VIRY.CZ

Potřeboval bych pomoct s kontrolou logu...
V PC nejse spustit antivir a celkově se chová zvláštně. Našel jsem v něm combofix, možná ho někdo spustil předemnou. Nevim, ale radši to sem píšu.

Použil jsem TDSSKiller, kterej našel a odstranil rootkit v C:\Windows\ahci.sys, ale vše je bezezměny.

Díky za jakoukoliv pomoc

Logfile of random's system information tool 1.09 (written by random/random)
Run by dumvina at 2012-08-02 10:37:28
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 53 GB (69%) free of 76 GB
Total RAM: 503 MB (70% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{4F0649A6-CF6B-4147-B20F-5BC40B3A62A2}.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\dumvina\Data aplikací\Mozilla\Firefox\Profiles\k8naiavh.default

prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.13"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
NPOFFICE.DLL
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-11-02 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-11-02 126976]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-05-31 577536]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CDAServer]
C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [2010-12-17 332288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malware Protection Center]
C:\Documents and Settings\All Users\Data aplikací\522f72\MP522_8050.exe /s /d []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2011-07-06 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Server]
C:\Documents and Settings\dumvina\980651ad-8050.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-11-02 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\55177778.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\55177778.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"DisallowRun"=1
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Průvodce přenesením souborů a nastavení"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\landa.CENTRUMVINA\Local Settings\Data aplikací\Skype\Phone\Skype.exe"="C:\Documents and Settings\landa.CENTRUMVINA\Local Settings\Data aplikací\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Documents and Settings\landa\Local Settings\Data aplikací\Skype\Phone\Skype.exe"="C:\Documents and Settings\landa\Local Settings\Data aplikací\Skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Documents and Settings\dumvina\Local Settings\Temp\Ins205\Setup\bin\MainInst.exe"="C:\Documents and Settings\dumvina\Local Settings\Temp\Ins205\Setup\bin\MainInst.exe:*:Enabled:Samsung SCX-3200 Series Installer"
"C:\WINDOWS\twain_32\Samsung\ScanMgr.exe"="C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger"
"C:\WINDOWS\twain_32\Samsung\SCX3200\Scan2Pc.exe"="C:\WINDOWS\twain_32\Samsung\SCX3200\Scan2Pc.exe:*:Enabled:ScanToPC"
"C:\WINDOWS\twain_32\Samsung\SCX3200\Sscan2io.exe"="C:\WINDOWS\twain_32\Samsung\SCX3200\Sscan2io.exe:*:Enabled:SScanToIO"
"C:\Documents and Settings\All Users\Data aplikací\522f72\MP522_8050.exe"="C:\Documents and Settings\All Users\Data aplikací\522f72\MP522_8050.exe:*:Enabled:Malware Protection Center"
"C:\WINDOWS\twain_32\Samsung\SCX3400\SCNSearch\USDAgent.exe"="C:\WINDOWS\twain_32\Samsung\SCX3400\SCNSearch\USDAgent.exe:*:Enabled:Samsung Scanner Discovery Module V2"
"C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe"="C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe:*:Enabled:CDA Server"
"C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe"="C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe:*:Enabled:Easy Printer Manager"
"C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe"="C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe:*:Enabled:EPM Order Supplies"
"C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe"="C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe:*:Enabled:EPM Alert"
"C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe"="C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe:*:Enabled:CDA Scan2PC"
"C:\Program Files\Scan Assistant\USDAgent.exe"="C:\Program Files\Scan Assistant\USDAgent.exe:*:Enabled:Samsung Scan Assistant - USDAgent.exe"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\landa\Local Settings\Data aplikací\Skype\Phone\Skype.exe"="C:\Documents and Settings\landa\Local Settings\Data aplikací\Skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe]
"Debugger="svchost.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-08-02 10:37:30 ----D---- C:\Program Files\trend micro
2012-08-02 10:37:28 ----D---- C:\rsit
2012-08-02 10:37:06 ----A---- C:\TDSSKiller.2.7.48.0_02.08.2012_10.37.06_log.txt
2012-08-02 10:29:20 ----SD---- C:\ComboFix
2012-08-02 10:28:04 ----A---- C:\TDSSKiller.2.7.48.0_02.08.2012_10.28.04_log.txt
2012-08-02 10:26:10 ----D---- C:\TDSSKiller_Quarantine
2012-08-02 10:25:08 ----A---- C:\TDSSKiller.2.7.48.0_02.08.2012_10.25.08_log.txt
2012-08-02 10:24:16 ----A---- C:\TDSSKiller.2.7.42.0_02.08.2012_10.24.16_log.txt
2012-08-02 10:23:16 ----D---- C:\Temp
2012-08-02 09:36:19 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys
2012-08-02 09:36:14 ----A---- C:\WINDOWS\system32\hidserv.dll
2012-08-02 09:36:09 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2012-08-02 09:36:00 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2012-08-02 02:30:32 ----A---- C:\WINDOWS\zip.exe
2012-08-02 02:30:32 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-08-02 02:30:32 ----A---- C:\WINDOWS\SWSC.exe
2012-08-02 02:30:32 ----A---- C:\WINDOWS\SWREG.exe
2012-08-02 02:30:32 ----A---- C:\WINDOWS\sed.exe
2012-08-02 02:30:32 ----A---- C:\WINDOWS\PEV.exe
2012-08-02 02:30:32 ----A---- C:\WINDOWS\NIRCMD.exe
2012-08-02 02:30:32 ----A---- C:\WINDOWS\MBR.exe
2012-08-02 02:30:32 ----A---- C:\WINDOWS\grep.exe
2012-08-02 02:29:51 ----D---- C:\Qoobox
2012-08-02 02:29:20 ----D---- C:\WINDOWS\erdnt
2012-08-02 02:27:59 ----R---- C:\ComboFix.exe
2012-08-02 01:48:25 ----SHD---- C:\Config.Msi
2012-08-02 01:39:02 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-08-02 01:39:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\Mozilla

======List of files/folders modified in the last 1 month======

2012-08-02 10:37:30 ----RD---- C:\Program Files
2012-08-02 10:37:07 ----D---- C:\WINDOWS\system32\drivers
2012-08-02 10:32:52 ----D---- C:\WINDOWS\system32
2012-08-02 10:32:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-08-02 10:29:45 ----D---- C:\WINDOWS\system32\CatRoot2
2012-08-02 10:29:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-08-02 10:28:45 ----SHD---- C:\System Volume Information
2012-08-02 10:28:45 ----D---- C:\WINDOWS\system32\Restore
2012-08-02 10:21:28 ----A---- C:\WINDOWS\wincmd.ini
2012-08-02 09:48:05 ----D---- C:\WINDOWS
2012-08-02 09:44:17 ----HD---- C:\WINDOWS\inf
2012-08-02 09:44:17 ----D---- C:\WINDOWS\Temp
2012-08-02 09:44:02 ----SHD---- C:\WINDOWS\Installer
2012-08-02 09:39:20 ----SH---- C:\boot.ini
2012-08-02 09:39:20 ----A---- C:\WINDOWS\win.ini
2012-08-02 09:39:20 ----A---- C:\WINDOWS\system.ini
2012-08-02 09:36:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-08-02 02:29:27 ----D---- C:\WINDOWS\Prefetch
2012-08-02 01:38:42 ----D---- C:\Program Files\Mozilla Firefox
2012-08-01 11:18:23 ----D---- C:\Documents and Settings\dumvina\Data aplikací\OpenOffice.org2
2012-07-16 13:08:16 ----SHD---- C:\WINDOWS\CSC
2012-07-12 18:35:57 ----A---- C:\WINDOWS\imsins.BAK
2012-07-09 11:05:52 ----A---- C:\WINDOWS\OEWABLog.txt
2012-07-09 11:04:56 ----D---- C:\Documents and Settings
2012-07-03 03:13:34 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-06-16 3972672]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-11-02 773565]
R3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2008-04-14 63744]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 teamviewervpn;TeamViewer VPN Adapter; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2010-03-11 25088]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\E:\_Apps\EVEREST Ultimate Edition\kerneld.wnt []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-15 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-15 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-15 21744]
S3 mvusbews;USB EWS Device; C:\WINDOWS\System32\Drivers\mvusbews.sys [2010-10-14 17408]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 HPSIService;HP SI Service; C:\WINDOWS\system32\HPSIsvc.exe [2010-11-24 99896]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2012-07-16 2025368]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Zdravim a pekny den preji

Zabalte mi do raru nize uvedene soubory a slozky a uploadnete na LP http://leteckaposta.cz/

C:\TDSSKiller.2.7.48.0_02.08.2012_10.37.06_log.txt
C:\TDSSKiller.2.7.48.0_02.08.2012_10.28.04_log.txt
C:\TDSSKiller_Quarantine
C:\TDSSKiller.2.7.48.0_02.08.2012_10.25.08_log.txt
C:\TDSSKiller.2.7.42.0_02.08.2012_10.24.16_log.txt
C:\Qoobox

Tady to máte a také přeji hezký den

http://leteckaposta.cz/447395638

Poprosim o log z DDS

Stahnete DDS odsud http://download.bleepingcomputer.com/sUBs/Beta/dds.exe a ulozte na plochu
Spustte a kliknete na Start
Po chvili vyskoci log, ten rad uvidim

Jeden log z DDS

DDS (Ver_2011-09-30.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by dumvina at 12:14:57 on 2012-08-02
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.503.255 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPSIsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
\\zaloha\Inexit\__Install\__Antivir\dds.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uLocal Page = about:blank
mStart Page = about:blank
mLocal Page = about:blank
BHO: Podpora odkazu pro Adobe PDF Reader: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [UserFaultCheck] c:\windows\system32\dumprep 0 -u
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript c:\windows\installer\tsclientmsitrans\tscuinst.vbs"
dRunOnce: [TSClientAXDisabler] cmd.exe /C "c:\windows\installer\tsclientmsitrans\tscdsbl.bat"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: DisallowRun = dword:1
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-DisallowRun: 0 = msseces.exe
uPolicies-DisallowRun: 1 = MSASCui.exe
uPolicies-DisallowRun: 2 = ekrn.exe
uPolicies-DisallowRun: 3 = egui.exe
uPolicies-DisallowRun: 4 = avgnt.exe
uPolicies-DisallowRun: 5 = avcenter.exe
uPolicies-DisallowRun: 6 = avscan.exe
uPolicies-DisallowRun: 7 = avgfrw.exe
uPolicies-DisallowRun: 8 = avgui.exe
uPolicies-DisallowRun: 9 = avgtray.exe
uPolicies-DisallowRun: 10 = avgscanx.exe
uPolicies-DisallowRun: 11 = avgcfgex.exe
uPolicies-DisallowRun: 12 = avgemc.exe
uPolicies-DisallowRun: 13 = avgchsvx.exe
uPolicies-DisallowRun: 14 = avgcmgr.exe
uPolicies-DisallowRun: 15 = avgwdsvc.exe
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} - hxxp://server/ConnectComputer/nshelp.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173984119648
DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxp://server/tsweb/msrdp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{7EB0F8F1-FB48-4DA7-996D-E773CEE1F580} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C5213CD6-0AD3-457B-9BAF-92B3909EE28A} : NameServer = 85.119.89.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxsrvc.dll
IFEO: cleaner3.exe - svchost.exe
IFEO: cmdagent.exe - svchost.exe
IFEO: cwntdwmo.exe - svchost.exe
IFEO: driverctrl.exe - svchost.exe
IFEO: drwatson.exe - svchost.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dumvina\data aplikací\mozilla\firefox\profiles\k8naiavh.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B5b3b35fa-423f-44c3-8de8-0a75cdc31787%7D&mid=b3bfc2d6d28447d08083d15f517e0be9-06ce4fc639803a2e3563922518183d8e94088cb9&ds=AVG&v=11.0.0.10&lang=cs&pr=fr&d=2012-08-02%2010%3A47%3A39&sap=ku&q=
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2012-3-14 120152]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2012-3-14 104160]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [2011-3-14 5120]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2006-3-2 69120]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2010-3-11 25088]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;e:\_apps\everest ultimate edition\kerneld.wnt [2011-7-22 26736]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2011-11-10 17408]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
=============== Created Last 30 ================
.
2012-08-02 09:41:55 -------- d--h--w- c:\windows\$hf_mig$
2012-08-02 08:44:25 -------- d-----w- c:\program files\AVG
2012-08-02 08:38:12 -------- d--h--w- c:\documents and settings\all users\data aplikací\Common Files
2012-08-02 08:38:12 -------- d-----w- c:\documents and settings\all users\data aplikací\MFAData
2012-08-02 08:37:30 -------- d-----w- c:\program files\trend micro
2012-08-02 08:23:16 -------- d-----w- C:\Temp
2012-08-02 07:36:19 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-08-02 07:36:19 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-08-02 07:36:14 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2012-08-02 07:36:14 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-08-02 07:36:09 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2012-08-02 07:36:09 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-08-02 07:36:00 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2012-08-02 07:36:00 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2012-08-02 00:30:32 98816 ----a-w- c:\windows\sed.exe
2012-08-02 00:30:32 256000 ----a-w- c:\windows\PEV.exe
2012-08-02 00:30:32 208896 ----a-w- c:\windows\MBR.exe
2012-08-01 23:39:02 -------- d-----w- c:\program files\Mozilla Maintenance Service
.
==================== Find3M ====================
.
2012-08-02 08:27:02 188288 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-06-13 13:55:23 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49:58 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49:57 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:38 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19:46 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19:44 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19:34 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19:02 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22:06 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09:43 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:44:09 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:44:09 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 03:14:59 2194816 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14:59 2071296 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 12:16:19,87 ===============

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

File::
C:\WINDOWS\tasks\User_Feed_Synchronization-{4F0649A6-CF6B-4147-B20F-5BC40B3A62A2}.job

Collect::
C:\Documents and Settings\dumvina\980651ad-8050.exe 

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Server]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\55177778.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\55177778.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

DDS::
uPolicies-DisallowRun: 0 = msseces.exe
uPolicies-DisallowRun: 1 = MSASCui.exe
uPolicies-DisallowRun: 2 = ekrn.exe
uPolicies-DisallowRun: 3 = egui.exe
uPolicies-DisallowRun: 4 = avgnt.exe
uPolicies-DisallowRun: 5 = avcenter.exe
uPolicies-DisallowRun: 6 = avscan.exe
uPolicies-DisallowRun: 7 = avgfrw.exe
uPolicies-DisallowRun: 8 = avgui.exe
uPolicies-DisallowRun: 9 = avgtray.exe
uPolicies-DisallowRun: 10 = avgscanx.exe
uPolicies-DisallowRun: 11 = avgcfgex.exe
uPolicies-DisallowRun: 12 = avgemc.exe
uPolicies-DisallowRun: 13 = avgchsvx.exe
uPolicies-DisallowRun: 14 = avgcmgr.exe
uPolicies-DisallowRun: 15 = avgwdsvc.exe
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript c:\windows\installer\tsclientmsitrans\tscuinst.vbs"
dRunOnce: [TSClientAXDisabler] cmd.exe /C "c:\windows\installer\tsclientmsitrans\tscdsbl.bat"
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

Firefox::
FF - ProfilePath - c:\documents and settings\dumvina\data aplikací\mozilla\firefox\profiles\k8naiavh.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B5b ... &sap=ku&q=

Driver::
EverestDriver

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Nastal menší problém...
Combofix nezamrzne, ale zastaví se na vyhledávání nakažených souborů. Vůbec nespustí fáze 1-50

Restart do nouzoveho rezimu (restart, mackat F8, zvolit Stav nouze s praci v siti)

Pouzijte tento (upraveny) skript

Kód: Vybrat vše

KillAll::

File::
C:\WINDOWS\tasks\User_Feed_Synchronization-{4F0649A6-CF6B-4147-B20F-5BC40B3A62A2}.job

Collect::
C:\Documents and Settings\dumvina\980651ad-8050.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Server]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\55177778.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\55177778.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

DDS::
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript c:\windows\installer\tsclientmsitrans\tscuinst.vbs"
dRunOnce: [TSClientAXDisabler] cmd.exe /C "c:\windows\installer\tsclientmsitrans\tscdsbl.bat"

Firefox::
FF - ProfilePath - c:\documents and settings\dumvina\data aplikací\mozilla\firefox\profiles\k8naiavh.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B5b ... &sap=ku&q=

Driver::
EverestDriver

ClearJavaCache::

Reboot::

Mam takové tušení, že bezezměny...
Pořád stejný efekt

Spustte tedy CF bez skriptu

To jsem také zkoušel, buhužel se stejným výsledkem

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

Extras
OTL Extras logfile created on: 2.8.2012 15:17:32 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\dumvina\Dokumenty\Stažené soubory
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

503,46 Mb Total Physical Memory | 145,57 Mb Available Physical Memory | 28,91% Memory free
844,78 Mb Paging File | 425,30 Mb Available in Paging File | 50,34% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 51,35 Gb Free Space | 68,91% Space Free | Partition Type: NTFS
Drive E: | 949,47 Mb Total Space | 538,37 Mb Free Space | 56,70% Space Free | Partition Type: FAT32

Computer Name: DUM_VINA | User Name: dumvina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:192.168.0.0/255.255.255.0:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\totalcmd\TOTALCMD.EXE" = C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (Ghisler Software GmbH)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\dumvina\Local Settings\Temp\Ins205\Setup\bin\MainInst.exe" = C:\Documents and Settings\dumvina\Local Settings\Temp\Ins205\Setup\bin\MainInst.exe:*:Enabled:Samsung SCX-3200 Series Installer
"C:\WINDOWS\twain_32\Samsung\ScanMgr.exe" = C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger -- (Samsung Electronics)
"C:\WINDOWS\twain_32\Samsung\SCX3200\Scan2Pc.exe" = C:\WINDOWS\twain_32\Samsung\SCX3200\Scan2Pc.exe:*:Enabled:ScanToPC
"C:\WINDOWS\twain_32\Samsung\SCX3200\Sscan2io.exe" = C:\WINDOWS\twain_32\Samsung\SCX3200\Sscan2io.exe:*:Enabled:SScanToIO -- ()
"C:\Documents and Settings\All Users\Data aplikací\522f72\MP522_8050.exe" = C:\Documents and Settings\All Users\Data aplikací\522f72\MP522_8050.exe:*:Enabled:Malware Protection Center
"C:\WINDOWS\twain_32\Samsung\SCX3400\SCNSearch\USDAgent.exe" = C:\WINDOWS\twain_32\Samsung\SCX3400\SCNSearch\USDAgent.exe:*:Enabled:Samsung Scanner Discovery Module V2 -- ()
"C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe" = C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe:*:Enabled:CDA Server -- ()
"C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe" = C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe:*:Enabled:Easy Printer Manager -- (Samsung Electronics Co., Ltd.)
"C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe" = C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe:*:Enabled:EPM Order Supplies -- (Samsung Electronics Co., Ltd.)
"C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe" = C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe:*:Enabled:EPM Alert -- (Samsung Electronics Co., Ltd.)
"C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe" = C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe:*:Enabled:CDA Scan2PC -- ()
"C:\Program Files\Scan Assistant\USDAgent.exe" = C:\Program Files\Scan Assistant\USDAgent.exe:*:Enabled:Samsung Scan Assistant - USDAgent.exe -- ()
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Instalátor AVG

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{1006255F-12EF-4B8C-96A1-6969555AEC12}" = Připojení ke vzdálené ploše
"{17383E8C-4F1E-4FDE-BF17-94C70282AD8E}" = STORMWARE POHODA Klient CZ
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23E5032B-56CA-4C19-A72E-B50161DB82CA}" = Klient služby Stínová kopie svazků
"{2FFBA66C-E06D-4A90-A0B7-30E6D674F292}" = STORMWARE POHODA Klient CZ
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{78B527EF-1307-4DD3-A146-EF17AADC08E8}" = STORMWARE POHODA CZ
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90E00405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8ABAA1F-0825-4C68-80CF-CE834FE6729C}" = ESET NOD32 Antivirus
"{AA1BE0A6-6A0C-44ED-8712-EA6FFC74AB45}" = STORMWARE POHODA Klient CZ Premium
"{AC76BA86-7AD7-1029-7B44-A81000000003}" = Adobe Reader 8.1.0 - Czech
"{AC76BA86-7AD7-1029-7B44-A81200000003}" = Adobe Reader 8 - Czech
"{B1BD98F6-A95B-4320-8E3E-2A05E09B18F8}" = STORMWARE POHODA CZ Premium
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C32B3D7E-8121-490A-87EB-82C41254D688}" = STORMWARE POHODA Klient CZ
"{CB76D5D8-9C53-470A-B66A-FF098058E46B}" = StormWare Pohoda CZ
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E0B5C130-BE91-45F8-B9EA-79A96EF8BFEB}" = OpenOffice.org 2.0
"{E22B009F-2CAC-4703-B4AF-C80C4F0CADB8}" = STORMWARE POHODA CZ
"{F84EE039-D069-4601-8D44-F281C267F927}" = STORMWARE POHODA Klient CZ
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 14.0.1 (x86 cs)" = Mozilla Firefox 14.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NetMos Technology" = NetMos Multi-IO Controller
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PDF reDirect LE" = PDF reDirect (remove only)
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung Printer Live Update" = Samsung Printer Live Update
"Samsung Scan Assistant" = Samsung Scan Assistant
"Samsung SCX-3200 Series" = Samsung SCX-3200 Series
"Samsung SCX-3400 Series" = Samsung SCX-3400 Series
"Skype_is1" = Skype 3.1
"STORMWARE PDF Printer_is1" = STORMWARE PDF Printer 5.0.0.614
"TeamViewer 5 Host" = TeamViewer 5 Host
"Totalcmd" = Total Commander (Remove or Repair)
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1.8.2012 19:42:18 | Computer Name = DUM_VINA | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 1.8.2012 19:47:40 | Computer Name = DUM_VINA | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.

Error - 1.8.2012 19:47:40 | Computer Name = DUM_VINA | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.

Error - 1.8.2012 19:56:32 | Computer Name = DUM_VINA | Source = Application Error | ID = 1000
Description = Chybující aplikace , verze 0.0.0.0, chybující modul unknown, verze
0.0.0.0, adresa chyby 0x00000000.

Error - 1.8.2012 20:17:24 | Computer Name = DUM_VINA | Source = Application Error | ID = 1000
Description = Chybující aplikace , verze 0.0.0.0, chybující modul unknown, verze
0.0.0.0, adresa chyby 0x00000000.

Error - 2.8.2012 3:04:05 | Computer Name = DUM_VINA | Source = Application Error | ID = 1000
Description = Chybující aplikace , verze 0.0.0.0, chybující modul unknown, verze
0.0.0.0, adresa chyby 0x00000000.

Error - 2.8.2012 3:06:23 | Computer Name = DUM_VINA | Source = Application Error | ID = 1000
Description = Chybující aplikace , verze 0.0.0.0, chybující modul unknown, verze
0.0.0.0, adresa chyby 0x00000000.

Error - 2.8.2012 3:39:34 | Computer Name = DUM_VINA | Source = Application Error | ID = 1000
Description = Chybující aplikace , verze 0.0.0.0, chybující modul unknown, verze
0.0.0.0, adresa chyby 0x00000000.

Error - 2.8.2012 3:44:30 | Computer Name = DUM_VINA | Source = Application Error | ID = 1000
Description = Chybující aplikace , verze 0.0.0.0, chybující modul unknown, verze
0.0.0.0, adresa chyby 0x00000000.

Error - 2.8.2012 4:26:22 | Computer Name = DUM_VINA | Source = Application Error | ID = 1000
Description = Chybující aplikace , verze 0.0.0.0, chybující modul unknown, verze
0.0.0.0, adresa chyby 0x00000000.

[ System Events ]
Error - 2.8.2012 3:42:54 | Computer Name = DUM_VINA | Source = Service Control Manager | ID = 7006
Description = Volání ScRegSetValueExW skončilo neúspěšné pro Start s touto chybou:
%%5

Error - 2.8.2012 3:46:06 | Computer Name = DUM_VINA | Source = Service Control Manager | ID = 7000
Description = Služba DgiVecp neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 2.8.2012 4:23:08 | Computer Name = DUM_VINA | Source = Service Control Manager | ID = 7000
Description = Služba DgiVecp neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 2.8.2012 4:27:39 | Computer Name = DUM_VINA | Source = Service Control Manager | ID = 7000
Description = Služba DgiVecp neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 2.8.2012 4:27:42 | Computer Name = DUM_VINA | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: IntelIde

Error - 2.8.2012 5:33:17 | Computer Name = DUM_VINA | Source = Service Control Manager | ID = 7000
Description = Služba DgiVecp neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 2.8.2012 7:55:51 | Computer Name = DUM_VINA | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2.8.2012 7:56:46 | Computer Name = DUM_VINA | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: eamon ehdrv Fips intelppm

Error - 2.8.2012 8:40:15 | Computer Name = DUM_VINA | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2.8.2012 8:41:41 | Computer Name = DUM_VINA | Source = Service Control Manager | ID = 7000
Description = Služba DgiVecp neuspěla při spuštění v důsledku následující chyby:
%%2

< End of report >

OTL
OTL logfile created on: 2.8.2012 15:17:32 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\dumvina\Dokumenty\Stažené soubory
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

503,46 Mb Total Physical Memory | 145,57 Mb Available Physical Memory | 28,91% Memory free
844,78 Mb Paging File | 425,30 Mb Available in Paging File | 50,34% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 51,35 Gb Free Space | 68,91% Space Free | Partition Type: NTFS
Drive E: | 949,47 Mb Total Space | 538,37 Mb Free Space | 56,70% Space Free | Partition Type: FAT32

Computer Name: DUM_VINA | User Name: dumvina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012.08.02 15:16:20 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dumvina\Dokumenty\Stažené soubory\OTL.exe
PRC - [2012.07.16 19:44:34 | 006,365,080 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer.exe
PRC - [2012.07.16 19:44:34 | 002,025,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2012.07.14 02:13:42 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010.11.24 11:01:18 | 000,099,896 | ---- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe
PRC - [2009.01.26 15:31:12 | 005,365,592 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PRC - [2008.04.14 09:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.05.31 01:24:04 | 000,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2004.09.29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

========== Modules (No Company Name) ==========

MOD - [2012.07.14 02:14:07 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.05.02 06:41:48 | 000,024,064 | ---- | M] () -- C:\WINDOWS\system32\ssm1mlm.dll
MOD - [2011.04.14 04:40:42 | 000,024,064 | ---- | M] () -- C:\WINDOWS\system32\ssb3ml3.dll
MOD - [2010.10.14 11:04:26 | 000,151,552 | ---- | M] () -- C:\WINDOWS\system32\HP1100LM.DLL
MOD - [2010.10.14 11:04:08 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll
MOD - [2009.07.18 05:21:00 | 003,883,424 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2008.06.19 17:35:36 | 000,333,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\sqlite3.dll
MOD - [2008.04.14 09:51:48 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008.03.05 09:34:32 | 000,795,520 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\Fennel.dll
MOD - [2008.03.04 14:52:00 | 000,790,392 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\Chai.dll
MOD - [2008.02.26 11:04:40 | 000,717,176 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\Mate.dll
MOD - [2007.12.24 01:05:00 | 000,121,344 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll
MOD - [2004.02.05 00:22:38 | 000,014,848 | ---- | M] () -- C:\WINDOWS\system32\PDFreDirectLEMonNT.dll

========== Win32 Services (SafeList) ==========

SRV - [2012.07.16 19:44:34 | 002,025,368 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2012.07.14 02:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010.11.24 11:01:18 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
SRV - [2004.09.29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - [2012.03.14 08:40:04 | 000,104,160 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2012.03.14 08:40:02 | 000,160,816 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2012.03.14 08:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011.03.14 08:36:08 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SSPORT.sys -- (SSPORT)
DRV - [2010.10.14 03:55:06 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2010.03.11 11:17:14 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2009.05.25 00:00:00 | 000,026,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\_Apps\EVEREST Ultimate Edition\kerneld.wnt -- (EverestDriver)
DRV - [2008.04.14 01:06:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2006.06.16 05:24:04 | 003,972,672 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2004.08.04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={ ... rer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = server:8080
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://server:8080/array.dll?Get.Routing.Script

IE - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = about:blank
IE - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.cz/
IE - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = cs
IE - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={BA98 ... 2012-08-02 10:47:39&v=11.0.0.10&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B5b ... &sap=ku&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.02 01:38:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.02 01:38:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012.08.02 11:35:09 | 000,000,000 | ---D | M]

[2010.06.21 20:48:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dumvina\Data aplikací\Mozilla\Extensions
[2012.08.02 01:42:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dumvina\Data aplikací\Mozilla\Firefox\Profiles\k8naiavh.default\extensions
[2012.08.02 01:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.08.02 10:47:33 | 000,003,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.07.14 04:30:04 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2012.07.14 04:30:04 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2012.07.14 04:30:05 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2012.07.14 04:30:05 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012.07.14 04:30:05 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2012.01.27 09:51:58 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKU\.DEFAULT..\RunOnce: [TSClientAXDisabler] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [TSClientAXDisabler] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\dumvina.old\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\klouda\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\landa\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\pokladna\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Polreichova.CENTRUMVINA\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 0 = msseces.exe
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = MSASCui.exe
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 2 = ekrn.exe
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 3 = egui.exe
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 4 = avgnt.exe
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 5 = avcenter.exe
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 6 = avscan.exe
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 7 = avgfrw.exe
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 8 = avgui.exe
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 9 = avgtray.exe
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 10 = avgscanx.exe
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 11 = avgcfgex.exe
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 12 = avgemc.exe
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 13 = avgchsvx.exe
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 14 = avgcmgr.exe
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 15 = avgwdsvc.exe
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} http://server/ConnectComputer/nshelp.dll (NSHelp Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 3984119648 (MUWebControl Class)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} http://server/tsweb/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EB0F8F1-FB48-4DA7-996D-E773CEE1F580}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5213CD6-0AD3-457B-9BAF-92B3909EE28A}: NameServer = 85.119.89.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Aktuln domovsk strnka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2012.08.02 14:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Spybot - Search & Destroy
[2012.08.02 13:56:58 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012.08.02 12:51:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.08.02 11:41:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2012.08.02 11:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\ESET
[2012.08.02 11:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2012.08.02 10:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012.08.02 10:38:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Data aplikací\Common Files
[2012.08.02 10:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\MFAData
[2012.08.02 10:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.08.02 10:23:16 | 000,000,000 | ---D | C] -- C:\Temp
[2012.08.02 09:49:28 | 004,722,680 | R--- | C] (Swearware) -- C:\Documents and Settings\dumvina\Plocha\ComboFix.exe
[2012.08.02 09:36:19 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2012.08.02 09:36:14 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2012.08.02 09:36:09 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2012.08.02 09:36:00 | 000,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2012.08.02 02:30:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.08.02 02:30:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.08.02 02:30:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.08.02 02:30:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.08.02 02:29:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\dumvina\Dokumenty\Filmy
[2012.08.02 02:29:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\dumvina\Nabídka Start\Programy\Nástroje pro správu
[2012.08.02 02:29:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012.08.02 01:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.08.02 01:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Mozilla
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2012.08.02 15:29:55 | 000,000,470 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4F0649A6-CF6B-4147-B20F-5BC40B3A62A2}.job
[2012.08.02 15:22:46 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.08.02 14:42:03 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.08.02 14:41:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.08.02 14:02:58 | 000,002,937 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2012.08.02 10:32:53 | 000,437,068 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.08.02 10:32:53 | 000,433,784 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2012.08.02 10:32:53 | 000,069,294 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.08.02 10:32:52 | 000,080,342 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2012.08.02 09:49:42 | 004,722,680 | R--- | M] (Swearware) -- C:\Documents and Settings\dumvina\Plocha\ComboFix.exe
[2012.08.02 09:39:20 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012.08.02 02:02:59 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\TeamViewer 5 Host.lnk
[2012.08.02 01:39:05 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
[2012.08.01 11:18:23 | 000,101,656 | ---- | M] () -- C:\Documents and Settings\dumvina\Plocha\SUDOVA VINA.odt
[2012.08.01 09:02:22 | 000,002,529 | ---- | M] () -- C:\Documents and Settings\dumvina\Plocha\Microsoft Office Outlook 2003.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.08.02 15:22:46 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.08.02 02:30:32 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.08.02 02:30:32 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.08.02 02:30:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.08.02 02:30:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.08.02 02:30:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.08.02 01:39:05 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
[2012.08.02 01:39:04 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk
[2012.04.03 16:55:22 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\ssm1mlm.dll
[2012.02.15 09:41:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.12.14 18:36:00 | 000,493,432 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2011.12.14 18:35:21 | 000,124,792 | ---- | C] () -- C:\WINDOWS\Wiainst.exe
[2011.12.14 18:32:58 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\ssb3ml3.dll
[2011.12.14 18:31:38 | 000,145,408 | R--- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll
[2011.12.14 18:31:37 | 000,117,248 | R--- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll
[2011.12.14 18:31:37 | 000,087,552 | R--- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll
[2011.12.14 18:31:36 | 000,307,200 | R--- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll
[2011.12.14 18:31:36 | 000,140,288 | R--- | C] () -- C:\WINDOWS\System32\SaXPEH.dll
[2011.11.10 14:41:13 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HP1100SM.EXE
[2011.11.10 14:41:13 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL
[2011.11.10 14:40:18 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\mvusbews.dll
[2011.11.10 14:40:14 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll
[2011.11.10 14:39:59 | 000,284,160 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.dll
[2010.12.17 18:11:48 | 000,064,000 | ---- | C] () -- C:\WINDOWS\System32\CDASpl.dll
[2010.10.18 09:37:07 | 000,000,336 | ---- | C] () -- C:\WINDOWS\d.ini
[2010.07.23 09:26:25 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\dumvina\intlname.ols
[2007.01.29 15:10:24 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== LOP Check ==========

[2009.04.14 17:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\PingTesterDataBas
[2012.08.02 10:38:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\Common Files
[2012.08.02 11:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2012.08.02 11:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MFAData
[2012.04.03 16:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Samsung
[2012.01.26 14:26:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\dumvina\Data aplikací\Malware Protection Center
[2012.04.03 16:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dumvina\Data aplikací\Samsung
[2010.06.22 19:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dumvina\Data aplikací\STORMWARE
[2010.06.22 15:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dumvina\Data aplikací\TeamViewer
[2008.03.13 10:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dumvina.old\Data aplikací\STORMWARE
[2012.08.02 15:29:55 | 000,000,470 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4F0649A6-CF6B-4147-B20F-5BC40B3A62A2}.job

========== Purity Check ==========

========== Custom Scans ==========

< >

< >

< MD5 for: ATAPI.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 09:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 09:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe

< MD5 for: CDROM.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.14 01:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.14 01:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2008.04.14 09:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 09:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: HAL.DLL >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.14 01:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.14 01:01:30 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL

< MD5 for: SCECLI.DLL >
[2008.04.14 09:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 09:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SVCHOST.EXE >
[2008.04.14 09:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 09:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.14 01:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 09:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 09:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 09:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 09:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< >

< %systemroot%*.* /U /s >
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[18 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\CSC\*.tmp files -> C:\WINDOWS\CSC\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.06.22 19:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dumvina\Data aplikací\Adobe
[2011.12.01 18:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dumvina\Data aplikací\Help
[2010.06.21 20:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dumvina\Data aplikací\Identities
[2011.12.14 18:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dumvina\Data aplikací\InstallShield
[2010.06.22 13:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dumvina\Data aplikací\Macromedia
[2012.01.26 14:26:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\dumvina\Data aplikací\Malware Protection Center
[2011.07.25 21:34:39 | 000,000,000 | --SD | M] -- C:\Documents and Settings\dumvina\Data aplikací\Microsoft
[2010.06.21 20:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dumvina\Data aplikací\Mozilla
[2012.08.01 11:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dumvina\Data aplikací\OpenOffice.org2
[2012.04.03 16:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dumvina\Data aplikací\Samsung
[2010.06.22 19:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dumvina\Data aplikací\STORMWARE
[2010.06.22 15:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dumvina\Data aplikací\TeamViewer

< %APPDATA%\*.exe /s >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job >
[2012.08.02 15:39:53 | 000,000,470 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4F0649A6-CF6B-4147-B20F-5BC40B3A62A2}.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006.12.06 21:36:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006.12.06 21:36:28 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006.12.06 21:36:28 | 000,454,656 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >
[2012.08.02 10:27:02 | 000,188,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpi.sys

< %systemroot%\system32\*.* /3 >
[2012.08.02 10:32:52 | 000,080,342 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2012.08.02 10:32:53 | 000,069,294 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2012.08.02 10:32:53 | 000,433,784 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2012.08.02 10:32:53 | 000,437,068 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2012.08.02 10:32:51 | 001,035,166 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2012.08.02 14:42:03 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 09:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2012.07.14 02:13:42 | 000,913,888 | ---- | M] (Mozilla Corporation) MD5=3F677172F23FC17283D9BCE4B42E3F65 -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009.03.08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.08.02 15:22:46 | 000,000,512 | ---- | M] () MD5=BC218890B45F15635E5F14BD87DE2034 -- C:\PhysicalMBR.bin

< >

< *crack* /s >

< *keygen* /s >

< *loader* /s >
[2006.12.14 11:02:29 | 000,028,814 | ---- | M] () -- \__Zaloha\Backup300307\Documents and Settings\pokladna\Local Settings\Temporary Internet Files\Content.IE5\8TURS1M7\menuG5LoaderX[1].js
[2006.12.06 23:57:51 | 000,001,284 | ---- | M] () -- \__Zaloha\Backup300307\Documents and Settings\pokladna\Local Settings\Temporary Internet Files\Content.IE5\GXM7SXEZ\loader[1].gif
[2007.10.15 13:01:40 | 000,020,374 | ---- | M] () -- \Documents and Settings\klouda\Local Settings\Temporary Internet Files\Content.IE5\E9MDQ556\preloader[1].gif
[2007.10.11 13:40:26 | 000,001,284 | ---- | M] () -- \Documents and Settings\klouda\Local Settings\Temporary Internet Files\Content.IE5\QNEOUEDL\loader[1].gif
[2006.12.14 11:02:29 | 000,028,814 | ---- | M] () -- \Documents and Settings\pokladna\Local Settings\Temporary Internet Files\Content.IE5\8TURS1M7\menuG5LoaderX[1].js
[2006.12.06 23:57:51 | 000,001,284 | ---- | M] () -- \Documents and Settings\pokladna\Local Settings\Temporary Internet Files\Content.IE5\GXM7SXEZ\loader[1].gif
[2009.05.29 11:34:37 | 000,020,045 | ---- | M] () -- \Documents and Settings\Polreichova.CENTRUMVINA\Local Settings\Temporary Internet Files\Content.IE5\2HCA7LG1\loader-final[1].swf
[2010.01.12 16:05:59 | 000,002,576 | ---- | M] () -- \Documents and Settings\Polreichova.CENTRUMVINA\Local Settings\Temporary Internet Files\Content.IE5\JOCMKM8L\preloader2[1].gif
[2010.01.12 16:06:01 | 000,000,330 | ---- | M] () -- \Documents and Settings\Polreichova.CENTRUMVINA\Local Settings\Temporary Internet Files\Content.IE5\JOCMKM8L\stin_preloader[1].png
[2010.01.05 16:21:03 | 000,002,608 | ---- | M] () -- \Documents and Settings\Polreichova.CENTRUMVINA\Local Settings\Temporary Internet Files\Content.IE5\K3TC9DXG\ajax-loader-tr[1].gif
[2010.01.05 16:25:46 | 000,002,500 | ---- | M] () -- \Documents and Settings\Polreichova.CENTRUMVINA\Local Settings\Temporary Internet Files\Content.IE5\K3TC9DXG\loader[1].js
[2001.01.16 06:55:36 | 000,053,248 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\COLOADER.DLL
[2001.01.16 04:22:34 | 000,002,560 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\COLOADER.TLB
[2006.02.26 03:59:10 | 000,023,552 | ---- | M] () -- \Program Files\OpenOffice.org 2.0\program\javaloader.uno.dll
[2006.02.26 20:57:06 | 000,005,226 | ---- | M] () -- \Program Files\OpenOffice.org 2.0\program\pythonloader.py
[2006.02.26 04:14:54 | 000,015,872 | ---- | M] () -- \Program Files\OpenOffice.org 2.0\program\pythonloader.uno.dll
[2006.02.26 22:39:02 | 000,000,101 | ---- | M] () -- \Program Files\OpenOffice.org 2.0\program\pythonloader.uno.ini
[2006.02.26 03:59:10 | 000,018,432 | ---- | M] () -- \Program Files\OpenOffice.org 2.0\program\shlibloader.uno.dll
[2006.02.26 03:35:30 | 000,003,198 | ---- | M] () -- \Program Files\OpenOffice.org 2.0\program\classes\unoloader.jar
[2008.04.14 09:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.14 01:01:48 | 000,230,912 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.14 01:01:50 | 000,278,528 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 09:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[1 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]

< End of report >

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\DgiVecp.sys -- (DgiVecp)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.cz/
IE - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = cs
IE - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={BA985B79-2C30-44A1-B357-B6B6D6CFFD9A}&mid=b3bfc2d6d28447d08083d15f517e0be9-06ce4fc639803a2e3563922518183d8e94088cb9&lang=cs&ds=AVG&pr=fr&d=2012-08-02 10:47:39&v=11.0.0.10&sap=dsp&q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B5b3b35fa-423f-44c3-8de8-0a75cdc31787%7D&mid=b3bfc2d6d28447d08083d15f517e0be9-06ce4fc639803a2e3563922518183d8e94088cb9&ds=AVG&v=11.0.0.10&lang=cs&pr=fr&d=2012-08-02%2010%3A47%3A39&sap=ku&q="
FF - user.js - File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 0 = msseces.exe
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = MSASCui.exe
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 2 = ekrn.exe
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 3 = egui.exe
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 4 = avgnt.exe
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 5 = avcenter.exe
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 6 = avscan.exe
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 7 = avgfrw.exe
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 8 = avgui.exe
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 9 = avgtray.exe
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 10 = avgscanx.exe
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 11 = avgcfgex.exe
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 12 = avgemc.exe
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 13 = avgchsvx.exe
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 14 = avgcmgr.exe
O7 - HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 15 = avgwdsvc.exe
[2012.08.02 14:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Spybot - Search & Destroy
[2012.08.02 10:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[18 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\CSC\*.tmp files -> C:\WINDOWS\CSC\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Server]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\55177778.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\55177778.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

:files
C:\Documents and Settings\All Users\Data aplikací\522f72
C:\Documents and Settings\dumvina\980651ad-8050.exe 
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Program doběhl, restartoval počítač a vyhodil log. A nevim jestli je to náhoda nebo ne, ale antivir už naskočil

All processes killed
========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service SetupNTGLM7X stopped successfully!
Service SetupNTGLM7X deleted successfully!
File D:\NTGLM7X.sys not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service NTACCESS stopped successfully!
Service NTACCESS deleted successfully!
File D:\NTACCESS.sys not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service GMSIPCI stopped successfully!
Service GMSIPCI deleted successfully!
File D:\INSTALL\GMSIPCI.SYS not found.
Service DgiVecp stopped successfully!
Service DgiVecp deleted successfully!
File C:\WINDOWS\system32\Drivers\DgiVecp.sys not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKEY_USERS\S-1-5-21-1715567821-1383384898-725345543-1012\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1715567821-1383384898-725345543-1012\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "http://isearch.avg.com/search?cid=%7B5b ... &sap=ku&q=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1715567821-1383384898-725345543-1012\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisallowRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\0 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\1 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\2 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\3 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\4 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\5 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\6 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\7 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\8 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\9 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\11 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\12 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\13 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\14 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1715567821-1383384898-725345543-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\15 deleted successfully.
C:\Documents and Settings\All Users\Nabídka Start\Programy\Spybot - Search & Destroy folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\speedtest_sp1\component folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\speedtest_sp1 folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\speedtest\component folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\speedtest folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\multimi-banner-sp1\banner folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\multimi-banner-sp1 folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\multimi-banner\banner folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\multimi-banner folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\mobilation_sp1\component folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\mobilation_sp1 folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\mobilation_en_sp1\component folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\mobilation_en_sp1 folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\mobilation_en\component folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\mobilation_en folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\mobilation\component folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\mobilation folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\inclient_trial\banner folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\inclient_trial folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\inclient_free_cnet\upgrade folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\inclient_free_cnet folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\inclient_free\upgrade folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\inclient_free\banner folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\inclient_free folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs folder moved successfully.
C:\Program Files\AVG\AVG2012 folder moved successfully.
C:\Program Files\AVG folder moved successfully.
C:\WINDOWS\003118_.tmp deleted successfully.
C:\WINDOWS\SET25.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15BE.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1BD.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1D74.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1D9A.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2215.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP23C.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP252.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2F7.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP319.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP365.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3EC.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3F4.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP41C.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5CD.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD72.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPDDA.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE5E.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE74.tmp folder deleted successfully.
C:\WINDOWS\CSC\csc1.tmp deleted successfully.
C:\WINDOWS\system32\CONFIG.TMP deleted successfully.
C:\WINDOWS\Temp\486248893.tmp deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Server\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\55177778.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\55177778.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys\ deleted successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\All Users\Data aplikací\522f72 not found.
File\Folder C:\Documents and Settings\dumvina\980651ad-8050.exe not found.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: admin
->Temp folder emptied: 377304 bytes
->Temporary Internet Files folder emptied: 9619966 bytes
->FireFox cache emptied: 14981399 bytes
->Flash cache emptied: 405 bytes

User: Administrator
->Temp folder emptied: 381715 bytes
->Temporary Internet Files folder emptied: 735830 bytes
->FireFox cache emptied: 2414710 bytes

User: Administrator.CENTRUMVINA
->Temp folder emptied: 379200 bytes
->Temporary Internet Files folder emptied: 42845 bytes

User: Administrator.KLOUDA
->Temp folder emptied: 25214 bytes
->Temporary Internet Files folder emptied: 7784517 bytes
->FireFox cache emptied: 2442218 bytes
->Flash cache emptied: 348 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: dumvina
->Temp folder emptied: 29634 bytes
->Temporary Internet Files folder emptied: 15044712 bytes
->FireFox cache emptied: 58696816 bytes
->Flash cache emptied: 20829 bytes

User: dumvina.old
->Temp folder emptied: 7613227 bytes
->Temporary Internet Files folder emptied: 10802077 bytes
->FireFox cache emptied: 80879935 bytes
->Flash cache emptied: 4798 bytes

User: klouda
->Temp folder emptied: 36959177 bytes
->Temporary Internet Files folder emptied: 42313035 bytes
->FireFox cache emptied: 7271213 bytes
->Flash cache emptied: 1066 bytes

User: krejcik
->Temp folder emptied: 416217 bytes
->Temporary Internet Files folder emptied: 739926 bytes

User: landa
->Temp folder emptied: 10337595 bytes
->Temporary Internet Files folder emptied: 910187 bytes
->FireFox cache emptied: 63389348 bytes
->Flash cache emptied: 922 bytes

User: landa.CENTRUMVINA
->Temp folder emptied: 54154157 bytes
->Temporary Internet Files folder emptied: 22970354 bytes
->FireFox cache emptied: 26571575 bytes
->Flash cache emptied: 1157 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1092289 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: pokladna
->Temp folder emptied: 26548430 bytes
->Temporary Internet Files folder emptied: 92913523 bytes
->FireFox cache emptied: 58211613 bytes
->Flash cache emptied: 884 bytes

User: polreichova
->Temp folder emptied: 402459 bytes
->Temporary Internet Files folder emptied: 735830 bytes

User: Polreichova.CENTRUMVINA
->Temp folder emptied: 71957014 bytes
->Temporary Internet Files folder emptied: 106907450 bytes
->FireFox cache emptied: 93497958 bytes
->Flash cache emptied: 2891 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
Session Manager Temp folder emptied: 14503 bytes
Session Manager Tmp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 268099468 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1 143,00 mb

[EMPTYFLASH]

User: admin
->Flash cache emptied: 0 bytes

User: Administrator

User: Administrator.CENTRUMVINA

User: Administrator.KLOUDA
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: dumvina
->Flash cache emptied: 0 bytes

User: dumvina.old
->Flash cache emptied: 0 bytes

User: klouda
->Flash cache emptied: 0 bytes

User: krejcik

User: landa
->Flash cache emptied: 0 bytes

User: landa.CENTRUMVINA
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: pokladna
->Flash cache emptied: 0 bytes

User: polreichova

User: Polreichova.CENTRUMVINA
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: admin

User: Administrator

User: Administrator.CENTRUMVINA

User: Administrator.KLOUDA

User: All Users

User: Default User

User: dumvina

User: dumvina.old

User: klouda

User: krejcik

User: landa

User: landa.CENTRUMVINA

User: LocalService

User: NetworkService

User: pokladna

User: polreichova

User: Polreichova.CENTRUMVINA

Total Java Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.55.0 log created on 08032012_084951

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

VIRY.CZ

Prosím o kontrolu

Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu