VIRY.CZ

Dobry deň mám problém zo spomalením počítača. Predchádzalo mu napadnutie počítača zo strany neznámeho hackera 25.8.2012. Teraz sa počítač veľmi spomalil a s času načas seká. Ide normálne a zrazu ako keby sa zasekol že nemôžem hýbať ani myšou a potom opäť ide normálne. Zároveň vír ktorý sa mi dostal do systému infikoval súbory v zložke systém32. Používal som iba obmädzený účet a tak som nepočítal s tým že tam nejaký vír prenikne tu je log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Tomas at 2012-08-28 14:02:01
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 11 GB (38%) free of 30 GB
Total RAM: 1014 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:02:12, on 28.8.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Guard-ICQ\GuardICQ.exe
C:\PROGRA~1\ICQ6TO~1\ICQSER~1.EXE
C:\WINDOWS\system32\LGScsiCommandService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Guard-ICQ\GuardICQ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ICQ7M\ICQ.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Animatrix\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Tomas.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Guard.Mail.ru.gui] "C:\Program Files\Guard-ICQ\GuardICQ.exe" /gui
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7M\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2548859187
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Guard.Mail.ru - Unknown owner - C:\Program Files\Guard-ICQ\GuardICQ.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\PROGRA~1\ICQ6TO~1\ICQSER~1.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LG SCSI command service (LGScsiCommandService) - Mobile Leader Co.,Ltd. - C:\WINDOWS\system32\LGScsiCommandService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 8633 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1342341097.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default

prefs.js - "browser.startup.homepage" - "http://google.sk/"
prefs.js - "extensions.enabledItems" - "{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10"
prefs.js - "keyword.URL" - "http://websearch.ask.com/redirect?clien ... YYYYSK&&q="

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.271 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml

C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\
toolbar@ask.com
{800b5000-a755-47e1-992b-48a1c1357f07}

C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\searchplugins\
askcom.xml
icqplugin-1.xml
icqplugin-2.xml
icqplugin.gif
icqplugin.src
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-06 1519304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
YTD Toolbar - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll [2012-07-26 1213832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2012-03-20 1056320]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-06 1519304]
{F3FEE66E-E034-436a-86E4-9690573BEE8A} - YTD Toolbar - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll [2012-07-26 1213832]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2012-06-27 16342528]
"Alcmtr"=ALCMTR.EXE []
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-08-21 4282728]
"Guard.Mail.ru.gui"=C:\Program Files\Guard-ICQ\GuardICQ.exe [2012-06-30 1564368]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2010-01-13 134656]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2010-01-13 166912]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2010-01-13 135680]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2004-08-27 1450096]
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2012-06-06 1564872]
""= []
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2012-07-26 1095560]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ICQ"=C:\Program Files\ICQ7M\ICQ.exe [2012-06-30 127040]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-06-05 17344176]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe

C:\Documents and Settings\Tomas\Nabídka Start\Programy\Po spuštění
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2010-01-13 205824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7M\ICQ.exe"="C:\Program Files\ICQ7M\ICQ.exe:*:Enabled:ICQ7M"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"F:\mysql\bin\mysqld_usbwv8.exe"="F:\mysql\bin\mysqld_usbwv8.exe:*:Disabled:mysqld_usbwv8"
"F:\apache\bin\httpd_usbwv8.exe"="F:\apache\bin\httpd_usbwv8.exe:*:Disabled:Apache HTTP Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7M\ICQ.exe"="C:\Program Files\ICQ7M\ICQ.exe:*:Enabled:ICQ7M"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======List of files/folders created in the last 1 month======

2012-08-28 14:02:02 ----D---- C:\Program Files\trend micro
2012-08-28 14:02:01 ----D---- C:\rsit
2012-08-26 11:23:58 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2012-08-25 23:31:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2012-08-25 23:31:33 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2012-08-25 23:24:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2723135$
2012-08-25 23:20:54 ----A---- C:\WINDOWS\system32\MRT.exe
2012-08-25 23:20:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2731847$
2012-08-25 23:20:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2705219$
2012-08-25 23:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2712808$
2012-08-25 23:19:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2698365$
2012-08-25 23:18:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2719985$
2012-08-25 23:18:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2655992$
2012-08-25 23:18:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2691442$
2012-08-25 23:18:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2707511$
2012-08-25 23:17:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2718704$
2012-08-25 23:17:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2686509$
2012-08-25 23:17:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2659262$
2012-08-25 23:17:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2676562$
2012-08-25 23:17:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2695962$
2012-08-25 23:16:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2653956$
2012-08-25 23:16:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-08-25 23:16:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2646524$
2012-08-25 23:16:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2598479$
2012-08-25 23:16:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2603381$
2012-08-25 23:16:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2585542$
2012-08-25 23:15:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2631813$
2012-08-25 23:15:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2584146$
2012-08-25 23:15:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2633952$
2012-08-25 23:15:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2620712$
2012-08-25 23:15:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2619339$
2012-08-25 23:15:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2618451$
2012-08-25 23:14:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2624667$
2012-08-25 23:14:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893-v2$
2012-08-25 23:14:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2012-08-25 23:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
2012-08-25 23:14:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2570947$
2012-08-25 23:14:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2012-08-25 23:14:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2012-08-25 23:13:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2012-08-25 23:13:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2476490$
2012-08-25 23:12:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2535512$
2012-08-25 23:12:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2509553$
2012-08-25 23:12:36 ----D---- C:\WINDOWS\ie8updates
2012-08-25 23:12:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2507618$
2012-08-25 23:12:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2506212$
2012-08-25 23:12:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2508429$
2012-08-25 23:11:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2485663$
2012-08-25 23:11:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2012-08-25 23:11:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2012-08-25 23:11:25 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
2012-08-25 23:11:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2012-08-25 23:10:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2012-08-25 23:10:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2012-08-25 23:10:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2012-08-25 23:10:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2012-08-25 23:10:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2012-08-25 23:09:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2012-08-25 23:09:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2012-08-25 23:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2012-08-25 23:09:26 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2012-08-25 23:09:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2012-08-25 23:09:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2012-08-25 23:08:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2012-08-25 23:08:43 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2012-08-25 23:08:33 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2012-08-25 23:08:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2012-08-25 23:08:19 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2012-08-25 23:08:08 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2012-08-25 23:07:59 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2012-08-25 23:07:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2012-08-25 23:07:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2012-08-25 23:07:32 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2012-08-25 23:07:23 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2012-08-25 23:07:16 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2012-08-25 23:07:03 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2012-08-25 23:06:54 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2012-08-25 23:06:45 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2012-08-25 23:06:37 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2012-08-25 23:06:27 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2012-08-25 23:06:14 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2012-08-25 23:06:01 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2012-08-25 23:05:52 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2012-08-25 23:05:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2012-08-25 23:05:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2012-08-25 23:05:24 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2012-08-25 23:05:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2012-08-25 23:05:07 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2012-08-25 23:04:54 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2012-08-25 23:04:45 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2012-08-25 23:04:36 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2012-08-25 23:04:28 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2012-08-25 23:04:20 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2012-08-25 23:04:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2012-08-25 23:04:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2012-08-25 23:03:59 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2012-08-25 23:03:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2012-08-25 23:03:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2012-08-25 23:03:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2012-08-25 23:03:23 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2012-08-25 23:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2012-08-25 23:03:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2012-08-25 23:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2012-08-25 23:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2012-08-25 23:02:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2012-08-25 23:02:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2012-08-25 23:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2012-08-25 23:01:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2012-08-25 23:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2012-08-25 23:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2012-08-25 23:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2012-08-25 23:01:23 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2012-08-25 23:01:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2012-08-25 23:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2012-08-25 23:00:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2012-08-25 22:57:11 ----N---- C:\WINDOWS\system32\iacenc.dll
2012-08-25 22:49:20 ----N---- C:\WINDOWS\system32\browserchoice.exe
2012-08-25 22:43:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2012-08-25 22:43:36 ----D---- C:\WINDOWS\system32\PreInstall
2012-08-25 22:43:32 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2012-08-25 22:41:25 ----A---- C:\WINDOWS\system32\wups2.dll
2012-08-25 22:41:22 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2012-08-23 14:17:49 ----D---- C:\Program Files\Tropico
2012-08-05 16:54:00 ----D---- C:\WINDOWS\Minidump
2012-08-03 17:12:03 ----D---- C:\Documents and Settings\Tomas\Data aplikací\YTD
2012-08-03 17:11:13 ----D---- C:\Documents and Settings\Tomas\Data aplikací\Search Settings
2012-08-03 17:11:04 ----D---- C:\Program Files\Application Updater
2012-08-03 17:11:03 ----D---- C:\Program Files\YTD Toolbar
2012-08-03 17:11:03 ----D---- C:\Program Files\Common Files\Spigot

======List of files/folders modified in the last 1 month======

2012-08-28 14:02:02 ----RD---- C:\Program Files
2012-08-28 13:58:32 ----D---- C:\Documents and Settings\Tomas\Data aplikací\Skype
2012-08-28 13:58:24 ----D---- C:\Documents and Settings\Tomas\Data aplikací\OpenOffice.org2
2012-08-28 13:58:08 ----D---- C:\WINDOWS\Temp
2012-08-28 13:55:40 ----D---- C:\WINDOWS\Prefetch
2012-08-28 09:53:23 ----D---- C:\WINDOWS\system32
2012-08-28 09:53:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-08-27 23:12:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-08-26 19:09:32 ----D---- C:\Documents and Settings\Tomas\Data aplikací\ICQ
2012-08-26 18:53:21 ----SHD---- C:\WINDOWS\Installer
2012-08-26 18:53:18 ----A---- C:\WINDOWS\OEWABLog.txt
2012-08-26 18:53:08 ----D---- C:\Documents and Settings
2012-08-26 16:25:59 ----D---- C:\WINDOWS
2012-08-26 16:24:45 ----D---- C:\WINDOWS\AppPatch
2012-08-26 11:24:05 ----HD---- C:\WINDOWS\inf
2012-08-26 11:24:02 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-08-26 11:23:36 ----HD---- C:\WINDOWS\$hf_mig$
2012-08-26 11:23:33 ----D---- C:\WINDOWS\system32\CatRoot2
2012-08-25 23:32:03 ----A---- C:\WINDOWS\imsins.BAK
2012-08-25 23:31:37 ----D---- C:\WINDOWS\system32\drivers
2012-08-25 23:29:36 ----D---- C:\WINDOWS\SoftwareDistribution
2012-08-25 23:27:03 ----D---- C:\Program Files\Internet Explorer
2012-08-25 23:27:02 ----D---- C:\WINDOWS\system32\wbem
2012-08-25 23:20:58 ----D---- C:\WINDOWS\Debug
2012-08-25 23:17:39 ----D---- C:\WINDOWS\WinSxS
2012-08-25 23:09:46 ----D---- C:\Program Files\Outlook Express
2012-08-25 23:08:11 ----D---- C:\Program Files\Movie Maker
2012-08-25 23:01:25 ----D---- C:\Program Files\Messenger
2012-08-25 22:41:28 ----D---- C:\WINDOWS\Help
2012-08-23 18:11:07 ----SD---- C:\WINDOWS\Tasks
2012-08-23 14:32:37 ----A---- C:\WINDOWS\wincmd.ini
2012-08-23 14:17:47 ----HD---- C:\Program Files\InstallShield Installation Information
2012-08-21 11:12:23 ----A---- C:\WINDOWS\system32\aswBoot.exe
2012-08-15 23:08:08 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-08-14 15:09:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2012-08-03 17:11:03 ----D---- C:\Program Files\Common Files
2012-08-03 17:03:50 ----D---- C:\Program Files\Mozilla Maintenance Service

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-08-21 25256]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2012-07-15 82380]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2012-08-21 35928]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-08-21 729752]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-08-21 355632]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-08-21 54232]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-08-27 28672]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2004-08-27 27648]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-08-21 21256]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-08-21 97608]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2007-03-09 1163616]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-07-26 547904]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-06-06 161792]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2010-01-13 1730272]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2012-06-27 4419584]
R3 LgBttPort;LGE Bluetooth TransPort; C:\WINDOWS\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
R3 LGVMODEM;LGE Virtual Modem; C:\WINDOWS\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2004-08-27 92928]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\WINDOWS\system32\DRIVERS\athr.sys [2007-06-18 737280]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-04-07 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-04-07 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-04-07 21456]
S3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd32.sys [2007-05-22 1771008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2012-03-02 13056]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2012-03-02 20864]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2012-03-02 25216]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2012-07-26 794560]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-08-21 44808]
R2 Guard.Mail.ru;Guard.Mail.ru; C:\Program Files\Guard-ICQ\GuardICQ.exe [2012-06-30 1564368]
R2 ICQ Service;ICQ Service; C:\PROGRA~1\ICQ6TO~1\ICQSER~1.EXE [2012-03-20 247872]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2004-08-27 1192050]
R2 LGScsiCommandService;LG SCSI command service; C:\WINDOWS\system32\LGScsiCommandService.exe [2010-04-12 47616]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-29 136176]
S2 InCDsrvR;InCD Helper (read only); C:\Program Files\Ahead\InCD\InCDsrv.exe [2004-08-27 1192050]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-06-05 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-29 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-04-07 65795]

-----------------EOF-----------------

Zdravim

Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku[

[/list]

Takže tu sú logy:
OTL Extras logfile created on: 28.8.2012 19:02:56 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Tomas\Dokumenty\Stažené soubory
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1013,92 Mb Total Physical Memory | 460,00 Mb Available Physical Memory | 45,37% Memory free
2,39 Gb Paging File | 1,94 Gb Available in Paging File | 81,35% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 11,00 Gb Free Space | 37,56% Space Free | Partition Type: NTFS
Drive D: | 45,23 Gb Total Space | 9,39 Gb Free Space | 20,77% Space Free | Partition Type: NTFS

Computer Name: TOMAS-E012C53FC | User Name: Tomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-861567501-616249376-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ7M\ICQ.exe" = C:\Program Files\ICQ7M\ICQ.exe:*:Enabled:ICQ7M -- (ICQ, LLC.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ7M\ICQ.exe" = C:\Program Files\ICQ7M\ICQ.exe:*:Enabled:ICQ7M -- (ICQ, LLC.)
"F:\mysql\bin\mysqld_usbwv8.exe" = F:\mysql\bin\mysqld_usbwv8.exe:*:Disabled:mysqld_usbwv8
"F:\apache\bin\httpd_usbwv8.exe" = F:\apache\bin\httpd_usbwv8.exe:*:Disabled:Apache HTTP Server

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C1879C1-B74A-4C6D-8880-E3F54B78E816}" = LG United Mobile Drivers
"{0CB0B5BF-277A-4BC0-B7CD-A824443EAD19}" = OpenOffice.org 2.4
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD YouTube Downloader & Converter 3.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = Zpracování fotografií a obrázků HP 2.0 - All-in-One ovladač
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{818FB39B-1A57-4F1B-A54D-391C33D6C596}" = Tropico
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = Zpracování fotografií a obrázků HP 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Czech
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{BCC315E7-2E8F-4EFD-8A0B-F8F276FE73F2}" = YTD Toolbar v6.2
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F70D5D8C-C1AF-40B3-9E47-3BB5F19EEA3A}" = Atheros for Acer Driver 5.3.0.67_Foxconn Installation Program
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"avast" = avast! Free Antivirus
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FormatFactory" = FormatFactory 2.95
"GIMP-2_is1" = GIMP 2.8.0
"Google Chrome" = Google Chrome
"Guard.Mail.ru" = Guard.ICQ
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP PSC 1200 Series" = Zpracování fotografií a obrázkù HP 2.0 - PSC 1200 Series
"ICQToolbar" = ICQ Toolbar
"ie8" = Windows Internet Explorer 8
"LG PC Suite IV" = LG PC Suite IV
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 14.0.1 (x86 cs)" = Mozilla Firefox 14.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Notepad++" = Notepad++
"Recuva" = Recuva
"Totalcmd" = Total Commander (Remove or Repair)
"Tropico Paradise Island CZ" = Tropico Paradise Island CZ
"VLC media player" = VLC media player 2.0.2
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-861567501-616249376-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6.7.2012 5:19:51 | Computer Name = TOMAS-E012C53FC | Source = MsiInstaller | ID = 11303
Description = Product: LG USB Modem Drivers -- Error 1303.The installer has insufficient
privileges to access this directory: C:\Program Files\LG Electronics\LG USB Modem
Drivers. The installation cannot continue. Log on as an administrator or contact
your system administrator.

Error - 6.7.2012 5:19:52 | Computer Name = TOMAS-E012C53FC | Source = MsiInstaller | ID = 11303
Description = Product: LG USB Modem Drivers -- Error 1303.The installer has insufficient
privileges to access this directory: C:\Program Files\LG Electronics\LG USB Modem
Drivers. The installation cannot continue. Log on as an administrator or contact
your system administrator.

Error - 10.7.2012 6:03:42 | Computer Name = TOMAS-E012C53FC | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace Skype.exe, verze 5.9.0.123, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 18.7.2012 3:15:52 | Computer Name = TOMAS-E012C53FC | Source = Application Error | ID = 1000
Description = Chybující aplikace hpoevm08.exe, verze 4.2.0.20, chybující modul ole32.dll,
verze 5.1.2600.5512, adresa chyby 0x0002cdbd.

Error - 3.8.2012 13:18:29 | Computer Name = TOMAS-E012C53FC | Source = MsiInstaller | ID = 11303
Description = Product: LG USB Modem Drivers -- Error 1303.The installer has insufficient
privileges to access this directory: C:\Program Files\LG Electronics\LG USB Modem
Drivers. The installation cannot continue. Log on as an administrator or contact
your system administrator.

Error - 3.8.2012 13:18:31 | Computer Name = TOMAS-E012C53FC | Source = MsiInstaller | ID = 11303
Description = Product: LG USB Modem Drivers -- Error 1303.The installer has insufficient
privileges to access this directory: C:\Program Files\LG Electronics\LG USB Modem
Drivers. The installation cannot continue. Log on as an administrator or contact
your system administrator.

Error - 4.8.2012 14:12:43 | Computer Name = TOMAS-E012C53FC | Source = Application Error | ID = 1000
Description = Chybující aplikace gimp-2.8.exe, verze 2.8.0.0, chybující modul gimp-2.8.exe,
verze 2.8.0.0, adresa chyby 0x002ff9d0.

Error - 5.8.2012 4:58:36 | Computer Name = TOMAS-E012C53FC | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace gimp-2.8.exe, verze 2.8.0.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 14.8.2012 9:09:45 | Computer Name = TOMAS-E012C53FC | Source = MsiInstaller | ID = 11316
Description = Product: Skype™ 5.10 -- Error 1316. A network error occurred while
attempting to read from the file: C:\Documents and Settings\All Users\Data aplikací\Skype\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeSetup_5.9.0.123.msi

Error - 22.8.2012 5:27:00 | Computer Name = TOMAS-E012C53FC | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 8.0.6001.18702, chybující modul
aswwebrepie.dll, verze 7.0.1456.418, adresa chyby 0x0004d9fb.

[ System Events ]
Error - 28.8.2012 7:58:05 | Computer Name = TOMAS-E012C53FC | Source = DCOM | ID = 10000
Description = Nelze spustit server DCOM: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}.
Došlo
k chybě: %2 při provádění příkazu: C:\WINDOWS\system32\igfxsrvc.exe -Embedding

Error - 28.8.2012 7:58:06 | Computer Name = TOMAS-E012C53FC | Source = DCOM | ID = 10000
Description = Nelze spustit server DCOM: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}.
Došlo
k chybě: %2 při provádění příkazu: C:\WINDOWS\system32\igfxsrvc.exe -Embedding

Error - 28.8.2012 7:58:06 | Computer Name = TOMAS-E012C53FC | Source = DCOM | ID = 10000
Description = Nelze spustit server DCOM: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}.
Došlo
k chybě: %2 při provádění příkazu: C:\WINDOWS\system32\igfxsrvc.exe -Embedding

Error - 28.8.2012 12:56:58 | Computer Name = TOMAS-E012C53FC | Source = DCOM | ID = 10000
Description = Nelze spustit server DCOM: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}.
Došlo
k chybě: %2 při provádění příkazu: C:\WINDOWS\system32\igfxsrvc.exe -Embedding

Error - 28.8.2012 12:56:59 | Computer Name = TOMAS-E012C53FC | Source = DCOM | ID = 10000
Description = Nelze spustit server DCOM: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}.
Došlo
k chybě: %2 při provádění příkazu: C:\WINDOWS\system32\igfxsrvc.exe -Embedding

Error - 28.8.2012 12:56:59 | Computer Name = TOMAS-E012C53FC | Source = DCOM | ID = 10000
Description = Nelze spustit server DCOM: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}.
Došlo
k chybě: %2 při provádění příkazu: C:\WINDOWS\system32\igfxsrvc.exe -Embedding

Error - 28.8.2012 12:59:37 | Computer Name = TOMAS-E012C53FC | Source = DCOM | ID = 10000
Description = Nelze spustit server DCOM: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}.
Došlo
k chybě: %2 při provádění příkazu: C:\WINDOWS\system32\igfxsrvc.exe -Embedding

Error - 28.8.2012 12:59:37 | Computer Name = TOMAS-E012C53FC | Source = DCOM | ID = 10000
Description = Nelze spustit server DCOM: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}.
Došlo
k chybě: %2 při provádění příkazu: C:\WINDOWS\system32\igfxsrvc.exe -Embedding

Error - 28.8.2012 12:59:37 | Computer Name = TOMAS-E012C53FC | Source = DCOM | ID = 10000
Description = Nelze spustit server DCOM: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}.
Došlo
k chybě: %2 při provádění příkazu: C:\WINDOWS\system32\igfxsrvc.exe -Embedding

Error - 28.8.2012 13:03:33 | Computer Name = TOMAS-E012C53FC | Source = DCOM | ID = 10000
Description = Nelze spustit server DCOM: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}.
Došlo
k chybě: %2 při provádění příkazu: C:\WINDOWS\system32\igfxsrvc.exe -Embedding

< End of report >

Druhý log:
OTL logfile created on: 28.8.2012 19:02:56 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Tomas\Dokumenty\Stažené soubory
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1013,92 Mb Total Physical Memory | 460,00 Mb Available Physical Memory | 45,37% Memory free
2,39 Gb Paging File | 1,94 Gb Available in Paging File | 81,35% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 11,00 Gb Free Space | 37,56% Space Free | Partition Type: NTFS
Drive D: | 45,23 Gb Total Space | 9,39 Gb Free Space | 20,77% Space Free | Partition Type: NTFS

Computer Name: TOMAS-E012C53FC | User Name: Tomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012.08.28 19:00:51 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tomas\Dokumenty\Stažené soubory\OTL.exe
PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.07.26 19:52:04 | 001,095,560 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.07.26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2012.07.20 00:46:55 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.06.30 12:37:01 | 001,564,368 | ---- | M] () -- C:\Program Files\Guard-ICQ\GuardICQ.exe
PRC - [2012.06.30 12:36:26 | 000,127,040 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ7M\ICQ.exe
PRC - [2012.06.06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2012.03.20 11:16:08 | 000,247,872 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2011.06.17 19:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2010.04.12 05:01:42 | 000,047,616 | R--- | M] (Mobile Leader Co.,Ltd.) -- C:\WINDOWS\system32\LGScsiCommandService.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.17 03:39:16 | 002,580,480 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
PRC - [2008.03.17 03:39:16 | 002,363,392 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
PRC - [2006.10.05 06:10:12 | 000,009,216 | R--- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2004.08.27 10:00:20 | 001,192,050 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2004.08.27 04:01:08 | 001,450,096 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2003.04.06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

========== Modules (No Company Name) ==========

MOD - [2012.08.28 16:26:22 | 001,803,776 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12082802\algo.dll
MOD - [2012.07.20 00:46:53 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.06.30 12:37:01 | 001,564,368 | ---- | M] () -- C:\Program Files\Guard-ICQ\GuardICQ.exe
MOD - [2012.03.20 11:16:08 | 000,247,872 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
MOD - [2008.03.16 12:02:42 | 000,828,416 | ---- | M] () -- C:\Program Files\OpenOffice.org 2.4\program\libxml2.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.08.15 23:08:08 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.07.20 00:46:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.30 12:37:01 | 001,564,368 | ---- | M] () [Auto | Running] -- C:\Program Files\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.20 11:16:08 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2011.06.17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.04.12 05:01:42 | 000,047,616 | R--- | M] (Mobile Leader Co.,Ltd.) [Auto | Running] -- C:\WINDOWS\system32\LGScsiCommandService.exe -- (LGScsiCommandService)
SRV - [2006.10.05 06:10:12 | 000,009,216 | R--- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2004.08.27 10:00:20 | 001,192,050 | ---- | M] (Ahead Software AG) [Auto | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR)
SRV - [2004.08.27 10:00:20 | 001,192,050 | ---- | M] (Ahead Software AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2003.04.07 07:32:06 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.07.15 10:31:23 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2012.06.27 22:53:24 | 004,419,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2012.03.02 16:03:00 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2012.03.02 16:03:00 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2012.03.02 16:03:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009.09.29 08:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lgbtport.sys -- (LgBttPort)
DRV - [2009.09.29 08:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lgvmodem.sys -- (LGVMODEM)
DRV - [2009.09.29 08:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lgbtbus.sys -- (lgbusenum)
DRV - [2007.07.26 13:19:24 | 000,547,904 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007.06.18 12:03:32 | 000,737,280 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athr.sys -- (athr)
DRV - [2007.06.06 06:51:04 | 000,161,792 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007.03.09 08:56:04 | 001,163,616 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004.08.27 10:04:16 | 000,007,680 | ---- | M] (Ahead Software AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2004.08.27 10:02:46 | 000,028,672 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2004.08.27 10:02:30 | 000,092,928 | ---- | M] (Ahead Software AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2004.08.27 04:02:50 | 000,027,648 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={ ... rer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-861567501-616249376-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-861567501-616249376-682003330-1004\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-861567501-616249376-682003330-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-861567501-616249376-682003330-1004\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-861567501-616249376-682003330-1004\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-861567501-616249376-682003330-1004\..\SearchScopes,DefaultScope = {94B9B6DE-CB76-4A86-AE8C-0589F8A3F8C6}
IE - HKU\S-1-5-21-861567501-616249376-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-861567501-616249376-682003330-1004\..\SearchScopes\{94B9B6DE-CB76-4A86-AE8C-0589F8A3F8C6}: "URL" = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
IE - HKU\S-1-5-21-861567501-616249376-682003330-1004\..\SearchScopes\{E59D4133-4E54-4BFF-B84A-B392C7D30AD1}: "URL" = http://websearch.ask.com/redirect?clien ... 32A38ECECD
IE - HKU\S-1-5-21-861567501-616249376-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://google.sk/"
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?clien ... YYYYSK&&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.23 18:10:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 00:46:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012.06.28 16:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Extensions
[2012.08.03 17:44:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions
[2012.08.03 17:44:55 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.07.20 00:47:39 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\toolbar@ask.com
[2012.08.28 14:28:17 | 000,002,399 | ---- | M] () -- C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\searchplugins\askcom.xml
[2012.08.28 14:30:11 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\searchplugins\icqplugin-1.xml
[2012.07.20 00:47:45 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\searchplugins\icqplugin-2.xml
[2012.08.28 19:00:15 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\searchplugins\icqplugin-3.xml
[2012.07.17 18:32:09 | 000,001,056 | ---- | M] () -- C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\searchplugins\icqplugin.xml
[2012.06.28 16:23:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\TOMAS\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\YOWAR21O.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\TOMAS\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\YOWAR21O.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
[2012.08.03 17:11:11 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2012.08.03 17:11:11 | 000,000,000 | ---D | M] (YTD Toolbar) -- C:\PROGRAM FILES\YTD TOOLBAR\FF
[2012.07.20 00:46:56 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.15 02:05:40 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2012.06.15 02:05:40 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2012.06.15 02:05:40 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2012.06.15 02:05:41 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012.06.15 02:05:41 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Ask Toolbar = C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaapoldfpilohhfkhihnhdckpackghi\7.15.4.0_0\
CHR - Extension: Ask Toolbar = C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaapoldfpilohhfkhihnhdckpackghi\7.15.4.24106_0\
CHR - Extension: YouTube = C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Savings-Slider = C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.0_0\
CHR - Extension: Savings-Slider = C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006.03.02 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-861567501-616249376-682003330-1004\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\S-1-5-21-861567501-616249376-682003330-1004..\Run: [ICQ] C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Animatrix\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Tomas\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-616249376-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/wind ... 2548612328 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 2548859187 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB3C27B6-E6BE-458C-8A6D-AA8E7717324D}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.06.27 22:04:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2012.08.28 14:02:02 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.08.28 14:02:01 | 000,000,000 | ---D | C] -- C:\rsit
[2012.08.25 23:30:11 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2012.08.25 23:12:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012.08.25 23:00:40 | 000,139,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012.08.25 22:59:56 | 000,629,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2012.08.25 22:59:55 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2012.08.25 22:59:51 | 002,000,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2012.08.25 22:59:51 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012.08.25 22:59:49 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012.08.25 22:55:14 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2012.08.25 22:55:11 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2012.08.25 22:54:21 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2012.08.25 22:51:44 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2012.08.25 22:51:31 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2012.08.25 22:51:28 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2012.08.25 22:51:15 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2012.08.25 22:51:14 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2012.08.25 22:50:58 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2012.08.25 22:50:17 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2012.08.25 22:49:53 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2012.08.25 22:49:20 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2012.08.25 22:47:49 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2012.08.25 22:47:49 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2012.08.25 22:45:16 | 002,194,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2012.08.25 22:45:15 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2012.08.25 22:45:14 | 002,150,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2012.08.25 22:45:14 | 002,028,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2012.08.25 22:44:58 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2012.08.25 22:44:33 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2012.08.25 22:44:31 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2012.08.25 22:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
[2012.08.25 22:43:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2012.08.25 22:41:25 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2012.08.25 22:41:25 | 000,022,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2012.08.25 22:41:22 | 000,015,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012.08.25 22:41:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012.08.23 14:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomas\Local Settings\Data aplikací\GHISLER
[2012.08.23 14:17:49 | 000,000,000 | ---D | C] -- C:\Program Files\Tropico
[2012.08.23 14:17:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Tropico
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2012.08.28 19:10:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012.08.28 19:09:02 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.28 19:08:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.08.28 19:05:44 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.08.28 19:01:56 | 000,311,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.08.28 19:01:56 | 000,310,228 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2012.08.28 19:01:56 | 000,046,394 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2012.08.28 19:01:56 | 000,040,326 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.08.28 18:59:40 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.08.28 18:59:33 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.28 18:56:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.08.28 18:56:38 | 1063,243,776 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.28 10:32:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1342341097.job
[2012.08.28 09:49:20 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.08.25 23:32:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.08.25 23:27:05 | 000,112,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.08.23 18:11:19 | 000,002,552 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.08.23 14:32:37 | 000,001,526 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2012.08.23 14:30:29 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Tropico.lnk
[2012.08.22 11:13:27 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.08.28 19:05:44 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.08.25 22:57:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.08.25 22:57:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012.08.23 14:17:49 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Tropico.lnk
[2012.07.15 12:08:25 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012.07.15 11:24:10 | 000,016,622 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat.temp
[2012.07.15 11:24:09 | 000,020,458 | ---- | C] () -- C:\WINDOWS\hpoins01.dat.temp
[2012.07.15 10:17:47 | 000,020,458 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2012.07.15 10:17:47 | 000,016,622 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2012.07.02 22:02:36 | 001,498,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin
[2012.06.28 17:13:16 | 000,000,389 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2012.06.28 16:52:46 | 000,001,526 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2012.06.28 16:34:27 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\Tomas\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.28 16:22:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2012.06.28 13:32:59 | 001,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
[2012.06.28 13:32:59 | 001,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
[2012.06.28 13:32:59 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
[2012.06.28 13:32:59 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2012.06.28 13:18:13 | 000,249,856 | R--- | C] () -- C:\WINDOWS\System32\igfxTMM.dll
[2012.06.28 13:18:10 | 000,910,720 | R--- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2012.06.27 23:46:37 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.06.27 23:44:52 | 000,112,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.27 23:08:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.06.27 22:54:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012.06.27 22:46:38 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\Desktop_.ini
[2012.06.27 22:06:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.06.27 22:01:39 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010.10.05 01:59:32 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\StarOpen.sys

========== LOP Check ==========

[2012.06.29 11:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2012.06.30 12:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2012.07.19 17:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\YTD YouTube Downloader & Converter
[2012.07.19 17:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Animatrix\Data aplikací\Babylon
[2012.08.19 22:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Animatrix\Data aplikací\ICQ
[2012.07.03 14:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Animatrix\Data aplikací\Notepad++
[2012.07.19 17:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Animatrix\Data aplikací\Search Settings
[2012.07.07 16:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Animatrix\Data aplikací\Unity
[2012.08.18 16:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Animatrix\Data aplikací\YTD
[2012.08.26 18:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Free\Data aplikací\Search Settings
[2012.06.30 12:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\{DCD48218-E972-4d0c-9E5F-43462BC13E3B}
[2012.08.07 19:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mama\Data aplikací\Search Settings
[2012.08.28 19:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\ICQ
[2012.06.30 12:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\ICQ Search
[2012.07.03 13:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\Notepad++
[2012.08.03 17:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\Search Settings
[2012.07.20 00:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\wtxpcom
[2012.07.20 00:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\YouTube Downloader
[2012.08.03 17:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\YTD
[2012.08.28 18:59:40 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2012.08.28 10:32:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1342341097.job
[2012.08.28 19:10:04 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========

========== Custom Scans ==========

< >

< >

< MD5 for: ATAPI.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006.03.02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2006.03.02 14:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: CDROM.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2006.03.02 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006.03.02 14:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.14 00:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.14 00:01:30 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2006.03.02 14:00:00 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: SCECLI.DLL >
[2006.03.02 14:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.02.09 11:54:36 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=33081FED75032291EE0E008D5385E86F -- C:\WINDOWS\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP2QFE\services.exe
[2009.02.09 13:18:56 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=3D107D45CCFDB266E91D84B52CD7F430 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009.02.09 13:18:56 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=3D107D45CCFDB266E91D84B52CD7F430 -- C:\WINDOWS\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP3QFE\services.exe
[2009.02.09 12:11:38 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=4F9F7B567970B524F31D9970A23F7C24 -- C:\WINDOWS\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP2GDR\services.exe
[2006.03.02 14:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=6E401E61F952FBBF708AFBECEFAFAE81 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009.02.09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP3GDR\services.exe
[2009.02.09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\system32\dllcache\services.exe
[2009.02.09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\system32\services.exe
[2008.04.14 08:52:46 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008.04.14 08:52:46 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\WINDOWS\ServicePackFiles\i386\services.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2006.03.02 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB2509553$\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\SoftwareDistribution\Download\fe608cd8d2b8f77abaee7a69a696bcf7\sp3gdr\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006.03.02 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\SoftwareDistribution\Download\fe608cd8d2b8f77abaee7a69a696bcf7\sp3qfe\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2006.03.02 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006.03.02 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< >

< %systemroot%*.* /U /s >
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[1 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp -> ]
[1 C:\WINDOWS\Temp\{5FEAEE99-E76D-41B2-91C5-A681D0826B29}\*.tmp files -> C:\WINDOWS\Temp\{5FEAEE99-E76D-41B2-91C5-A681D0826B29}\*.tmp -> ]
[1 C:\WINDOWS\twain_32\*.tmp files -> C:\WINDOWS\twain_32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012.06.28 16:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\Adobe
[2012.06.28 17:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\Help
[2012.07.15 10:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\Hewlett-Packard
[2012.08.28 19:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\ICQ
[2012.06.30 12:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\ICQ Search
[2012.06.27 22:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\Identities
[2012.06.27 22:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\InstallShield
[2012.06.28 18:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\Macromedia
[2012.08.28 19:08:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Tomas\Data aplikací\Microsoft
[2012.06.28 16:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\Mozilla
[2012.07.03 13:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\Notepad++
[2012.08.28 19:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\OpenOffice.org2
[2012.08.03 17:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\Search Settings
[2012.08.28 19:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\Skype
[2012.07.15 12:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\vlc
[2012.06.28 16:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\WinRAR
[2012.07.20 00:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\wtxpcom
[2012.07.20 00:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\YouTube Downloader
[2012.08.03 17:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\YTD

< %APPDATA%\*.exe /s >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job >
[2012.08.28 19:08:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2012.08.28 18:59:40 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2012.08.28 10:32:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1342341097.job
[2012.08.28 18:59:33 | 000,000,934 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2012.08.28 19:09:02 | 000,000,938 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2012.08.28 19:15:27 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2012.06.27 23:43:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2012.06.27 23:43:54 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2012.06.27 23:43:53 | 000,475,136 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2012.08.25 23:27:05 | 000,112,584 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2012.08.28 19:01:56 | 000,046,394 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2012.08.28 19:01:56 | 000,040,326 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2012.08.28 19:01:56 | 000,310,228 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2012.08.28 19:01:56 | 000,311,938 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2012.08.28 19:01:56 | 000,714,754 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2012.08.25 23:15:38 | 000,005,194 | ---- | M] () -- C:\WINDOWS\system32\TZLog.log
[2012.08.28 09:49:20 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 08:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
"ICQ" = "C:\Program Files\ICQ7M\ICQ.exe" silent loginmode=4 -- [2012.06.30 12:36:26 | 000,127,040 | ---- | M] (ICQ, LLC.)
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun -- [2012.06.05 15:23:04 | 017,344,176 | R--- | M] (Skype Technologies S.A.)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2012.07.20 00:46:55 | 000,913,888 | ---- | M] (Mozilla Corporation) MD5=3F677172F23FC17283D9BCE4B42E3F65 -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009.03.08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2012.08.18 00:28:57 | 001,229,848 | ---- | M] (Google Inc.) MD5=2339760B238226DAD9ED03F939D92323 -- C:\Program Files\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.08.28 19:05:44 | 000,000,512 | ---- | M] () MD5=AF2D825C77FE86472E3A0B4B942E86F2 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2003.11.13 05:56:34 | 000,091,048 | R--- | M] () -- \Program Files\Ahead\NeroVision\MenuTemplates\Pictures\tenniscrack4_3.jpg
[2002.05.30 17:16:22 | 000,013,160 | ---- | M] () -- \Program Files\Firefly Studios\Stronghold Crusader\gm\cracks.gm1
[2001.10.01 14:50:54 | 000,012,968 | ---- | M] () -- \Program Files\Firefly Studios\Stronghold\gm\cracks.gm1
[2012.05.05 15:38:42 | 000,062,238 | ---- | M] () -- \Program Files\GIMP 2\share\gimp\2.0\patterns\cracked.pat

< *keygen* /s >

< *loader* /s >
[2012.05.15 09:59:24 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.gif
[2012.05.15 09:59:24 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.png
[2012.07.19 17:48:48 | 000,000,072 | ---- | M] () -- \Documents and Settings\All Users\Nabídka Start\Programy\YTD YouTube Downloader & Converter\YTD YouTube Downloader & Converter Help.url
[2012.07.19 17:48:48 | 000,001,753 | ---- | M] () -- \Documents and Settings\All Users\Nabídka Start\Programy\YTD YouTube Downloader & Converter\YTD YouTube Downloader & Converter.lnk
[2012.07.19 17:48:48 | 000,000,833 | ---- | M] () -- \Documents and Settings\All Users\Plocha\YTD YouTube Downloader & Converter.lnk
[2012.07.19 17:43:09 | 001,051,624 | ---- | M] () -- \Documents and Settings\Animatrix\Dokumenty\Stažené soubory\VDownloaderInstaller.exe
[2012.08.07 09:47:05 | 000,000,381 | ---- | M] () -- \Documents and Settings\Animatrix\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.1_0\loader_1036.js
[2012.08.11 10:44:47 | 000,105,903 | ---- | M] () -- \Documents and Settings\Animatrix\Local Settings\Temporary Internet Files\Content.IE5\3XK4UIEX\AdLoader-427d9fd2a91e2f2c023aefe9f69a01d0.min[1].js
[2012.08.15 10:08:19 | 000,000,753 | ---- | M] () -- \Documents and Settings\Animatrix\Local Settings\Temporary Internet Files\Content.IE5\3XK4UIEX\AdLoader[1].htm
[2012.08.15 21:57:45 | 000,105,903 | ---- | M] () -- \Documents and Settings\Animatrix\Local Settings\Temporary Internet Files\Content.IE5\OXLD3811\AdLoader-427d9fd2a91e2f2c023aefe9f69a01d0.min[1].js
[2012.08.27 12:02:20 | 000,000,753 | ---- | M] () -- \Documents and Settings\Animatrix\Local Settings\Temporary Internet Files\Content.IE5\OXLD3811\AdLoader[1].htm
[2012.08.26 18:55:20 | 000,000,381 | ---- | M] () -- \Documents and Settings\Free\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.1_0\loader_1036.js
[2012.08.07 19:01:18 | 000,000,381 | ---- | M] () -- \Documents and Settings\Mama\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.1_0\loader_1036.js
[2012.07.19 17:49:32 | 000,000,386 | ---- | M] () -- \Documents and Settings\Tomas\Cookies\tomas@youtubedownloadersite[1].txt
[2012.07.19 19:48:00 | 000,000,001 | ---- | M] () -- \Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\{F0B1CEAC-7C0D-407c-B25E-623D7CBECCCB}\youtubedownloader.lock
[2012.08.03 17:15:49 | 000,000,381 | ---- | M] () -- \Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.1_0\loader_1036.js
[2012.07.20 00:18:26 | 000,000,652 | ---- | M] () -- \Documents and Settings\Tomas\Local Settings\Temp\Temporary Internet Files\Content.IE5\CBX763BD\AdLoader[1].htm
[2012.07.20 00:18:26 | 000,010,519 | ---- | M] () -- \Documents and Settings\Tomas\Local Settings\Temp\Temporary Internet Files\Content.IE5\RQGCLYXU\AdLoader-aee74f28845638b42a47bb02dc06a7c6.min[1].js
[2012.07.19 17:49:34 | 004,389,888 | ---- | M] () -- \Documents and Settings\Tomas\Local Settings\Temporary Internet Files\Content.IE5\A2TVZUAH\youtubedownloaderToolbar[1].msi
[2012.08.19 22:11:30 | 000,105,903 | ---- | M] () -- \Documents and Settings\Tomas\Local Settings\Temporary Internet Files\Content.IE5\NVPGCL3R\AdLoader-427d9fd2a91e2f2c023aefe9f69a01d0.min[1].js
[2012.07.17 22:04:52 | 000,010,519 | ---- | M] () -- \Documents and Settings\Tomas\Local Settings\Temporary Internet Files\Content.IE5\NVPGCL3R\AdLoader-aee74f28845638b42a47bb02dc06a7c6.min[1].js
[2012.08.28 13:58:40 | 000,000,753 | ---- | M] () -- \Documents and Settings\Tomas\Local Settings\Temporary Internet Files\Content.IE5\NVPGCL3R\AdLoader[1].htm
[2004.09.07 10:30:08 | 000,086,016 | ---- | M] () -- \Program Files\Common Files\Ahead\AudioPlugins\Downloaders.dll
[2012.05.04 23:42:40 | 000,043,889 | ---- | M] () -- \Program Files\GIMP 2\lib\gdk-pixbuf-2.0\2.10.0\loaders\libpixbufloader-svg.dll
[2011.03.08 09:43:28 | 000,013,734 | ---- | M] () -- \Program Files\GIMP 2\Python\Lib\unittest\loader.py
[2012.06.30 12:36:16 | 000,005,795 | ---- | M] () -- \Program Files\ICQ7M\imApp\theme\IMAGES\XtraPreloader\loader.jpg
[2012.06.30 12:36:16 | 000,004,180 | ---- | M] () -- \Program Files\ICQ7M\imApp\theme\IMAGES\XtraPreloader\zlango-preloader.png
[2012.06.30 12:36:15 | 000,005,520 | ---- | M] () -- \Program Files\ICQ7M\imApp\theme\MUICoreLib\xtraLoader.swf
[2012.06.30 12:38:27 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7M\Xtraz\icq\content\profile_lightboxs\preloader.html
[2011.07.18 23:33:32 | 000,008,787 | ---- | M] () -- \Program Files\Notepad++\user.manual\sites\all\modules\fancy_login\images\ajax-loader.gif
[2008.03.16 12:18:42 | 000,022,528 | ---- | M] () -- \Program Files\OpenOffice.org 2.4\program\javaloader.uno.dll
[2008.03.17 02:32:32 | 000,006,381 | ---- | M] () -- \Program Files\OpenOffice.org 2.4\program\pythonloader.py
[2008.03.16 17:17:06 | 000,016,384 | ---- | M] () -- \Program Files\OpenOffice.org 2.4\program\pythonloader.uno.dll
[2008.03.17 03:39:42 | 000,000,171 | ---- | M] () -- \Program Files\OpenOffice.org 2.4\program\pythonloader.uno.ini
[2008.03.16 17:02:52 | 000,004,064 | ---- | M] () -- \Program Files\OpenOffice.org 2.4\program\classes\unoloader.jar
[2008.06.20 19:13:32 | 000,044,032 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2006.03.02 14:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2004.08.03 22:59:38 | 000,230,400 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\osloader.exe
[2004.08.03 22:59:38 | 000,278,016 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\osloader.ntd
[2008.04.14 08:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.14 00:01:48 | 000,230,912 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.14 00:01:50 | 000,278,528 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 08:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[1 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]

< End of report >

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
SRV - [2012.07.26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.03.20 11:16:08 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
MOD - [2012.03.20 11:16:08 | 000,247,872 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-861567501-616249376-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-861567501-616249376-682003330-1004\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-861567501-616249376-682003330-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-861567501-616249376-682003330-1004\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-861567501-616249376-682003330-1004\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-861567501-616249376-682003330-1004\..\SearchScopes,DefaultScope = {94B9B6DE-CB76-4A86-AE8C-0589F8A3F8C6}
IE - HKU\S-1-5-21-861567501-616249376-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-861567501-616249376-682003330-1004\..\SearchScopes\{94B9B6DE-CB76-4A86-AE8C-0589F8A3F8C6}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =937811&p={searchTerms}
IE - HKU\S-1-5-21-861567501-616249376-682003330-1004\..\SearchScopes\{E59D4133-4E54-4BFF-B84A-B392C7D30AD1}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=&apn_ptnrs=FV&apn_dtid=YYYYYYYYSK&apn_uid=d3b359f0-7088-44ef-ae6d-0763e232afaf&apn_sauid=D5BE319C-ECD1-4825-BA16-0832A38ECECD
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=FF&o=14594&locale=en_EU&apn_uid=d3b359f0-7088-44ef-ae6d-0763e232afaf&apn_ptnrs=FV&apn_sauid=D5BE319C-ECD1-4825-BA16-0832A38ECECD&apn_dtid=YYYYYYYYSK&&q="
[2012.08.03 17:44:55 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.07.20 00:47:39 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\toolbar@ask.com
[2012.08.28 14:28:17 | 000,002,399 | ---- | M] () -- C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\searchplugins\askcom.xml
[2012.08.28 14:30:11 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\searchplugins\icqplugin-1.xml
[2012.07.20 00:47:45 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\searchplugins\icqplugin-2.xml
[2012.08.28 19:00:15 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\searchplugins\icqplugin-3.xml
[2012.07.17 18:32:09 | 000,001,056 | ---- | M] () -- C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\searchplugins\icqplugin.xml
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\TOMAS\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\YOWAR21O.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\TOMAS\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\YOWAR21O.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
[2012.08.03 17:11:11 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2012.08.03 17:11:11 | 000,000,000 | ---D | M] (YTD Toolbar) -- C:\PROGRAM FILES\YTD TOOLBAR\FF
CHR - Extension: Ask Toolbar = C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaapoldfpilohhfkhihnhdckpackghi\7.15.4.0_0\
CHR - Extension: Ask Toolbar = C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaapoldfpilohhfkhihnhdckpackghi\7.15.4.24106_0\
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-861567501-616249376-682003330-1004\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
[2012.07.19 17:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Animatrix\Data aplikací\Babylon
[2012.07.19 17:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Animatrix\Data aplikací\Search Settings
[2012.08.18 16:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Animatrix\Data aplikací\YTD
[2012.08.26 18:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Free\Data aplikací\Search Settings
[2012.06.30 12:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\{DCD48218-E972-4d0c-9E5F-43462BC13E3B}
[2012.08.07 19:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mama\Data aplikací\Search Settings
[2012.08.03 17:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\Search Settings
[2012.08.03 17:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\YTD
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[1 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp -> ]
[1 C:\WINDOWS\Temp\{5FEAEE99-E76D-41B2-91C5-A681D0826B29}\*.tmp files -> C:\WINDOWS\Temp\{5FEAEE99-E76D-41B2-91C5-A681D0826B29}\*.tmp -> ]
[1 C:\WINDOWS\twain_32\*.tmp files -> C:\WINDOWS\twain_32\*.tmp -> ]
[2012.08.28 19:08:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2012.08.28 18:59:40 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2012.08.28 10:32:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1342341097.job
[2012.08.28 18:59:33 | 000,000,934 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2012.08.28 19:09:02 | 000,000,938 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2012.08.28 19:15:27 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

:services
gupdate
gupdatem
Guard.Mail.ru

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=-
"Guard.Mail.ru.gui"=-
"Adobe ARM"=-
"NeroFilterCheck"=-
"InCD"=-
"ApnUpdater"=-
""=-
"SearchSettings"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=-
"ICQ"=-
"Skype"=-

:files
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
C:\Program Files\YTD Toolbar
C:\Program Files\Common Files\Spigot
C:\Program Files\Application Updater
C:\Program Files\Ask.com
C:\Program Files\ICQ6Toolbar
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Neviem čo sa stalo ale systém sa nedokázal sám vypnúť po zhruba 20 minútach som ho vypol núdzovo. Tu je log:

All processes killed
========== OTL ==========
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files\Application Updater\ApplicationUpdater.exe moved successfully.
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
C:\Program Files\ICQ6Toolbar\ICQ Service.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-861567501-616249376-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-861567501-616249376-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-861567501-616249376-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-861567501-616249376-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-861567501-616249376-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ deleted successfully.
C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll moved successfully.
HKEY_USERS\S-1-5-21-861567501-616249376-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-861567501-616249376-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-861567501-616249376-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{94B9B6DE-CB76-4A86-AE8C-0589F8A3F8C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94B9B6DE-CB76-4A86-AE8C-0589F8A3F8C6}\ not found.
Registry key HKEY_USERS\S-1-5-21-861567501-616249376-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{E59D4133-4E54-4BFF-B84A-B392C7D30AD1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E59D4133-4E54-4BFF-B84A-B392C7D30AD1}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Yahoo" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "chr-greentree_ff&ilc=12&type=937811" removed from browser.search.param.yahoo-fr
Prefs.js: "http://websearch.ask.com/redirect?clien ... YYYYSK&&q=" removed from keyword.URL
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-19-Jul-2012-22-47-39-GMT folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-19-Jul-2012-22-47-37-GMT folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\extensions\toolbar@ask.com folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\searchplugins\askcom.xml moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\searchplugins\icqplugin.xml moved successfully.
C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\components folder moved successfully.
C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\chrome\content folder moved successfully.
C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\chrome folder moved successfully.
C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM folder moved successfully.
C:\PROGRAM FILES\YTD TOOLBAR\FF\chrome folder moved successfully.
C:\PROGRAM FILES\YTD TOOLBAR\FF folder moved successfully.
File C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaapoldfpilohhfkhihnhdckpackghi\7.15.4.0_0 not found.
C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaapoldfpilohhfkhihnhdckpackghi\7.15.4.24106_0\tb_ux folder moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaapoldfpilohhfkhihnhdckpackghi\7.15.4.24106_0\lib folder moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaapoldfpilohhfkhihnhdckpackghi\7.15.4.24106_0\content_script\hack folder moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaapoldfpilohhfkhihnhdckpackghi\7.15.4.24106_0\content_script folder moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaapoldfpilohhfkhihnhdckpackghi\7.15.4.24106_0\config\skin\js folder moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaapoldfpilohhfkhihnhdckpackghi\7.15.4.24106_0\config\skin\images folder moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaapoldfpilohhfkhihnhdckpackghi\7.15.4.24106_0\config\skin\css folder moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaapoldfpilohhfkhihnhdckpackghi\7.15.4.24106_0\config\skin folder moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaapoldfpilohhfkhihnhdckpackghi\7.15.4.24106_0\config\locales\en folder moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaapoldfpilohhfkhihnhdckpackghi\7.15.4.24106_0\config\locales folder moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaapoldfpilohhfkhihnhdckpackghi\7.15.4.24106_0\config folder moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaapoldfpilohhfkhihnhdckpackghi\7.15.4.24106_0\background folder moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaapoldfpilohhfkhihnhdckpackghi\7.15.4.24106_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
File C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
File C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll not found.
Registry value HKEY_USERS\S-1-5-21-861567501-616249376-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
C:\Documents and Settings\Animatrix\Data aplikací\Babylon folder moved successfully.
C:\Documents and Settings\Animatrix\Data aplikací\Search Settings\temp folder moved successfully.
C:\Documents and Settings\Animatrix\Data aplikací\Search Settings\res folder moved successfully.
C:\Documents and Settings\Animatrix\Data aplikací\Search Settings folder moved successfully.
C:\Documents and Settings\Animatrix\Data aplikací\YTD\temp folder moved successfully.
C:\Documents and Settings\Animatrix\Data aplikací\YTD\res folder moved successfully.
C:\Documents and Settings\Animatrix\Data aplikací\YTD folder moved successfully.
C:\Documents and Settings\Free\Data aplikací\Search Settings\temp folder moved successfully.
C:\Documents and Settings\Free\Data aplikací\Search Settings\res folder moved successfully.
C:\Documents and Settings\Free\Data aplikací\Search Settings folder moved successfully.
C:\Documents and Settings\LocalService\Data aplikací\{DCD48218-E972-4d0c-9E5F-43462BC13E3B} folder moved successfully.
C:\Documents and Settings\Mama\Data aplikací\Search Settings\temp folder moved successfully.
C:\Documents and Settings\Mama\Data aplikací\Search Settings\res folder moved successfully.
C:\Documents and Settings\Mama\Data aplikací\Search Settings folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Search Settings\temp folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Search Settings\res folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\Search Settings folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\YTD\temp folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\YTD\res folder moved successfully.
C:\Documents and Settings\Tomas\Data aplikací\YTD folder moved successfully.
C:\WINDOWS\000001_.tmp deleted successfully.
C:\WINDOWS\002775_.tmp deleted successfully.
C:\WINDOWS\SET21.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\system32\CONFIG.TMP deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\CR_92D03.tmp\SETUP_PATCH.PACKED.7Z deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\CR_92D03.tmp folder deleted successfully.
C:\WINDOWS\Temp\{5FEAEE99-E76D-41B2-91C5-A681D0826B29}\fpi.tmp deleted successfully.
C:\WINDOWS\twain_32\hpqgends.tmp deleted successfully.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\WINDOWS\Tasks\avast! Emergency Update.job moved successfully.
C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1342341097.job moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job moved successfully.
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service Guard.Mail.ru stopped successfully!
Service Guard.Mail.ru deleted successfully!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Guard.Mail.ru.gui deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\InCD deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\CTFMON.EXE deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Skype deleted successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk moved successfully.
C:\Program Files\YTD Toolbar\Res\Lang folder moved successfully.
C:\Program Files\YTD Toolbar\Res folder moved successfully.
C:\Program Files\YTD Toolbar\IE\6.2 folder moved successfully.
C:\Program Files\YTD Toolbar\IE folder moved successfully.
C:\Program Files\YTD Toolbar folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files\Common Files\Spigot\GC folder moved successfully.
C:\Program Files\Common Files\Spigot folder moved successfully.
C:\Program Files\Application Updater folder moved successfully.
C:\Program Files\Ask.com\Updater folder moved successfully.
C:\Program Files\Ask.com\assets\oobe folder moved successfully.
C:\Program Files\Ask.com\assets folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
C:\Program Files\ICQ6Toolbar folder moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Animatrix
->Temp folder emptied: 47147141 bytes
->Temporary Internet Files folder emptied: 8365305 bytes
->FireFox cache emptied: 672547423 bytes
->Google Chrome cache emptied: 46553959 bytes
->Flash cache emptied: 10019 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Free
->Temp folder emptied: 587937 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Google Chrome cache emptied: 6851899 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 335042 bytes

User: Mama
->Temp folder emptied: 1902081 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 152910521 bytes
->Google Chrome cache emptied: 6629559 bytes
->Flash cache emptied: 3098 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Tomas
->Temp folder emptied: 86402753 bytes
->Temporary Internet Files folder emptied: 18056365 bytes
->FireFox cache emptied: 290750268 bytes
->Google Chrome cache emptied: 11351778 bytes
->Flash cache emptied: 3781 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9149549 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 15945 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 429436300 bytes

Total Files Cleaned = 1 706,00 mb

[EMPTYFLASH]

User: All Users

User: Animatrix
->Flash cache emptied: 0 bytes

User: Default User

User: Free

User: LocalService

User: Mama
->Flash cache emptied: 0 bytes

User: NetworkService

User: Tomas
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: All Users

User: Animatrix

User: Default User

User: Free

User: LocalService

User: Mama

User: NetworkService

User: Tomas

Total Java Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.59.1 log created on 08282012_195952

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Tu je log:
ComboFix 12-08-28.03 - Tomas 29.08.2012 17:27:48.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.664 [GMT 2:00]
Spuštěný z: c:\documents and settings\Animatrix\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msxml4-KB954430-enu.LOG
c:\windows\msxml4-KB973688-enu.LOG
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\Desktop_.ini
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-28 do 2012-08-29 )))))))))))))))))))))))))))))))
.
.
2012-08-28 19:12 . 2012-08-28 19:12 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-28 17:59 . 2012-08-28 17:59 -------- d-----w- C:\_OTL
2012-08-28 17:08 . 2012-08-28 17:08 -------- d-----w- c:\documents and settings\Tomas\Local Settings\Data aplikací\Identities
2012-08-28 17:05 . 2012-08-28 17:05 512 ----a-w- C:\PhysicalMBR.bin
2012-08-28 12:02 . 2012-08-28 12:02 -------- d-----w- c:\program files\trend micro
2012-08-28 12:02 . 2012-08-28 12:02 -------- d-----w- C:\rsit
2012-08-26 16:53 . 2012-08-26 16:53 -------- d-----w- c:\documents and settings\Free
2012-08-25 21:30 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-08-25 21:12 . 2012-08-25 21:19 -------- d-----w- c:\windows\ie8updates
2012-08-25 21:00 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-08-25 20:59 . 2012-07-02 17:38 629760 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-08-25 20:59 . 2012-07-02 17:38 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-08-25 20:59 . 2012-07-02 17:38 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-08-25 20:59 . 2012-07-02 17:38 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-08-25 20:59 . 2012-07-02 17:38 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-08-25 20:59 . 2012-07-02 17:38 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-08-25 20:59 . 2012-07-02 17:38 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-08-25 20:57 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-08-25 20:57 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-08-25 20:55 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-08-25 20:55 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-08-25 20:54 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-08-25 20:51 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-08-25 20:51 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-08-25 20:51 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-08-25 20:51 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-08-25 20:51 . 2011-02-08 13:33 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2012-08-25 20:50 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-08-25 20:50 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2012-08-25 20:49 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-08-25 20:49 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2012-08-25 20:47 . 2010-08-27 08:03 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-08-25 20:47 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-08-25 20:46 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2012-08-25 20:44 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2012-08-25 20:44 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-08-25 20:44 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-08-25 20:41 . 2012-06-02 13:19 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-08-25 20:41 . 2012-06-02 13:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-08-25 20:41 . 2012-06-02 13:19 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-08-25 20:41 . 2012-06-02 13:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-08-25 20:41 . 2012-06-02 13:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-08-23 12:32 . 2012-08-23 12:32 -------- d-----w- c:\documents and settings\Tomas\Local Settings\Data aplikací\GHISLER
2012-08-23 12:17 . 2012-08-23 12:33 -------- d-----w- c:\program files\Tropico
2012-08-19 06:37 . 2012-08-19 06:37 -------- d-sh--w- c:\documents and settings\Animatrix\IECompatCache
2012-08-18 14:37 . 2012-08-18 14:37 -------- d-sh--w- c:\documents and settings\Animatrix\PrivacIE
2012-08-08 17:25 . 2012-08-08 17:25 -------- d-----w- c:\documents and settings\Mama\Local Settings\Data aplikací\Temp
2012-08-08 17:25 . 2012-08-08 17:25 -------- d-----w- c:\documents and settings\Mama\Local Settings\Data aplikací\Adobe
2012-08-07 17:00 . 2012-08-07 17:00 -------- d-----w- c:\documents and settings\Mama\Local Settings\Data aplikací\AskToolbar
2012-08-07 16:59 . 2012-08-07 16:59 -------- d-sh--w- c:\documents and settings\Mama\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-21 09:13 . 2012-06-29 09:18 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-06-29 09:18 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-06-29 09:18 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-06-29 09:18 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2012-06-29 09:18 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2012-06-29 09:18 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2012-06-29 09:18 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2012-06-29 09:18 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2012-06-29 09:17 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-06-29 09:17 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-15 21:08 . 2012-06-28 16:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 21:08 . 2012-06-28 16:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-15 08:31 . 2012-07-15 08:31 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2012-07-06 13:58 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2012-06-27 20:00 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2006-03-02 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:38 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:38 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-06-28 11:32 . 2012-06-28 11:32 147456 ----a-w- c:\windows\system32\igfxCoIn_v4885.dll
2012-06-28 11:32 . 2012-06-28 11:18 170520 ----a-w- c:\windows\system32\igfxzoom.exe
2012-06-27 20:53 . 2012-06-27 20:53 315392 ----a-w- c:\windows\HideWin.exe
2012-06-27 20:53 . 2012-06-27 20:53 9715200 ----a-w- c:\windows\RTLCPL.exe
2012-06-27 20:53 . 2012-06-27 20:53 86016 ----a-w- c:\windows\SoundMan.exe
2012-06-27 20:53 . 2012-06-27 20:53 282624 ----a-w- c:\windows\system32\RTSndMgr.cpl
2012-06-27 20:53 . 2012-06-27 20:53 1826816 ----a-w- c:\windows\SkyTel.exe
2012-06-27 20:53 . 2012-06-27 20:53 1191936 ----a-w- c:\windows\RtlUpd.exe
2012-06-27 20:53 . 2012-06-27 20:53 4419584 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2012-06-27 20:53 . 2012-06-27 20:53 16342528 ----a-w- c:\windows\RTHDCPL.exe
2012-06-27 20:53 . 2012-06-27 20:53 2162688 ----a-w- c:\windows\MicCal.exe
2012-06-27 20:53 . 2012-06-27 20:53 299008 ----a-w- c:\windows\system32\ALSndMgr.cpl
2012-06-27 20:53 . 2012-06-27 20:53 2808832 ----a-w- c:\windows\alcwzrd.exe
2012-06-27 20:53 . 2012-06-27 20:53 520192 ----a-w- c:\windows\RtlExUpd.dll
2012-06-27 20:53 . 2012-06-27 20:54 49152 ----a-w- c:\windows\system32\ChCfg.exe
2012-06-05 15:49 . 2012-07-17 21:45 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:35 . 2012-06-27 20:02 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-04 15:35 . 2012-06-04 15:35 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2006-03-02 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2012-06-27 20:02 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2012-06-27 20:02 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2012-06-27 20:02 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2012-06-27 20:02 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2006-03-02 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2012-06-27 20:02 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2012-06-27 20:02 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-08-28 19:12 . 2012-06-28 14:23 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2012-06-27 16342528]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-13 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-13 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-13 135680]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Animatrix\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-3-16 393216]
.
c:\documents and settings\Tomas\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-3-16 393216]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7M\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [29.6.2012 11:18 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29.6.2012 11:18 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.6.2012 11:18 21256]
R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [28.6.2012 18:35 47616]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29.9.2009 8:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29.9.2009 8:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29.9.2009 8:11 12928]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.6.2012 15:17 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [28.6.2012 18:00 250056]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [17.6.2011 19:33 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [28.6.2012 16:23 114144]
.
.
------- Doplňkový sken -------
.
uStart Page =
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\yowar21o.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.sk/
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-29 17:36
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2012-08-29 17:38:35
ComboFix-quarantined-files.txt 2012-08-29 15:38
.
Před spuštěním: Volných bajtů: 12 309 352 448
Po spuštění: Volných bajtů: 12 321 304 576
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 855189F3A7B66A851F01E662D3EB2F2C

Jak se chova PC

V podstate normálne iba občas sa nejaké programy zaseknú. Z niektorými sa vôbec nedá pracovať asi ich budem musieť reinštalovať. Neviem či ešte mám vír alebo sú programy iba poškodené. A ešte by som sa chcel opýtať na nejaký zaručený spôsob odhaľovania vírov v odt. dokumentoch. A ako zabezpečiť pc proti hackerom? Vraj sa môžu dostať do systému i cez skype dá sa nejako táto diera zaplátať?

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222

Provedte aktualizaci
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

Zaruceny zpusob odhalovani malware neexistuje. Co se tyce zabezpeceni, dulezity je antivir a firewall ale nejdulzeitejsi je rozum = neklikat na kdejakou blikajici a skakajici blbinu, nenavstevovat temna zakouti webu (porno, cracky atd), nestahovat nezname soubory (napr. pres skype)

Zase som systém musel vypnúť núdzovo lebo systém sa nedokázal vypnúť sám. Skočila iba modrá obrazovka systém windows sa vypína a tá svietila asi 30 min. Po tomto čase ma prešla trpezlivosť a notebook som vypol ručne. Antimalavare hodil iba toto:
Malwarebytes Anti-Malware (Skúšobná verzia) 1.62.0.1300
www.malwarebytes.org

Verzia databázy: v2012.08.30.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Tomas :: TOMAS-E012C53FC [administrátor]

Ochrana: Zapnuté

30.8.2012 13:22:40
mbam-log-2012-08-30 (13-22-40).txt

Typ kontroly: Úplná kontrola (C:\|D:\|)
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 296186
Uplynutý čas: 59 min, 54 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 0
(Škodlivé položky neboli zistené)

(koniec)

Na havet vypada PC cisty

Problemy s vypinanim se opakuji

Normálne nie iba ak zapnem nejaký program,ktorý som tu stiahol na odvírenie. Tie ktoré potrebujú reštart,vždy nejde vypnúť notebook a ja neviem prečo. Pred chvíľou Program Anti-Malavare našiel dva malavare v mojom pc:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.31.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Animatrix :: TOMAS-E012C53FC [limited]

Protection: Enabled

31.8.2012 10:01:45
mbam-log-2012-08-31 (10-06-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 143157
Time elapsed: 3 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> No action taken.

Registry Values Detected: 1
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 9a15afbfa67edae99f7cf91f1617c144 -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Nalezy MBAMu smazte

Udelejte jeste AVPTool http://forum.viry.cz/viewtopic.php?f=29&t=58179

A niečo rýchlejšie? 6 hodín skenu je priveľa. Nedá sa to urýchliť? Rýchli test prebehol za 3 min. Bohužiaľ nastavenia podľa návodu sken trvá 6 hodín.

VIRY.CZ

Spomalenie počítača a prienik do systému

Spomalenie počítača a prienik do systému

Re: Spomalenie počítača a prienik do systému

Re: Spomalenie počítača a prienik do systému

Re: Spomalenie počítača a prienik do systému

Re: Spomalenie počítača a prienik do systému

Re: Spomalenie počítača a prienik do systému

Re: Spomalenie počítača a prienik do systému

Re: Spomalenie počítača a prienik do systému

Re: Spomalenie počítača a prienik do systému

Re: Spomalenie počítača a prienik do systému

Re: Spomalenie počítača a prienik do systému

Re: Spomalenie počítača a prienik do systému

Re: Spomalenie počítača a prienik do systému

Re: Spomalenie počítača a prienik do systému

Re: Spomalenie počítača a prienik do systému