okna zkopirujte tento skript Kliknete na MoveIt a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu sem dejte log, ktery bude zde C:\_OTM\MovedFiles\

Po spusteni OTM se mi zobrazilo,ze MBAM toto prerusil. Pak jsem pred spustenim OTM vypnul MBAM atd.,ale opet se to po spusteni OTM seklo. Tak jsem zase natrdo vypnul nb.
V danem oadresari jsem nasel adresar,ale bez logu.

Dostante se do nouzoveho rezimu (restart pc a mackani klavesy F8, pripadne http://forum.viry.cz/viewtopic.php?f=46&t=7554 ) a zkuste udelat postup s OTM v nem

All processes killed
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
C:\WINDOWS\system32\SET40.tmp moved successfully.
C:\WINDOWS\system32\SET45.tmp moved successfully.
File/Folder C:\WINDOWS\*.tmp not found.
C:\WINDOWS\system32\DRIVERS\avgntflt.sys moved successfully.
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1159581433-68580018-2259586109-1006Core.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1159581433-68580018-2259586109-1006UA.job moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update not found.
========== SERVICES/DRIVERS ==========
Service avgntflt stopped successfully!
Service avgntflt deleted successfully!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: Administrator.LENOVO-IDEAPAD
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 211537 bytes

User: Marie
->Temp folder emptied: 16665643 bytes
->Temporary Internet Files folder emptied: 275903 bytes
->Java cache emptied: 7156641 bytes
->Google Chrome cache emptied: 32047608 bytes
->Flash cache emptied: 1133 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 138337831 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 138729486 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 318,00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.LENOVO-IDEAPAD

User: All Users

User: Default User

User: LocalService

User: Marie
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 02252012_004609

OTM smazalo co melo.

Uz jde Avira nainstalovat?

Jestli ne, udelejte jeste sken s OTL, treba jeste neco ukaze.

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe , ulozte na plochu a spustte.
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte.

OTL logfile created on: 25.2.2012 10:30:16 - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Marie\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1014,36 Mb Total Physical Memory | 577,95 Mb Available Physical Memory | 56,98% Memory free
2,38 Gb Paging File | 2,03 Gb Available in Paging File | 85,01% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144,65 Gb Total Space | 101,99 Gb Free Space | 70,50% Space Free | Partition Type: NTFS

Computer Name: LENOVO-IDEAPAD | User Name: Marie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.02.25 10:26:34 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marie\Plocha\OTL.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.10.05 20:18:50 | 001,051,760 | ---- | M] (Badoo) -- C:\Documents and Settings\All Users\Data aplikací\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe
PRC - [2011.04.18 13:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2011.03.03 13:41:25 | 000,323,584 | ---- | M] () -- C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
PRC - [2009.01.04 11:57:28 | 004,462,464 | ---- | M] (Lenovo(Beijing)Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2008.12.26 09:05:46 | 001,277,952 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2008.12.01 18:32:30 | 000,307,200 | -H-- | M] (DeviceVM) -- C:\QSTART.SYS\config\DVMExportService.exe
PRC - [2008.06.23 23:21:36 | 000,600,680 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
PRC - [2008.06.23 23:21:34 | 001,448,576 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
PRC - [2008.06.23 23:21:34 | 000,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
PRC - [2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.05 23:04:12 | 000,188,416 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe
PRC - [2007.09.26 16:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe


========== Modules (No Company Name) ==========

MOD - [2012.02.18 21:41:37 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012.02.18 21:41:17 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
MOD - [2012.02.18 21:12:05 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012.02.18 21:08:05 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2011.10.26 18:14:23 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011.03.08 11:54:08 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2011.03.03 13:41:27 | 009,338,880 | ---- | M] () -- C:\WINDOWS\system32\Facev.dll
MOD - [2011.03.03 13:41:27 | 000,241,752 | ---- | M] () -- C:\WINDOWS\system32\IcnOvrly.dll
MOD - [2011.03.03 13:41:27 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\FunFrm.dll
MOD - [2011.03.03 13:41:27 | 000,036,352 | ---- | M] () -- C:\Program Files\Lenovo\VeriFaceIII\Time.dll
MOD - [2011.03.03 13:41:26 | 009,502,720 | ---- | M] () -- C:\WINDOWS\system32\FaceVerify.dll
MOD - [2011.03.03 13:41:26 | 001,564,672 | ---- | M] () -- C:\WINDOWS\system32\MainOp.dll
MOD - [2011.03.03 13:41:26 | 000,221,184 | ---- | M] () -- C:\WINDOWS\system32\SetDev.dll
MOD - [2011.03.03 13:41:26 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system32\VideoOp.dll
MOD - [2011.03.03 13:41:25 | 001,167,360 | ---- | M] () -- C:\WINDOWS\system32\PicNotify.dll
MOD - [2011.03.03 13:41:25 | 000,974,848 | ---- | M] () -- C:\WINDOWS\system32\Apblend.dll
MOD - [2011.03.03 13:41:25 | 000,323,584 | ---- | M] () -- C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
MOD - [2011.03.03 13:41:25 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\Momo.dll
MOD - [2011.03.03 13:41:23 | 000,208,896 | ---- | M] () -- C:\WINDOWS\system32\image.dll
MOD - [2008.06.23 23:20:42 | 002,854,912 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2008.06.23 23:18:22 | 000,040,960 | ---- | M] () -- C:\Program Files\Lenovo\Bluetooth Software\BTKeyInd.dll
MOD - [2008.05.21 17:33:22 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll
MOD - [2008.04.14 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2005.06.24 03:05:02 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.04.18 13:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008.12.01 18:32:30 | 000,307,200 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\QSTART.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2008.06.23 23:21:34 | 000,346,720 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007.09.26 16:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)


========== Driver Services (SafeList) ==========

DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009.12.17 01:14:28 | 000,013,440 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio)
DRV - [2008.09.24 10:32:18 | 004,818,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.09.10 19:14:48 | 001,386,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008.07.23 03:03:24 | 000,157,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2008.06.23 05:23:58 | 000,991,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008.06.19 20:43:36 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008.06.11 07:14:18 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008.01.11 14:58:42 | 000,009,472 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008.01.10 10:59:08 | 000,081,192 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WSVD.sys -- (WSVD)
DRV - [2007.12.25 16:08:36 | 000,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt)
DRV - [2007.05.23 16:33:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007.02.19 06:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007.01.24 16:46:48 | 000,008,704 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1159581433-68580018-2259586109-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1159581433-68580018-2259586109-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-1159581433-68580018-2259586109-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\S-1-5-21-1159581433-68580018-2259586109-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Marie\Local Settings\Data aplikací\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Marie\Local Settings\Data aplikací\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)


[2011.03.03 15:02:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marie\Data aplikací\Mozilla\Extensions
[2011.03.03 15:02:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marie\Data aplikací\Mozilla\Extensions\E7707167-8D05-4137-BA00-5561DD143808

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Marie\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Marie\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Marie\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Marie\Local Settings\Data aplikac\u00ED\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Marie\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Documents and Settings\Marie\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\

O1 HOSTS File: ([2012.02.25 00:46:21 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-1159581433-68580018-2259586109-1006\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.)
O4 - HKU\S-1-5-21-1159581433-68580018-2259586109-1006..\Run: [Badoo Desktop] C:\Documents and Settings\All Users\Data aplikací\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe (Badoo)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk = C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1159581433-68580018-2259586109-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B5B05F8-0963-4668-9707-FF0FAD1846A1}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PicNotify: DllName - (PicNotify.dll) - C:\WINDOWS\System32\PicNotify.dll ()
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Marie\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marie\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.08.08 01:38:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2012.02.25 10:26:37 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marie\Plocha\OTL.exe
[2012.02.25 10:22:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Marie\Recent
[2012.02.25 10:19:21 | 000,000,000 | -H-D | C] -- C:\dvmexp
[2012.02.25 00:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marie\Nabídka Start\Programy\PokerStars
[2012.02.25 00:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars
[2012.02.25 00:31:16 | 015,166,464 | ---- | C] (PokerStars) -- C:\Documents and Settings\Marie\Plocha\PokerStarsInstall.exe
[2012.02.25 00:29:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marie\P5JavaClientSettings
[2012.02.25 00:29:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012.02.25 00:28:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Sun
[2012.02.25 00:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.02.25 00:28:15 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012.02.25 00:28:15 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012.02.25 00:28:15 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012.02.25 00:28:15 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012.02.25 00:28:15 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012.02.25 00:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.02.25 00:26:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marie\Data aplikací\Sun
[2012.02.25 00:26:26 | 000,910,112 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Marie\Plocha\chromeinstall-6u31.exe
[2012.02.24 20:41:36 | 000,000,000 | ---D | C] -- C:\_OTM
[2012.02.24 20:33:46 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marie\Plocha\OTM.exe
[2012.02.24 18:16:53 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.02.24 18:16:51 | 000,000,000 | ---D | C] -- C:\rsit
[2012.02.24 13:22:59 | 000,367,616 | ---- | C] (Avira GmbH) -- C:\Documents and Settings\Marie\Plocha\removaltool-win32-en.exe
[2012.01.28 15:28:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\K-Lite Codec Pack
[2012.01.28 15:28:05 | 000,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\mp3fhg.acm
[2012.01.28 15:28:03 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2012.01.28 15:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2012.01.28 14:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marie\(null)
[2012.01.28 01:38:45 | 000,000,000 | ---D | C] -- C:\Config.Msi

========== Files - Modified Within 30 Days ==========

[2012.02.25 10:36:26 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.02.25 10:26:34 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marie\Plocha\OTL.exe
[2012.02.25 10:19:12 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2012.02.25 00:56:06 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\Marie\Plocha\PokerStars.lnk
[2012.02.25 00:46:21 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012.02.25 00:43:03 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.02.25 00:32:05 | 015,166,464 | ---- | M] (PokerStars) -- C:\Documents and Settings\Marie\Plocha\PokerStarsInstall.exe
[2012.02.25 00:27:58 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012.02.25 00:27:58 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012.02.25 00:27:58 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012.02.25 00:27:58 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012.02.25 00:27:58 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012.02.25 00:27:18 | 000,504,238 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.02.25 00:27:18 | 000,498,794 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2012.02.25 00:27:18 | 000,115,486 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2012.02.25 00:27:18 | 000,098,046 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.02.25 00:26:22 | 000,910,112 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Marie\Plocha\chromeinstall-6u31.exe
[2012.02.24 20:33:44 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marie\Plocha\OTM.exe
[2012.02.24 19:08:41 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Marie\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.24 18:44:03 | 000,646,199 | ---- | M] () -- C:\Documents and Settings\Marie\Plocha\obrazek 2.JPG
[2012.02.24 18:43:40 | 000,662,299 | ---- | M] () -- C:\Documents and Settings\Marie\Plocha\obrazek 1.JPG
[2012.02.24 13:24:23 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Marie\Plocha\RSIT.exe
[2012.02.24 13:22:53 | 000,367,616 | ---- | M] (Avira GmbH) -- C:\Documents and Settings\Marie\Plocha\removaltool-win32-en.exe
[2012.02.24 11:43:59 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
[2012.02.22 21:55:23 | 000,002,264 | ---- | M] () -- C:\Documents and Settings\Marie\Plocha\Google Chrome.lnk
[2012.02.22 21:19:35 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.02.18 21:53:57 | 000,100,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.01.28 15:41:29 | 087,084,184 | ---- | M] () -- C:\Documents and Settings\Marie\Plocha\avira_free_antivirus_en.exe

========== Files Created - No Company Name ==========

[2012.02.25 10:36:26 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.02.25 00:56:06 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\Marie\Plocha\PokerStars.lnk
[2012.02.24 18:44:09 | 000,646,199 | ---- | C] () -- C:\Documents and Settings\Marie\Plocha\obrazek 2.JPG
[2012.02.24 18:43:56 | 000,662,299 | ---- | C] () -- C:\Documents and Settings\Marie\Plocha\obrazek 1.JPG
[2012.02.24 13:24:25 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Marie\Plocha\RSIT.exe
[2012.02.24 11:43:59 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
[2012.02.16 03:01:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.16 03:01:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012.01.28 15:40:14 | 087,084,184 | ---- | C] () -- C:\Documents and Settings\Marie\Plocha\avira_free_antivirus_en.exe
[2012.01.28 15:28:05 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012.01.28 15:28:05 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012.01.28 15:28:03 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012.01.28 15:28:01 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011.12.11 13:15:05 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Marie\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.02 09:49:44 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.03.07 13:32:41 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011.03.07 12:12:41 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Marie\Local Settings\Data aplikací\fusioncache.dat
[2011.03.03 13:53:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011.03.03 13:45:40 | 000,148,792 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2011.03.03 13:41:18 | 009,338,880 | ---- | C] () -- C:\WINDOWS\System32\Facev.dll
[2011.03.03 13:41:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\image.dll
[2011.03.03 13:41:14 | 001,564,672 | ---- | C] () -- C:\WINDOWS\System32\MainOp.dll
[2011.03.03 13:41:14 | 000,655,360 | ---- | C] () -- C:\WINDOWS\System32\EncIcons.dll
[2011.03.03 13:41:14 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\SimpleExt.dll
[2011.03.03 13:41:14 | 000,241,752 | ---- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll
[2011.03.03 13:41:14 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SetDev.dll
[2011.03.03 13:41:14 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\VideoOp.dll
[2011.03.03 13:41:14 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FunFrm.dll
[2011.03.03 13:41:13 | 009,502,720 | ---- | C] () -- C:\WINDOWS\System32\FaceVerify.dll
[2011.03.03 13:41:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DevFilt.dll
[2011.03.03 13:41:12 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\PicNotify.dll
[2011.03.03 13:41:12 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Momo.dll
[2011.03.03 13:41:11 | 001,974,272 | ---- | C] () -- C:\WINDOWS\System32\Imagereog.dll
[2011.03.03 13:41:11 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\Apblend.dll
[2011.03.03 13:41:09 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll
[2011.03.03 13:34:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2011.03.03 13:27:27 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config

========== LOP Check ==========

[2011.03.03 15:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.LENOVO-IDEAPAD\Data aplikací\PC-Doctor, Inc
[2011.11.25 01:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Badoo
[2011.11.30 11:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\StepMania 5
[2011.03.03 14:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\VeriFace
[2011.03.03 15:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Data aplikací\PC-Doctor, Inc
[2011.03.03 15:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marie\Data aplikací\PC-Doctor, Inc
[2011.11.30 11:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marie\Data aplikací\StepMania 5

========== Purity Check ==========



========== Custom Scans ==========


< >

< >


< MD5 for: AGP440.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\I386\AUTOCHK.EXE
[2008.04.14 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe

< MD5 for: CDROM.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\I386\sp3.cab:cdrom.sys
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 13:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2008.04.14 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe

< MD5 for: HAL.DLL >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\I386\sp3.cab:hal.dll
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 13:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\I386\sp3.cab:Changer.sys
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\I386\sp3.cab:isapnp.sys
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 06:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\isapnp.sys

< MD5 for: LSASS.EXE >
[2008.04.14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 13:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2008.04.14 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
[2008.04.14 13:00:00 | 000,481,792 | ---- | M] (Microsoft Corporation) MD5=F209B5C79A87A9521DC0BD88B039EEE3 -- C:\I386\SYSTEM32\SMSS.EXE

< MD5 for: SVCHOST.EXE >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.14 13:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 13:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[19 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\system32\CatRoot\*.tmp files -> C:\WINDOWS\system32\CatRoot\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.03.07 16:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marie\Data aplikací\Adobe
[2011.03.07 13:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marie\Data aplikací\Avira
[2008.08.08 01:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marie\Data aplikací\Identities
[2011.03.03 13:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marie\Data aplikací\InstallShield
[2011.03.07 16:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marie\Data aplikací\Macromedia
[2011.03.07 13:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marie\Data aplikací\Malwarebytes
[2011.08.20 19:14:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Marie\Data aplikací\Microsoft
[2011.03.03 15:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marie\Data aplikací\Mozilla
[2011.03.03 15:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marie\Data aplikací\PC-Doctor, Inc
[2011.10.09 19:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marie\Data aplikací\Skype
[2011.11.30 11:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marie\Data aplikací\StepMania 5
[2012.02.25 00:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marie\Data aplikací\Sun

< %APPDATA%\*.exe /s >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008.08.08 03:30:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008.08.08 03:30:05 | 001,069,056 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008.08.08 03:30:05 | 000,487,424 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2012.02.25 00:43:03 | 000,001,324 | ---- | M] () -- C:\WINDOWS\system32\d3d9caps.dat
[2012.02.25 00:27:58 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\deployJava1.dll
[2012.02.25 00:27:58 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
[2012.02.25 00:27:58 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javacpl.cpl
[2012.02.25 00:27:58 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javaw.exe
[2012.02.25 00:27:58 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javaws.exe
[2012.02.25 00:27:18 | 000,115,486 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2012.02.25 00:27:18 | 000,098,046 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2012.02.25 00:27:18 | 000,498,794 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2012.02.25 00:27:18 | 000,504,238 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2012.02.25 00:27:18 | 001,233,114 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2012.02.22 21:19:35 | 000,001,170 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 13:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)
"Google Update" = "C:\Documents and Settings\Marie\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c -- [2011.03.07 16:32:37 | 000,136,176 | ---- | M] (Google Inc.)
"Badoo Desktop" = C:\Documents and Settings\All Users\Data aplikací\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe -- [2011.10.05 20:18:50 | 001,051,760 | ---- | M] (Badoo)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.02.25 10:36:26 | 000,000,512 | ---- | M] () MD5=54441E6233A574CEEE5A0711C91281EE -- C:\PhysicalMBR.bin

< >

< *crack* /s >

< *keygen* /s >

< *loader* /s >
[2008.04.14 13:00:00 | 000,017,421 | ---- | M] () -- \I386\DMLOADER.DL_
[2008.04.14 13:00:00 | 000,115,367 | ---- | M] () -- \I386\OSLOADER.EX_
[2008.04.14 13:00:00 | 000,133,029 | ---- | M] () -- \I386\OSLOADER.NT_
[2008.04.14 13:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[2011.12.09 12:40:31 | 000,047,568 | ---- | M] () -- \WINDOWS\Temp\AVSETUP_4f48a8cd\avwebloader.dll
[2011.12.09 12:40:31 | 000,234,448 | ---- | M] () -- \WINDOWS\Temp\AVSETUP_4f48a8cd\avwebloader.exe
[2011.12.09 12:40:32 | 001,715,152 | ---- | M] () -- \WINDOWS\Temp\AVSETUP_4f48a8cd\avwebloadergui.dll

< End of report >

OTL Extras logfile created on: 25.2.2012 10:30:16 - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Marie\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1014,36 Mb Total Physical Memory | 577,95 Mb Available Physical Memory | 56,98% Memory free
2,38 Gb Paging File | 2,03 Gb Available in Paging File | 85,01% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144,65 Gb Total Space | 101,99 Gb Free Space | 70,50% Space Free | Partition Type: NTFS

Computer Name: LENOVO-IDEAPAD | User Name: Marie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1159581433-68580018-2259586109-1006\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\StepMania\Program\StepMania-SSE2.exe" = C:\Program Files\StepMania\Program\StepMania-SSE2.exe:*:Disabled:StepMania
"C:\Program Files\StepMania\Program\StepMania.exe" = C:\Program Files\StepMania\Program\StepMania.exe:*:Enabled:StepMania


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{040FF9BD-17BE-427B-85DD-67694FB8F786}" = Badoo Desktop
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{239BB983-8A2D-4974-B780-2ADAE32752D5}" = Windows Live installer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52CC5969-BBBF-4752-ACCB-5E835F64AF72}" = Windows Live Fotogalerie
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{808E299D-B223-4B06-ACB7-68F3705D9EC6}" = Lenovo Quick Start
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom WLAN
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D10CB652-9332-4242-B7A9-2D61570144F7}" = Realtek Card Reader
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F62475E6-6F06-4D65-97D3-71D3CB696A1C}" = Windows Live Messenger
"{F870B987-18BC-45FC-9BE8-35C02DCDA10F}" = Broadcom Gigabit Integrated Controller
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CCleaner" = CCleaner
"HD Tune_is1" = HD Tune 2.55
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PokerStars" = PokerStars
"Revo Uninstaller" = Revo Uninstaller 1.91
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VeriFace III" = VeriFace III
"WheelMouse" = iWheelWorks 7.80
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1159581433-68580018-2259586109-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27.1.2012 20:04:42 | Computer Name = LENOVO-IDEAPAD | Source = Avira AntiVir | ID = 4109
Description =

Error - 27.1.2012 20:45:54 | Computer Name = LENOVO-IDEAPAD | Source = LoadPerf | ID = 3001
Description = Hodnota řetězce názvu čítače výkonu v registru je nesprávně naformátovaná.
Neplatný řetězec 11620, hodnota neplatného indexu je v prvním bajtu DWORD v datové
části. Poslední platná hodnota indexu je v druhém a třetím bajtu DWORD v datové
oblasti.

Error - 27.1.2012 20:45:54 | Computer Name = LENOVO-IDEAPAD | Source = LoadPerf | ID = 3001
Description = Hodnota řetězce názvu čítače výkonu v registru je nesprávně naformátovaná.
Neplatný řetězec 11620, hodnota neplatného indexu je v prvním bajtu DWORD v datové
části. Poslední platná hodnota indexu je v druhém a třetím bajtu DWORD v datové
oblasti.

Error - 27.1.2012 20:45:54 | Computer Name = LENOVO-IDEAPAD | Source = LoadPerf | ID = 3011
Description = Nezdařilo se uvolnění řetězců čítače výkonu pro WmiApRpl (WmiApRpl).
Kód chyby je v první hodnotě DWORD v datové oblasti.

Error - 27.1.2012 20:45:57 | Computer Name = LENOVO-IDEAPAD | Source = LoadPerf | ID = 3001
Description = Hodnota řetězce názvu čítače výkonu v registru je nesprávně naformátovaná.
Neplatný řetězec 11620, hodnota neplatného indexu je v prvním bajtu DWORD v datové
části. Poslední platná hodnota indexu je v druhém a třetím bajtu DWORD v datové
oblasti.

Error - 28.1.2012 9:30:08 | Computer Name = LENOVO-IDEAPAD | Source = LoadPerf | ID = 3001
Description = Hodnota řetězce názvu čítače výkonu v registru je nesprávně naformátovaná.
Neplatný řetězec 11620, hodnota neplatného indexu je v prvním bajtu DWORD v datové
části. Poslední platná hodnota indexu je v druhém a třetím bajtu DWORD v datové
oblasti.

Error - 28.1.2012 9:30:08 | Computer Name = LENOVO-IDEAPAD | Source = LoadPerf | ID = 3001
Description = Hodnota řetězce názvu čítače výkonu v registru je nesprávně naformátovaná.
Neplatný řetězec 11620, hodnota neplatného indexu je v prvním bajtu DWORD v datové
části. Poslední platná hodnota indexu je v druhém a třetím bajtu DWORD v datové
oblasti.

Error - 28.1.2012 9:30:08 | Computer Name = LENOVO-IDEAPAD | Source = LoadPerf | ID = 3011
Description = Nezdařilo se uvolnění řetězců čítače výkonu pro WmiApRpl (WmiApRpl).
Kód chyby je v první hodnotě DWORD v datové oblasti.

Error - 28.1.2012 9:30:11 | Computer Name = LENOVO-IDEAPAD | Source = LoadPerf | ID = 3001
Description = Hodnota řetězce názvu čítače výkonu v registru je nesprávně naformátovaná.
Neplatný řetězec 11620, hodnota neplatného indexu je v prvním bajtu DWORD v datové
části. Poslední platná hodnota indexu je v druhém a třetím bajtu DWORD v datové
oblasti.

Error - 28.1.2012 10:34:48 | Computer Name = LENOVO-IDEAPAD | Source = Avira AntiVir | ID = 4109
Description =

[ System Events ]
Error - 24.2.2012 19:43:09 | Computer Name = LENOVO-IDEAPAD | Source = Service Control Manager | ID = 7001
Description = Služba Podpora rozhraní NetBIOS nad protokolem TCP/IP závisí na službě
AFD, která neuspěla při spuštění v důsledku následující chyby: %%31

Error - 24.2.2012 19:43:09 | Computer Name = LENOVO-IDEAPAD | Source = Service Control Manager | ID = 7001
Description = Služba Služby IPSEC závisí na službě Ovladač IPSEC, která neuspěla
při spuštění v důsledku následující chyby: %%31

Error - 24.2.2012 19:43:09 | Computer Name = LENOVO-IDEAPAD | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 24.2.2012 19:43:27 | Computer Name = LENOVO-IDEAPAD | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 24.2.2012 19:43:33 | Computer Name = LENOVO-IDEAPAD | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby netman
s argumenty za účelem spuštění serveru: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 24.2.2012 19:44:14 | Computer Name = LENOVO-IDEAPAD | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby netman
s argumenty za účelem spuštění serveru: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 24.2.2012 19:44:19 | Computer Name = LENOVO-IDEAPAD | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 24.2.2012 19:45:05 | Computer Name = LENOVO-IDEAPAD | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 24.2.2012 19:45:30 | Computer Name = LENOVO-IDEAPAD | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 24.2.2012 19:46:46 | Computer Name = LENOVO-IDEAPAD | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

Znovu radeji najedte do nouzoveho rezimu a spustte OTL
Do spodniho okna vlozte nasledujici text Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.



Podivejte se do slozky C:\Program Files\ , jestli tam neni slozka Aviry. Pokud ano, smazte ji.


Stale instalacka pise, ze je tam stara verze? Jakou verzi jste tam mel predtim? Jde nainstalovat aspon ta?

All processes killed
========== OTL ==========
Service HidServ stopped successfully!
Service HidServ deleted successfully!
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ not found.
C:\Documents and Settings\Marie\Local Settings\Data aplikací\Google\Update\1.3.21.99\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ not found.
File C:\Documents and Settings\Marie\Local Settings\Data aplikací\Google\Update\1.3.21.99\npGoogleUpdate3.dll not found.
Registry key HKEY_USERS\S-1-5-21-1159581433-68580018-2259586109-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11B.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP127.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP149.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP167.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP23.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP29A.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2AF.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2B0.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP35.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP391.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3C5.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4C1.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP51.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP52.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5A1.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5B4.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP63.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA8.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF7.tmp folder deleted successfully.
C:\WINDOWS\system32\CatRoot\TMP2.tmp deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\Documents and Settings\Marie\Plocha\removaltool-win32-en.exe moved successfully.
File\Folder C:\Documents and Settings\Marie\Plocha\avira_free_antivirus_en.exe not found.
C:\Documents and Settings\Marie\Data aplikací\Avira\AntiVir Desktop folder moved successfully.
C:\Documents and Settings\Marie\Data aplikací\Avira folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Badoo Desktop not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: Administrator.LENOVO-IDEAPAD
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Marie
->Temp folder emptied: 846824 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 7007971 bytes
->Flash cache emptied: 357 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1233114 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 138337831 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 141,00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.LENOVO-IDEAPAD

User: All Users

User: Default User

User: LocalService

User: Marie
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.33.2 log created on 02252012_135749

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Bez výsledku, log je před touto zprávou. Pozn.: Vzdy jsem najel do nouzoveho rezimu uctu Administrator, ne druheho a v nem jsem provadel doporucene veci.

Nevím, jakou jsem mel verzi avira.
Nova stale pise po "Removing old instalation" nebo tak neco, ze odstranit stara nelze a ze to mam udelat rucne.
Vsechno na HD po vyhledani "avira" jsem smazal uz pred poslednim pouzitim OTL.
Dal jsem regedit a v nem je "avira" (mam to vymazat?):
http://apnmedia.ask.com/media/toolbar/s ... 14.1.0.exe ,

C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\

C:\Program Files\Avira\AntiVir Desktop\

C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

Software\Avira\AntiVir Desktop

http://apnmedia.ask.com/media/toolbar/s ... 14.1.0.exe

a několikrát na ruznych mistech:
adresar avira
a
C:\Documents and Settings\...\Plocha\avira_free_antivirus_en.exe

Budete to muset vsechno smazat

Kdyby tam sla nainstalovat ta starsi verze, mohla by se zkusit odinstalace treba pomoci ccleaneru, nebo jine utilitky. Nevim, jak jste ji odinstalovaval, ale asi se neco nezdarilo a zustalo tam po ni hodne smeti

Dalsi moznost je, dat tam misto Aviry treba Avast


Stahnete SytemLook http://jpshortstuff.247fixes.com/SystemLook.exe
Ulozte ho na plochu a spustte
Do okna zkopirujte tento skript kliknete na Look a chvili pockejte
Mel by na vas vyskocit log s nazvem Systemlook
Ten mi sem zkopirujte