VIRY.CZ

Zdravím, chtěl bych poprosit o pomoc při řešení problému s spomaleným NB, všechno se moc dlouho spouští, ukončuje, prohlížení čehokoliv je jak pro důchodce Taky když jej vypínám, vždy se musí čekat na ukončování programů na pozadí, jednoduše je celkově pomalý. Úpřimně nevím co se s ním dělo jelikož tenhle NB používají rodiče, ale dle historie prohlížeče bych to tipnul na pornostránky Každopádně přikládám log ze skenu u Aviry, a taky RSIT hned za tím..a samozřejmě prosbu o pomoc :s)



Avira AntiVir Personal
Report file date: 14. júna 2012 14:52

Scanning for 3835644 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : Kadlecovje
Computer name : KADLECOVJE-PC

Version information:
BUILD.DAT : 10.2.0.707 36070 Bytes 25. 1. 2012 13:11:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 16. 7. 2011 01:40:21
AVSCAN.DLL : 10.0.5.0 47464 Bytes 16. 7. 2011 01:40:21
LUKE.DLL : 10.3.0.5 45416 Bytes 16. 7. 2011 01:40:22
LUKERES.DLL : 10.0.0.1 12648 Bytes 10. 2. 2010 22:40:49
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 16. 7. 2011 01:40:22
AVREG.DLL : 10.3.0.9 88833 Bytes 16. 7. 2011 01:40:22
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6. 11. 2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14. 12. 2010 05:53:55
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20. 12. 2011 15:33:05
VBASE003.VDF : 7.11.21.238 4472832 Bytes 1. 2. 2012 09:56:18
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28. 3. 2012 06:14:27
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10. 5. 2012 10:27:01
VBASE006.VDF : 7.11.29.137 2048 Bytes 10. 5. 2012 10:27:01
VBASE007.VDF : 7.11.29.138 2048 Bytes 10. 5. 2012 10:27:01
VBASE008.VDF : 7.11.29.139 2048 Bytes 10. 5. 2012 10:27:01
VBASE009.VDF : 7.11.29.140 2048 Bytes 10. 5. 2012 10:27:01
VBASE010.VDF : 7.11.29.141 2048 Bytes 10. 5. 2012 10:27:01
VBASE011.VDF : 7.11.29.142 2048 Bytes 10. 5. 2012 10:27:01
VBASE012.VDF : 7.11.29.143 2048 Bytes 10. 5. 2012 10:27:01
VBASE013.VDF : 7.11.29.144 2048 Bytes 10. 5. 2012 10:27:01
VBASE014.VDF : 7.11.30.3 198144 Bytes 14. 5. 2012 09:08:34
VBASE015.VDF : 7.11.30.69 186368 Bytes 17. 5. 2012 08:28:00
VBASE016.VDF : 7.11.30.143 223744 Bytes 21. 5. 2012 12:40:21
VBASE017.VDF : 7.11.30.207 287744 Bytes 23. 5. 2012 08:37:00
VBASE018.VDF : 7.11.31.57 188416 Bytes 28. 5. 2012 06:38:26
VBASE019.VDF : 7.11.31.111 214528 Bytes 30. 5. 2012 06:38:27
VBASE020.VDF : 7.11.31.151 116736 Bytes 31. 5. 2012 18:18:06
VBASE021.VDF : 7.11.31.205 134144 Bytes 3. 6. 2012 16:39:37
VBASE022.VDF : 7.11.32.9 169472 Bytes 5. 6. 2012 15:30:01
VBASE023.VDF : 7.11.32.85 155648 Bytes 8. 6. 2012 13:35:12
VBASE024.VDF : 7.11.32.133 127488 Bytes 11. 6. 2012 09:29:38
VBASE025.VDF : 7.11.32.171 182784 Bytes 12. 6. 2012 09:29:39
VBASE026.VDF : 7.11.32.172 2048 Bytes 12. 6. 2012 09:29:39
VBASE027.VDF : 7.11.32.173 2048 Bytes 12. 6. 2012 09:29:39
VBASE028.VDF : 7.11.32.174 2048 Bytes 12. 6. 2012 09:29:39
VBASE029.VDF : 7.11.32.175 2048 Bytes 12. 6. 2012 09:29:39
VBASE030.VDF : 7.11.32.176 2048 Bytes 12. 6. 2012 09:29:39
VBASE031.VDF : 7.11.32.226 89600 Bytes 14. 6. 2012 11:41:50
Engineversion : 8.2.10.80
AEVDF.DLL : 8.1.2.8 106867 Bytes 1. 6. 2012 18:18:17
AESCRIPT.DLL : 8.1.4.24 450939 Bytes 1. 6. 2012 18:18:17
AESCN.DLL : 8.1.8.2 131444 Bytes 28. 1. 2012 04:10:57
AESBX.DLL : 8.2.5.10 606580 Bytes 31. 5. 2012 06:38:44
AERDL.DLL : 8.1.9.15 639348 Bytes 11. 9. 2011 16:12:24
AEPACK.DLL : 8.2.16.16 807288 Bytes 31. 5. 2012 06:38:42
AEOFFICE.DLL : 8.1.2.28 201082 Bytes 27. 4. 2012 09:58:16
AEHEUR.DLL : 8.1.4.36 4874615 Bytes 1. 6. 2012 18:18:16
AEHELP.DLL : 8.1.21.0 254326 Bytes 11. 5. 2012 10:27:03
AEGEN.DLL : 8.1.5.28 422260 Bytes 27. 4. 2012 09:58:05
AEEXP.DLL : 8.1.0.44 82293 Bytes 31. 5. 2012 06:38:45
AEEMU.DLL : 8.1.3.0 393589 Bytes 21. 4. 2011 05:53:14
AECORE.DLL : 8.1.25.10 201080 Bytes 1. 6. 2012 18:18:07
AEBB.DLL : 8.1.1.0 53618 Bytes 21. 4. 2011 05:53:14
AVWINLL.DLL : 10.0.0.0 19304 Bytes 21. 4. 2011 05:53:36
AVPREF.DLL : 10.0.3.2 44904 Bytes 16. 7. 2011 01:40:21
AVREP.DLL : 10.0.0.10 174120 Bytes 16. 7. 2011 01:40:22
AVARKT.DLL : 10.0.26.1 255336 Bytes 16. 7. 2011 01:40:21
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 16. 7. 2011 01:40:21
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17. 6. 2010 13:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 21. 4. 2011 05:53:36
NETNT.DLL : 10.0.0.0 11624 Bytes 21. 4. 2011 05:53:46
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 16. 7. 2011 01:40:21
RCTEXT.DLL : 10.0.64.0 97640 Bytes 16. 7. 2011 01:40:21

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: Default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Advanced

Start of the scan: 14. júna 2012 14:52

Starting search for hidden objects.
c:\adsm_pdata_0150\dragwait.exe
c:\adsm_pdata_0150\dragwait.exe
[NOTE] The file is not visible.
c:\adsm_pdata_0150\_avt
c:\adsm_pdata_0150\_avt
[NOTE] The file is not visible.
c:\adsm_pdata_0150\db\si.db
c:\adsm_pdata_0150\db\si.db
[NOTE] The file is not visible.
c:\adsm_pdata_0150\db\ul.db
c:\adsm_pdata_0150\db\ul.db
[NOTE] The file is not visible.
c:\adsm_pdata_0150\db\vl.db
c:\adsm_pdata_0150\db\vl.db
[NOTE] The file is not visible.
c:\adsm_pdata_0150\db\wal.db
c:\adsm_pdata_0150\db\wal.db
[NOTE] The file is not visible.
c:\adsm_pdata_0150
c:\adsm_pdata_0150
[NOTE] The directory is not visible.
c:\adsm_pdata_0150\db
c:\adsm_pdata_0150\db
[NOTE] The directory is not visible.

The scan of running processes will be started
Scan process 'avscan.exe' - '68' Module(s) have been scanned
Scan process 'avcenter.exe' - '105' Module(s) have been scanned
Scan process 'AsScrPro.exe' - '32' Module(s) have been scanned
Scan process 'ADSMTray.exe' - '24' Module(s) have been scanned
Scan process 'spmgr.exe' - '40' Module(s) have been scanned
Scan process 'ADSMSrv.exe' - '20' Module(s) have been scanned
Scan process 'ControlDeck.exe' - '86' Module(s) have been scanned
Scan process 'BluetoothHeadsetProxy.exe' - '19' Module(s) have been scanned
Scan process 'WDC.exe' - '29' Module(s) have been scanned
Scan process 'ATKOSD.exe' - '18' Module(s) have been scanned
Scan process 'CNMNSST.exe' - '36' Module(s) have been scanned
Scan process 'CNSEMAIN.EXE' - '53' Module(s) have been scanned
Scan process 'brs.exe' - '23' Module(s) have been scanned
Scan process 'PDVD9Serv.exe' - '28' Module(s) have been scanned
Scan process 'Updater.exe' - '33' Module(s) have been scanned
Scan process 'avgnt.exe' - '60' Module(s) have been scanned
Scan process 'wcourier.exe' - '39' Module(s) have been scanned
Scan process 'HControlUser.exe' - '18' Module(s) have been scanned
Scan process 'DMedia.exe' - '26' Module(s) have been scanned
Scan process 'sensorsrv.exe' - '28' Module(s) have been scanned
Scan process 'ATKOSD2.exe' - '29' Module(s) have been scanned
Scan process 'Net4Switch.exe' - '99' Module(s) have been scanned
Scan process 'ALU.exe' - '51' Module(s) have been scanned
Scan process 'IJPLMSVC.EXE' - '22' Module(s) have been scanned
Scan process 'HControl.exe' - '48' Module(s) have been scanned
Scan process 'avguard.exe' - '75' Module(s) have been scanned
Scan process 'sched.exe' - '48' Module(s) have been scanned
Scan process 'GFNEXSrv.exe' - '10' Module(s) have been scanned
Scan process 'ASLDRSrv.exe' - '21' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '203' files ).


Starting the file scan:

Begin scan in 'C:\'


End of the scan: 14. júna 2012 15:44
Used time: 51:36 Minute(s)

The scan has been done completely.

18307 Scanned directories
281362 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
281362 Files not concerned
1910 Archives were scanned
0 Warnings
8 Notes
445459 Objects were scanned with rootkit scan
8 Hidden objects were found

RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Kadlecovje at 2012-06-14 15:56:09
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 431 GB (90%) free of 477 GB
Total RAM: 2814 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:56:17, on 14. 6. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\Kadlecovje.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9768 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Windows\system32\FBAgent.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
C:\Windows\System32\spoolsv.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE" /logon
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
taskeng.exe {CD0EB362-0FBC-4E74-AEA1-3AA5696ADE46}
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe"
"C:\Program Files (x86)\ASUS\Net4Switch\Net4Switch.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_00000790
\??\C:\Windows\system32\conhost.exe "1819824666-11669187481871695939658858187-1266201943-1035903269455325200585406006
taskeng.exe {DFDE5BDA-7913-4AB6-BB8E-67AFF1BA8CD0}
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"C:\Program Files\P4G\BatteryLife.exe"
"C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe"
"C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe"
"C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe" /f=srs_premium_sound_nopreset.zip /h
"C:\Windows\SysWOW64\ACEngSvr.exe" -Embedding
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
"C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
"C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
"C:\Program Files (x86)\CyberLink\Shared Files\brs.exe"
"C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" /logon
"C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" /FORCE
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
C:\Windows\splwow64.exe 8192
C:\Windows\system32\wbem\wmiprvse.exe
ATKOSD.exe
WDC.exe
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
"C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe"
"C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe"
"C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe"
"C:\Windows\AsScrPro.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=4308.c9bff30.748327611 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll" E7CF176E110C211B -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" 4308 "\\.\pipe\gecko-crash-server-pipe.4308" plugin
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe10_ Global\UsGthrCtrlFltPipeMssGthrPipe10 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Users\Kadlecovje\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Kadlecovje\AppData\Roaming\Mozilla\Firefox\Profiles\u4e7anbm.default

prefs.js - "browser.startup.homepage" - "www.gogle.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Users\Kadlecovje\AppData\Roaming\Mozilla\Firefox\Profiles\u4e7anbm.default\extensions\
toolbar@ask.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08 202144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Avira SearchFree Toolbar plus Web Protection - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-11-21 1515688]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Avira SearchFree Toolbar plus Web Protection - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-11-21 1515688]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08 1619352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2010-06-10 649608]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2011-04-07 2779024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-12-03 35184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe [2009-06-24 272952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2011-07-13 3058304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-04-13 10144288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-10-13 17351304]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-09-21 98304]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2010-10-07 170624]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"Wireless Console 3"=C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-09-23 1601536]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2011-04-21 281768]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
""= []
"ApnUpdater"=C:\Program Files (x86)\Ask.com\Updater\Updater.exe [2011-09-08 888488]
"RemoteControl9"=C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-07-06 87336]
"BDRegion"=C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [2011-03-01 75048]
"CanonSolutionMenuEx"=C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [2011-03-28 1611160]
"IJNetworkScannerSelectorEX"=C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [2011-01-15 452016]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
FancyStart daemon.lnk - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
SRS Premium Sound.lnk - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-06-14 15:56:10 ----D---- C:\Program Files\trend micro
2012-06-14 15:56:09 ----D---- C:\rsit
2012-06-03 20:43:34 ----A---- C:\Windows\IsUninst.exe

======List of files/folders modified in the last 1 month======

2012-06-14 15:56:10 ----RD---- C:\Program Files
2012-06-14 15:56:10 ----D---- C:\Windows\Temp
2012-06-14 15:47:04 ----D---- C:\Users\Kadlecovje\AppData\Roaming\Winamp
2012-06-14 15:47:04 ----D---- C:\Users\Kadlecovje\AppData\Roaming\DAEMON Tools Lite
2012-06-14 15:47:02 ----D---- C:\Windows\inf
2012-06-14 15:47:02 ----D---- C:\Windows
2012-06-14 15:27:19 ----D---- C:\Windows\system32\Tasks
2012-06-14 15:25:03 ----SHD---- C:\System Volume Information
2012-06-14 14:40:51 ----D---- C:\Windows\system32\config
2012-06-14 14:23:43 ----D---- C:\ProgramData\CanonIJPLM
2012-06-14 11:47:18 ----D---- C:\Windows\system32\catroot
2012-06-14 11:46:55 ----D---- C:\Windows\system32\catroot2
2012-06-14 11:46:26 ----D---- C:\Windows\winsxs
2012-06-06 22:18:43 ----D---- C:\Windows\System32
2012-06-06 22:18:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-06-04 22:23:22 ----RD---- C:\Program Files (x86)
2012-06-04 22:23:22 ----D---- C:\Program Files (x86)\Common Files
2012-06-04 22:00:30 ----D---- C:\Windows\Minidump
2012-05-15 10:33:15 ----D---- C:\Windows\Microsoft.NET
2012-05-15 10:32:43 ----RSD---- C:\Windows\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AsDsm;AsDsm; C:\Windows\system32\drivers\AsDsm.sys [2011-07-13 35384]
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-05 16440]
R0 lullaby;lullaby; C:\Windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-05-01 530488]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2011-07-16 123784]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/07/16 18:06:17]; \??\C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2009-02-28 146928]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2011-07-16 88288]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 17464]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-09-22 7883264]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-09-22 285696]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2010-03-02 1594368]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-04-08 124944]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btusbflt;Bluetooth USB Filter; C:\Windows\system32\drivers\btusbflt.sys [2009-12-14 53800]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-01-15 98344]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-01-15 132648]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-01-15 21288]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2010-09-08 129024]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-04-13 2345760]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2009-08-18 143472]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits); C:\Windows\system32\DRIVERS\JME.sys [2010-10-12 131552]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2009-05-13 15928]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-06-05 1806400]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 a8gkmhnq;a8gkmhnq; C:\Windows\system32\drivers\a8gkmhnq.sys []
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 ipswuio;ipswuio; C:\Windows\System32\DRIVERS\ipswuio.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-23 154168]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2010-09-30 377264]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-09-22 203264]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-07-16 269480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-12-15 96896]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-03-11 873248]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2011-02-07 138192]
R3 ADSMService;ADSM Service; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2008-03-31 225280]
R3 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-13 129976]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-07-16 1255736]
S4 AntiVirWebService;Avira AntiVir WebGuard; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-07-16 428200]

-----------------EOF-----------------

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Program Files (x86)\Ask.com

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"=-

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC.

All processes killed
========== FILES ==========
C:\Program Files (x86)\Ask.com\Updater folder moved successfully.
C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
C:\Program Files (x86)\Ask.com\assets folder moved successfully.
C:\Program Files (x86)\Ask.com folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kadlecovje
->Temp folder emptied: 3658782 bytes
->Temporary Internet Files folder emptied: 213126 bytes
->FireFox cache emptied: 62510344 bytes
->Flash cache emptied: 492 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1440 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36030764 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 98,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Kadlecovje
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 06142012_184458

Files moved on Reboot...
C:\Users\Kadlecovje\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Vše smazáno. Nastala nějaká změna?

Jo, jde to mnohem líp, děkuju moc Kdybych Vás hezky poprosil neskontroloval by jste mi prosím preventivně i můj PC? Dost často totiž mezi těmito dvěma stroji přesouvám některý věci, tak bych byl nerad kdyby jsem si sem natáhnul něco z toho bordelu co tam byl.

OK. Dejte log.

AVIRA:



Avira Free Antivirus
Report file date: 14. júna 2012 14:53

Scanning for 3835644 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Microsoft Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Ivan
Computer name : IVAN-E7371C4634

Version information:
BUILD.DAT : 12.0.0.1125 41829 Bytes 2.5.2012 17:40:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 8.5.2012 18:43:14
AVSCAN.DLL : 12.3.0.15 54736 Bytes 8.5.2012 18:43:14
LUKE.DLL : 12.3.0.15 68304 Bytes 8.5.2012 18:43:18
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 8.5.2012 18:43:20
AVREG.DLL : 12.3.0.17 232200 Bytes 11.5.2012 15:22:37
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6.11.2009 04:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 19:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 14:37:11
VBASE003.VDF : 7.11.21.238 4472832 Bytes 1.2.2012 14:40:13
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.3.2012 19:31:03
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.5.2012 15:22:22
VBASE006.VDF : 7.11.29.137 2048 Bytes 10.5.2012 15:22:22
VBASE007.VDF : 7.11.29.138 2048 Bytes 10.5.2012 15:22:22
VBASE008.VDF : 7.11.29.139 2048 Bytes 10.5.2012 15:22:22
VBASE009.VDF : 7.11.29.140 2048 Bytes 10.5.2012 15:22:22
VBASE010.VDF : 7.11.29.141 2048 Bytes 10.5.2012 15:22:23
VBASE011.VDF : 7.11.29.142 2048 Bytes 10.5.2012 15:22:23
VBASE012.VDF : 7.11.29.143 2048 Bytes 10.5.2012 15:22:23
VBASE013.VDF : 7.11.29.144 2048 Bytes 10.5.2012 15:22:23
VBASE014.VDF : 7.11.30.3 198144 Bytes 14.5.2012 15:22:18
VBASE015.VDF : 7.11.30.69 186368 Bytes 17.5.2012 16:39:31
VBASE016.VDF : 7.11.30.143 223744 Bytes 21.5.2012 17:53:20
VBASE017.VDF : 7.11.30.207 287744 Bytes 23.5.2012 17:53:28
VBASE018.VDF : 7.11.31.57 188416 Bytes 28.5.2012 08:26:41
VBASE019.VDF : 7.11.31.111 214528 Bytes 30.5.2012 08:59:58
VBASE020.VDF : 7.11.31.151 116736 Bytes 31.5.2012 08:59:52
VBASE021.VDF : 7.11.31.205 134144 Bytes 3.6.2012 08:59:52
VBASE022.VDF : 7.11.32.9 169472 Bytes 5.6.2012 11:24:29
VBASE023.VDF : 7.11.32.85 155648 Bytes 8.6.2012 11:24:29
VBASE024.VDF : 7.11.32.133 127488 Bytes 11.6.2012 11:24:30
VBASE025.VDF : 7.11.32.171 182784 Bytes 12.6.2012 11:24:32
VBASE026.VDF : 7.11.32.172 2048 Bytes 12.6.2012 11:24:32
VBASE027.VDF : 7.11.32.173 2048 Bytes 12.6.2012 11:24:32
VBASE028.VDF : 7.11.32.174 2048 Bytes 12.6.2012 11:24:32
VBASE029.VDF : 7.11.32.175 2048 Bytes 12.6.2012 11:24:32
VBASE030.VDF : 7.11.32.176 2048 Bytes 12.6.2012 11:24:32
VBASE031.VDF : 7.11.32.226 89600 Bytes 14.6.2012 11:24:32
Engine version : 8.2.10.80
AEVDF.DLL : 8.1.2.8 106867 Bytes 2.6.2012 08:59:50
AESCRIPT.DLL : 8.1.4.24 450939 Bytes 1.6.2012 09:00:17
AESCN.DLL : 8.1.8.2 131444 Bytes 13.2.2012 14:41:18
AESBX.DLL : 8.2.5.10 606580 Bytes 30.5.2012 09:00:47
AERDL.DLL : 8.1.9.15 639348 Bytes 9.9.2011 07:16:06
AEPACK.DLL : 8.2.16.16 807288 Bytes 30.5.2012 09:00:39
AEOFFICE.DLL : 8.1.2.28 201082 Bytes 26.4.2012 20:03:08
AEHEUR.DLL : 8.1.4.36 4874615 Bytes 1.6.2012 09:00:12
AEHELP.DLL : 8.1.21.0 254326 Bytes 11.5.2012 15:22:25
AEGEN.DLL : 8.1.5.28 422260 Bytes 26.4.2012 20:02:58
AEEXP.DLL : 8.1.0.44 82293 Bytes 30.5.2012 09:00:47
AEEMU.DLL : 8.1.3.0 393589 Bytes 2.9.2011 07:46:01
AECORE.DLL : 8.1.25.10 201080 Bytes 1.6.2012 08:59:55
AEBB.DLL : 8.1.1.0 53618 Bytes 2.9.2011 07:46:01
AVWINLL.DLL : 12.3.0.15 27344 Bytes 8.5.2012 18:43:12
AVPREF.DLL : 12.3.0.15 51920 Bytes 8.5.2012 18:43:14
AVREP.DLL : 12.3.0.15 179208 Bytes 8.5.2012 18:43:19
AVARKT.DLL : 12.3.0.15 211408 Bytes 8.5.2012 18:43:13
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 8.5.2012 18:43:14
SQLITE3.DLL : 3.7.0.1 398288 Bytes 8.5.2012 18:43:19
AVSMTP.DLL : 12.3.0.15 63440 Bytes 8.5.2012 18:43:14
NETNT.DLL : 12.3.0.15 17104 Bytes 8.5.2012 18:43:18
RCIMAGE.DLL : 12.3.0.15 4450000 Bytes 8.5.2012 18:43:12
RCTEXT.DLL : 12.3.0.15 96720 Bytes 8.5.2012 18:43:12

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: 14. júna 2012 14:53

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'rsmsink.exe' - '27' Module(s) have been scanned
Scan process 'msdtc.exe' - '39' Module(s) have been scanned
Scan process 'dllhost.exe' - '58' Module(s) have been scanned
Scan process 'dllhost.exe' - '44' Module(s) have been scanned
Scan process 'vssvc.exe' - '47' Module(s) have been scanned
Scan process 'avscan.exe' - '72' Module(s) have been scanned
Scan process 'avcenter.exe' - '104' Module(s) have been scanned
Scan process 'plugin-container.exe' - '67' Module(s) have been scanned
Scan process 'firefox.exe' - '87' Module(s) have been scanned
Scan process 'winamp.exe' - '158' Module(s) have been scanned
Scan process 'CNSEUPDT.EXE' - '40' Module(s) have been scanned
Scan process 'alg.exe' - '32' Module(s) have been scanned
Scan process 'avshadow.exe' - '25' Module(s) have been scanned
Scan process 'reinstall_svc.exe' - '21' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '14' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '28' Module(s) have been scanned
Scan process 'ccc.exe' - '103' Module(s) have been scanned
Scan process 'TestDDCCI.exe' - '38' Module(s) have been scanned
Scan process 'TMMonitor.exe' - '78' Module(s) have been scanned
Scan process 'OAhlp.exe' - '41' Module(s) have been scanned
Scan process 'IJPLMSVC.EXE' - '27' Module(s) have been scanned
Scan process 'EasySetPackage.exe' - '37' Module(s) have been scanned
Scan process 'avguard.exe' - '61' Module(s) have been scanned
Scan process 'ACService.exe' - '19' Module(s) have been scanned
Scan process 'ctfmon.exe' - '34' Module(s) have been scanned
Scan process 'SASCORE.EXE' - '16' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '76' Module(s) have been scanned
Scan process 'OAui.exe' - '47' Module(s) have been scanned
Scan process 'avgnt.exe' - '73' Module(s) have been scanned
Scan process 'CNMNSST.exe' - '34' Module(s) have been scanned
Scan process 'CNSEMAIN.EXE' - '64' Module(s) have been scanned
Scan process 'BJMyPrt.exe' - '31' Module(s) have been scanned
Scan process 'MOM.exe' - '64' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '46' Module(s) have been scanned
Scan process 'issch.exe' - '28' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'sched.exe' - '37' Module(s) have been scanned
Scan process 'spoolsv.exe' - '66' Module(s) have been scanned
Scan process 'Explorer.EXE' - '94' Module(s) have been scanned
Scan process 'oasrv.exe' - '51' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '35' Module(s) have been scanned
Scan process 'OAcat.exe' - '24' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '165' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '50' Module(s) have been scanned
Scan process 'lsass.exe' - '57' Module(s) have been scanned
Scan process 'services.exe' - '35' Module(s) have been scanned
Scan process 'winlogon.exe' - '74' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry).
C:\Program Files\SpeedFan\uninstall.exe
[WARNING] Invalid end of file
The registry was scanned ( '3536' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Ivan\Desktop\Orange_doklad_FR_20120520_CN0037010592_15624.zip
[WARNING] The file is password protected
C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0000f7
[WARNING] Invalid end of file
C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000101
[WARNING] Invalid end of file
C:\Documents and Settings\Ivan\My Documents\Preberanie\avira_free_antivirus_en.exe
[WARNING] The file is password protected
C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool-1.bin
[WARNING] Error multiple volume
C:\Program Files\SpeedFan\uninstall.exe
[WARNING] Invalid end of file
Begin scan in 'D:\'
D:\Program Files\SpeedFan\uninstall.exe
[WARNING] Invalid end of file
D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
[WARNING] Invalid end of file
Begin scan in 'E:\' <zaloha>
E:\MY DOCUMENTS\MT záloha\Sony Ericsson K600i\hry\java games\racingfeverdeluxe.jar
[WARNING] Invalid end of file
E:\MY DOCUMENTS\My Games\2D\WOG.part1.rar
[WARNING] The archive is password protected
E:\MY DOCUMENTS\My Games\2D\WOG.part2.rar
[WARNING] The archive is password protected
E:\MY DOCUMENTS\My Games\2D\Wog\WOG.part1.rar
[WARNING] The archive is password protected
E:\MY DOCUMENTS\My Games\2D\Wog\WOG.part2.rar
[WARNING] The archive is password protected
E:\MY DOCUMENTS\Stuff\New instal\SpywareTerminator_Setup.exe
[WARNING] Invalid end of file
E:\MY DOCUMENTS\Stuff\New instal\NERO NOVY 9\Nero 9.0.9.4b CZ+seriall_by_BustedBoy.rar
[WARNING] The file is password protected


End of the scan: 14. júna 2012 16:46
Used time: 1:53:14 Hour(s)

The scan has been done completely.

17144 Scanned directories
540997 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
540997 Files not concerned
13735 Archives were scanned
16 Warnings
0 Notes
404696 Objects were scanned with rootkit scan
0 Hidden objects were found

RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Ivan at 2012-06-14 21:18:43
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 93 GB (71%) free of 131 GB
Total RAM: 2046 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:18:54, on 14.6.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Online Armor\OAcat.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Online Armor\OAui.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\LG Soft India\EasySetPackage\bin\EasySetPackage.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Program Files\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Ivan\Desktop\RSIT.exe
C:\Program Files\trend micro\Ivan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Online Armor\OAui.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: EasySetPackage.lnk = ?
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1273EFA-CCED-4589-BD26-4A982EE730C2}: NameServer = 195.168.1.2,195.168.1.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Online Armor\OAcat.exe
O23 - Service: Acronis OS Selector activator (OS Selector) - Unknown owner - C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Online Armor\oasrv.exe

--
End of file - 9160 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\hprvth93.default

prefs.js - "browser.startup.homepage" - "www.google.com"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
NPOFF12.DLL
nppdf32.dll
npwachk.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17 3855520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-04-13 69632]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2011-12-06 20065384]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2011-04-07 2565520]
"CanonSolutionMenuEx"=C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [2011-03-28 1611160]
"IJNetworkScannerSelectorEX"=C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [2011-01-16 452016]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2012-05-08 348624]
"@OnlineArmor GUI"=C:\Program Files\Online Armor\OAui.exe [2012-06-01 2346592]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2012-05-31 3905920]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared Files\brs.exe [2009-03-01 75048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [2008-10-14 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-02-16 87336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2012-02-01 17147528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2011-12-09 74752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Philips SA52XX Device Manager.lnk]
C:\PROGRA~1\Philips\SA52XX~1\SA52XX~1.EXE [2009-01-16 1384448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
EasySetPackage.lnk - C:\Program Files\LG Soft India\EasySetPackage\bin\EasySetPackage.exe
TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe

C:\Documents and Settings\Ivan\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04 551296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-12-06 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\ONLINE~2\oaevent.dll [2012-06-01 361800]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-19 113024]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe"="C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe:LocalSubNet:Enabled:ArcSoft TotalMedia 3.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe"="C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe:*:Enabled:FlatOut Ultimate Carnage"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.ACDV"=ACDV.dll

======List of files/folders created in the last 1 month======

2012-06-14 14:53:17 ----D---- C:\WINDOWS\system32\NtmsData
2012-06-13 07:02:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2707511$
2012-06-13 07:00:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2699988$
2012-06-13 06:58:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2685939$
2012-06-13 06:56:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2709162$
2012-06-07 20:46:23 ----D---- C:\Documents and Settings\Ivan\Application Data\Google
2012-06-07 20:44:25 ----D---- C:\Program Files\Google
2012-06-04 23:55:37 ----A---- C:\WINDOWS\imsins.BAK
2012-06-04 23:55:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2718704$
2012-06-02 21:52:51 ----HD---- C:\WINDOWS\PIF
2012-05-31 18:25:21 ----A---- C:\WINDOWS\mafosav.INI
2012-05-31 16:56:31 ----D---- C:\Documents and Settings\Ivan\Application Data\Philips
2012-05-29 22:39:26 ----A---- C:\WINDOWS\system32\drivers\vtcdrv.sys
2012-05-29 22:39:21 ----D---- C:\Program Files\Philips
2012-05-23 16:36:32 ----HD---- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
2012-05-16 21:05:54 ----A---- C:\WINDOWS\system32\ptpusb.dll
2012-05-16 21:05:54 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2012-05-16 21:05:53 ----A---- C:\WINDOWS\system32\ptpusd.dll

======List of files/folders modified in the last 1 month======

2012-06-14 21:18:50 ----D---- C:\WINDOWS\temp
2012-06-14 21:18:49 ----D---- C:\WINDOWS\Prefetch
2012-06-14 21:18:47 ----D---- C:\Program Files\trend micro
2012-06-14 18:07:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-06-14 15:42:35 ----SHD---- C:\System Volume Information
2012-06-14 14:53:23 ----HD---- C:\WINDOWS\inf
2012-06-14 14:53:22 ----D---- C:\WINDOWS\system32\CatRoot2
2012-06-14 14:53:17 ----D---- C:\WINDOWS\system32
2012-06-14 14:53:17 ----D---- C:\WINDOWS\repair
2012-06-14 14:53:06 ----D---- C:\WINDOWS\Registration
2012-06-14 14:50:25 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2012-06-13 17:49:13 ----SHD---- C:\WINDOWS\Installer
2012-06-13 12:10:00 ----D---- C:\WINDOWS\Microsoft.NET
2012-06-13 12:09:58 ----RSD---- C:\WINDOWS\assembly
2012-06-13 11:52:31 ----D---- C:\WINDOWS
2012-06-13 07:02:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-06-13 07:02:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-06-13 07:02:13 ----D---- C:\WINDOWS\WinSxS
2012-06-13 06:58:57 ----D---- C:\WINDOWS\Debug
2012-06-13 06:58:53 ----A---- C:\WINDOWS\system32\MRT.exe
2012-06-13 06:58:45 ----D---- C:\WINDOWS\system32\drivers
2012-06-13 06:58:43 ----HD---- C:\WINDOWS\$hf_mig$
2012-06-11 20:34:17 ----A---- C:\WINDOWS\wincmd.ini
2012-06-09 18:31:27 ----D---- C:\Documents and Settings\Ivan\Application Data\uTorrent
2012-06-08 18:56:00 ----SD---- C:\Documents and Settings\Ivan\Application Data\Microsoft
2012-06-08 18:51:12 ----D---- C:\Program Files\Mozilla Firefox
2012-06-07 23:34:29 ----D---- C:\WINDOWS\system32\config
2012-06-07 20:46:22 ----RD---- C:\Program Files
2012-06-07 20:44:28 ----SD---- C:\WINDOWS\Tasks
2012-06-05 10:43:33 ----RASH---- C:\boot.ini
2012-06-05 10:43:33 ----A---- C:\WINDOWS\win.ini
2012-06-05 10:43:33 ----A---- C:\WINDOWS\system.ini
2012-06-05 10:43:32 ----D---- C:\WINDOWS\pss
2012-06-04 10:49:17 ----D---- C:\Program Files\Online Armor
2012-06-01 05:16:38 ----HD---- C:\Program Files\InstallShield Installation Information
2012-05-31 22:49:44 ----D---- C:\Documents and Settings\Ivan\Application Data\Winamp
2012-05-31 18:37:52 ----D---- C:\Program Files\Microsoft Games
2012-05-31 17:07:59 ----D---- C:\Program Files\Common Files
2012-05-31 15:22:09 ----A---- C:\WINDOWS\system32\crypt32.dll
2012-05-31 09:32:16 ----D---- C:\Program Files\SUPERAntiSpyware
2012-05-29 22:35:41 ----D---- C:\WINDOWS\system32\ReinstallBackups
2012-05-29 22:33:29 ----D---- C:\WINDOWS\system32\wbem
2012-05-29 22:32:44 ----D---- C:\WINDOWS\system32\Restore
2012-05-29 09:23:18 ----D---- C:\Program Files\uTorrent
2012-05-20 23:51:44 ----D---- C:\WINDOWS\security
2012-05-16 09:58:35 ----A---- C:\WINDOWS\system32\wininet.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2012-02-14 170080]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2011-03-18 25240]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2012-02-13 685816]
R1 archlp;archlp; C:\WINDOWS\system32\drivers\archlp.sys [2009-02-20 127744]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-05-08 137928]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2011-09-16 36000]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys []
R1 oahlpXX;Online Armor helper driver; \??\C:\WINDOWS\system32\drivers\oahlp32.sys []
R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys []
R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-18 28520]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2012/02/13 08:14:55]; \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2012-05-08 83392]
R3 AF9035HB;AF9035 Hybrid Device; C:\WINDOWS\System32\Drivers\AF9035HB.sys [2012-02-13 855808]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-11 18688]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-12-06 7490560]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-21 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-12-14 7069288]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2011-12-09 327400]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 avifea95;avifea95; C:\WINDOWS\system32\drivers\avifea95.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Ivan\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 LGDDCDevice;LGDDCDevice; \??\C:\WINDOWS\system32\LGI2CDriver.sys []
S3 LGII2CDevice;LGII2CDevice; \??\C:\WINDOWS\system32\LGPII2CDriver.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vtcdrv;Philips SA52xx Recovery Device; C:\WINDOWS\System32\Drivers\vtcdrv.sys [2008-05-09 18560]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-12 116608]
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2012-05-08 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-12-06 643072]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2011-02-07 138192]
R2 OAcat;Online Armor Helper Service; C:\Program Files\Online Armor\OAcat.exe [2012-06-01 210920]
R2 OS Selector;Acronis OS Selector activator; C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-05-26 2139400]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 SvcOnlineArmor;Online Armor; C:\Program Files\Online Armor\oasrv.exe [2012-06-01 4382968]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-06-03 593920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-07 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-02-01 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-30 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-07 116648]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-30 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-08 129976]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-27 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-30 132096]

-----------------EOF-----------------

Totéž, jako v předchozím případě (OTM). Zkopírujte do levého okna:

:files
C:\Program Files\Skype\Toolbars
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

OTM:
All processes killed
========== FILES ==========
C:\Program Files\Skype\Toolbars\Skype for Chromium folder moved successfully.
C:\Program Files\Skype\Toolbars\Shared folder moved successfully.
C:\Program Files\Skype\Toolbars\Internet Explorer folder moved successfully.
C:\Program Files\Skype\Toolbars folder moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Ivan
->Temp folder emptied: 309506209 bytes
->Temporary Internet Files folder emptied: 273743 bytes
->FireFox cache emptied: 1111487482 bytes
->Flash cache emptied: 8216779 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2176856 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 151967 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 231253035 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1 586,00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: Ivan
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 06142012_214739

Files moved on Reboot...

Registry entries deleted on Reboot...

RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Ivan at 2012-06-14 21:56:13
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 95 GB (72%) free of 131 GB
Total RAM: 2046 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:56:19, on 14.6.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Online Armor\OAcat.exe
C:\Program Files\Online Armor\oasrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\notepad.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Online Armor\OAui.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LG Soft India\EasySetPackage\bin\EasySetPackage.exe
C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Ivan\Desktop\RSIT.exe
C:\Program Files\trend micro\Ivan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Online Armor\OAui.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: EasySetPackage.lnk = ?
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1273EFA-CCED-4589-BD26-4A982EE730C2}: NameServer = 195.168.1.2,195.168.1.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Online Armor\OAcat.exe
O23 - Service: Acronis OS Selector activator (OS Selector) - Unknown owner - C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Online Armor\oasrv.exe

--
End of file - 9214 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\hprvth93.default

prefs.js - "browser.startup.homepage" - "www.google.com"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
NPOFF12.DLL
nppdf32.dll
npwachk.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-04-13 69632]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2011-12-06 20065384]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2011-04-07 2565520]
"CanonSolutionMenuEx"=C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [2011-03-28 1611160]
"IJNetworkScannerSelectorEX"=C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [2011-01-16 452016]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2012-05-08 348624]
"@OnlineArmor GUI"=C:\Program Files\Online Armor\OAui.exe [2012-06-01 2346592]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2012-05-31 3905920]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared Files\brs.exe [2009-03-01 75048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [2008-10-14 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-02-16 87336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2012-02-01 17147528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2011-12-09 74752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Philips SA52XX Device Manager.lnk]
C:\PROGRA~1\Philips\SA52XX~1\SA52XX~1.EXE [2009-01-16 1384448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
EasySetPackage.lnk - C:\Program Files\LG Soft India\EasySetPackage\bin\EasySetPackage.exe
TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe

C:\Documents and Settings\Ivan\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04 551296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-12-06 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\ONLINE~2\oaevent.dll [2012-06-01 361800]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-19 113024]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe"="C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe:LocalSubNet:Enabled:ArcSoft TotalMedia 3.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe"="C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe:*:Enabled:FlatOut Ultimate Carnage"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.ACDV"=ACDV.dll

======List of files/folders created in the last 1 month======

2012-06-14 21:47:39 ----D---- C:\_OTM
2012-06-14 14:53:17 ----D---- C:\WINDOWS\system32\NtmsData
2012-06-13 07:02:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2707511$
2012-06-13 07:00:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2699988$
2012-06-13 06:58:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2685939$
2012-06-13 06:56:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2709162$
2012-06-07 20:46:23 ----D---- C:\Documents and Settings\Ivan\Application Data\Google
2012-06-07 20:44:25 ----D---- C:\Program Files\Google
2012-06-04 23:55:37 ----A---- C:\WINDOWS\imsins.BAK
2012-06-04 23:55:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2718704$
2012-06-02 21:52:51 ----HD---- C:\WINDOWS\PIF
2012-05-31 18:25:21 ----A---- C:\WINDOWS\mafosav.INI
2012-05-31 16:56:31 ----D---- C:\Documents and Settings\Ivan\Application Data\Philips
2012-05-29 22:39:26 ----A---- C:\WINDOWS\system32\drivers\vtcdrv.sys
2012-05-29 22:39:21 ----D---- C:\Program Files\Philips
2012-05-23 16:36:32 ----HD---- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
2012-05-16 21:05:54 ----A---- C:\WINDOWS\system32\ptpusb.dll
2012-05-16 21:05:54 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2012-05-16 21:05:53 ----A---- C:\WINDOWS\system32\ptpusd.dll

======List of files/folders modified in the last 1 month======

2012-06-14 21:56:17 ----D---- C:\WINDOWS\temp
2012-06-14 21:56:17 ----D---- C:\Program Files\trend micro
2012-06-14 21:54:27 ----D---- C:\WINDOWS\Prefetch
2012-06-14 21:52:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-06-14 21:51:58 ----D---- C:\WINDOWS\system32\CatRoot2
2012-06-14 21:51:16 ----D---- C:\WINDOWS\system32
2012-06-14 21:51:16 ----D---- C:\WINDOWS
2012-06-14 21:47:44 ----SD---- C:\WINDOWS\Tasks
2012-06-14 21:47:44 ----RD---- C:\Program Files\Skype
2012-06-14 15:42:35 ----SHD---- C:\System Volume Information
2012-06-14 14:53:23 ----HD---- C:\WINDOWS\inf
2012-06-14 14:53:17 ----D---- C:\WINDOWS\repair
2012-06-14 14:53:06 ----D---- C:\WINDOWS\Registration
2012-06-14 14:50:25 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2012-06-13 17:49:13 ----SHD---- C:\WINDOWS\Installer
2012-06-13 12:10:00 ----D---- C:\WINDOWS\Microsoft.NET
2012-06-13 12:09:58 ----RSD---- C:\WINDOWS\assembly
2012-06-13 07:02:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-06-13 07:02:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-06-13 07:02:13 ----D---- C:\WINDOWS\WinSxS
2012-06-13 06:58:57 ----D---- C:\WINDOWS\Debug
2012-06-13 06:58:53 ----A---- C:\WINDOWS\system32\MRT.exe
2012-06-13 06:58:45 ----D---- C:\WINDOWS\system32\drivers
2012-06-13 06:58:43 ----HD---- C:\WINDOWS\$hf_mig$
2012-06-11 20:34:17 ----A---- C:\WINDOWS\wincmd.ini
2012-06-09 18:31:27 ----D---- C:\Documents and Settings\Ivan\Application Data\uTorrent
2012-06-08 18:56:00 ----SD---- C:\Documents and Settings\Ivan\Application Data\Microsoft
2012-06-08 18:51:12 ----D---- C:\Program Files\Mozilla Firefox
2012-06-07 23:34:29 ----D---- C:\WINDOWS\system32\config
2012-06-07 20:46:22 ----RD---- C:\Program Files
2012-06-05 10:43:33 ----RASH---- C:\boot.ini
2012-06-05 10:43:33 ----A---- C:\WINDOWS\win.ini
2012-06-05 10:43:33 ----A---- C:\WINDOWS\system.ini
2012-06-05 10:43:32 ----D---- C:\WINDOWS\pss
2012-06-04 10:49:17 ----D---- C:\Program Files\Online Armor
2012-06-01 05:16:38 ----HD---- C:\Program Files\InstallShield Installation Information
2012-05-31 22:49:44 ----D---- C:\Documents and Settings\Ivan\Application Data\Winamp
2012-05-31 18:37:52 ----D---- C:\Program Files\Microsoft Games
2012-05-31 17:07:59 ----D---- C:\Program Files\Common Files
2012-05-31 15:22:09 ----A---- C:\WINDOWS\system32\crypt32.dll
2012-05-31 09:32:16 ----D---- C:\Program Files\SUPERAntiSpyware
2012-05-29 22:35:41 ----D---- C:\WINDOWS\system32\ReinstallBackups
2012-05-29 22:33:29 ----D---- C:\WINDOWS\system32\wbem
2012-05-29 22:32:44 ----D---- C:\WINDOWS\system32\Restore
2012-05-29 09:23:18 ----D---- C:\Program Files\uTorrent
2012-05-20 23:51:44 ----D---- C:\WINDOWS\security
2012-05-16 09:58:35 ----A---- C:\WINDOWS\system32\wininet.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2012-02-14 170080]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2011-03-18 25240]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2012-02-13 685816]
R1 archlp;archlp; C:\WINDOWS\system32\drivers\archlp.sys [2009-02-20 127744]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-05-08 137928]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2011-09-16 36000]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys []
R1 oahlpXX;Online Armor helper driver; \??\C:\WINDOWS\system32\drivers\oahlp32.sys []
R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys []
R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-18 28520]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2012/02/13 08:14:55]; \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2012-05-08 83392]
R3 AF9035HB;AF9035 Hybrid Device; C:\WINDOWS\System32\Drivers\AF9035HB.sys [2012-02-13 855808]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-11 18688]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-12-06 7490560]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-21 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-12-14 7069288]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2011-12-09 327400]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 atu0t5qj;atu0t5qj; C:\WINDOWS\system32\drivers\atu0t5qj.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Ivan\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 LGDDCDevice;LGDDCDevice; \??\C:\WINDOWS\system32\LGI2CDriver.sys []
S3 LGII2CDevice;LGII2CDevice; \??\C:\WINDOWS\system32\LGPII2CDriver.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vtcdrv;Philips SA52xx Recovery Device; C:\WINDOWS\System32\Drivers\vtcdrv.sys [2008-05-09 18560]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-12 116608]
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2012-05-08 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-12-06 643072]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2011-02-07 138192]
R2 OAcat;Online Armor Helper Service; C:\Program Files\Online Armor\OAcat.exe [2012-06-01 210920]
R2 OS Selector;Acronis OS Selector activator; C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-05-26 2139400]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 SvcOnlineArmor;Online Armor; C:\Program Files\Online Armor\oasrv.exe [2012-06-01 4382968]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-06-03 593920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-07 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-02-01 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-30 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-07 116648]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-30 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-08 129976]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-27 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-30 132096]

-----------------EOF-----------------

Dvouklikem na soubor C:\Program Files\trend micro\Ivan.exe spusťte HijackThis.Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)

Klikněte na >FixChecked< a restartujte PC.

Nuž stalo se, mám čekat nějaký log nebo znovu vkládat RSIT?

Není třeba. Ještě spusťte jednou OTM a klikněte na >Cleanup<. OTM po sobě uklidí.

Uklizeno, děkuju

Nemáte zač!