VIRY.CZ

Dobrý den,
pomalé PC, internet vypadává, časté hlašení málo místa na discu...
Děkuji Agátka.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Petr at 2013-11-26 12:04:59
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 169 MB (0%) free of 76 GB
Total RAM: 447 MB (28% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-14 16270848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"EPSONStatusAgent2"=2
"EpsonBidirectionalService"=2

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoInstrumentation"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=
"NoPopUpsOnBoot"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\System32\USMT\migwiz.exe"="C:\WINDOWS\System32\USMT\migwiz.exe:*:Enabled:Průvodce přenesením souborů a nastavení"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2013-11-26 12:04:59 ----D---- C:\rsit
2013-11-26 10:48:40 ----D---- C:\Program Files\MyPC Backup
2013-11-26 10:45:10 ----D---- C:\Documents and Settings\Petr\Data aplikací\Systweak
2013-11-26 10:44:48 ----A---- C:\WINDOWS\system32\roboot.exe

======List of files/folders modified in the last 1 months======

2013-11-26 11:46:40 ----A---- C:\WINDOWS\SchedLgU.Txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2013-03-07 21576]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 Ethpdrv;Ethernet Packet Driver; C:\WINDOWS\system32\DRIVERS\ethpdrv.sys [2007-08-01 16376]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-07-01 9856]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 ZD1211BU(ASUS);ASUS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ASUS); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-06-14 425472]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
S3 adiusbaw;ADSL USB MODEM WAN ADAPTER; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys []
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 EC168BDA;EC168BDA service; C:\WINDOWS\system32\DRIVERS\EC168BDA.sys [2007-09-11 87296]
S3 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 LgBttPort;LGE Bluetooth TransPort; C:\WINDOWS\system32\DRIVERS\lgbtport.sys []
S3 lgbusenum;LG Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\lgbtbus.sys []
S3 lgmdbus;LG Mobile driver (WDM); C:\WINDOWS\system32\DRIVERS\lgmdbus.sys []
S3 lgmdmdfl;LG Mobile USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\lgmdmdfl.sys []
S3 lgmdmdm;LG Mobile USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\lgmdmdm.sys []
S3 lgmdmgmt;LG Mobile USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\lgmdmgmt.sys []
S3 lgmdobex;LG Mobile USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\lgmdobex.sys []
S3 LGVMODEM;LGE Virtual Modem; C:\WINDOWS\system32\DRIVERS\lgvmodem.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys []
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-14 32768]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LPDSVC;Tiskový server TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-18 19456]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Zdravim

agata píše:System drive C: has 169 MB (0%) free of 76 GB

Uvilnete nejake misto na disku, alespon 3GB. System se dusi a dela to problemy.

Aktualizujem skener
Smazte RSIT a slozku C:\Program Files\trend micro , pokud ji najdete.
Pak stahnete nove RSIT http://images.malwareremoval.com/random/RSIT.exe a dejte log z nej.

Pouzivate nejaky antivir?

Udelejte !!!kompletni!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

Logfile of random's system information tool 1.09 (written by random/random)
Run by Petr at 2013-11-27 09:40:06
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 168 MB (0%) free of 76 GB
Total RAM: 447 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:42:02, on 27.11.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Petr\Local Settings\Temporary Internet Files\Content.IE5\TCPSASZK\RSIT[1].exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\trend micro\Petr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - http://kamera-pecky.viewnetcam.com/kxhcm10.ocx
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://kamera.petplanet.cz/activex/AMC.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

--
End of file - 2955 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-14 16270848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"EPSONStatusAgent2"=2
"EpsonBidirectionalService"=2

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoInstrumentation"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1
"NoPopUpsOnBoot"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\System32\USMT\migwiz.exe"="C:\WINDOWS\System32\USMT\migwiz.exe:*:Enabled:Průvodce přenesením souborů a nastavení"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-11-27 09:41:17 ----D---- C:\Program Files\SafePCRepair_89EI
2013-11-27 09:40:22 ----D---- C:\Program Files\trend micro
2013-11-26 12:04:59 ----D---- C:\rsit
2013-11-26 10:48:40 ----D---- C:\Program Files\MyPC Backup
2013-11-26 10:45:10 ----D---- C:\Documents and Settings\Petr\Data aplikací\Systweak
2013-11-26 10:44:48 ----A---- C:\WINDOWS\system32\roboot.exe

======List of files/folders modified in the last 1 month======

2013-11-27 08:53:38 ----A---- C:\WINDOWS\SchedLgU.Txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2013-03-07 21576]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 Ethpdrv;Ethernet Packet Driver; C:\WINDOWS\system32\DRIVERS\ethpdrv.sys [2007-08-01 16376]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-07-01 9856]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
R3 ZD1211BU(ASUS);ASUS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ASUS); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-06-14 425472]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
S3 adiusbaw;ADSL USB MODEM WAN ADAPTER; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys []
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 EC168BDA;EC168BDA service; C:\WINDOWS\system32\DRIVERS\EC168BDA.sys [2007-09-11 87296]
S3 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 LgBttPort;LGE Bluetooth TransPort; C:\WINDOWS\system32\DRIVERS\lgbtport.sys []
S3 lgbusenum;LG Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\lgbtbus.sys []
S3 lgmdbus;LG Mobile driver (WDM); C:\WINDOWS\system32\DRIVERS\lgmdbus.sys []
S3 lgmdmdfl;LG Mobile USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\lgmdmdfl.sys []
S3 lgmdmdm;LG Mobile USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\lgmdmdm.sys []
S3 lgmdmgmt;LG Mobile USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\lgmdmgmt.sys []
S3 lgmdobex;LG Mobile USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\lgmdobex.sys []
S3 LGVMODEM;LGE Virtual Modem; C:\WINDOWS\system32\DRIVERS\lgvmodem.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys []
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-14 32768]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LPDSVC;Tiskový server TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-18 19456]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Misto jste ale neuvolnila

System drive C: has 168 MB (0%) free of 76 GB

Pockam tedy na log z MBAM a podle vysledku budem pokracovat dale.

Nemám asi co odstranit (fotky,hry...atd. nemám na PC)
Antivir nemám, důvod málo místa... . Kde to místo je, pomůže defragmentace ?

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.11.27.04

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
Petr :: DOMA [administrátor]

Ochrana: Zakázána

27.11.2013 11:13:26
MBAM-log-2013-11-27 (12-22-53).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 228943
Uplynulý čas: 1 hodin, 6 minut, 34 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_XMLLookup (Hijacker.XMLLookup) -> Data: http://shell.windows.com/fileassoc/file ... 04x&Ext=%s -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Data: http://shell.windows.com/fileassoc/%04x ... asp?Ext=%s -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_intl (Hijacker.intl) -> Data: http://shell.windows.com/fileassoc/file ... 04x&Ext=%s -> Nebyla provedena žádná instrukce.

Nalezené datové položky v registru: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|XMLLookup (Hijacker.XMLLookup) -> Špatný: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Dobrý: (http://shell.windows.com/fileassoc/file ... 04x&Ext=%s) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Špatný: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Dobrý: (http://shell.windows.com/fileassoc/%04x ... asp?Ext=%s) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|intl (Hijacker.intl) -> Špatný: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Dobrý: (http://shell.windows.com/fileassoc/file ... 04x&Ext=%s) -> Nebyla provedena žádná instrukce.

Nalezené složky: 2
C:\Documents and Settings\Petr\Data aplikací\OpenCandy (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Petr\Data aplikací\OpenCandy\OpenCandy_9D119CA0A94148B0A7157015A6ADA472 (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.

Nalezené soubory: 4
C:\Documents and Settings\Petr\Data aplikací\OpenCandy\OpenCandy_9D119CA0A94148B0A7157015A6ADA472\LatestDLMgr.exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\system32\roboot.exe (PUP.Optional.PCPerformer.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Petr\Data aplikací\OpenCandy\OpenCandy_9D119CA0A94148B0A7157015A6ADA472\1763.ico (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Petr\Data aplikací\OpenCandy\OpenCandy_9D119CA0A94148B0A7157015A6ADA472\RealPlayer_p1v2.exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.

(konec)

Vsechny nalezy nechte odstranit, pak MBAM odinstalujte.

Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe a ulozte nejlepe na plochu a spustte.
Do leveho okna zkopirujte tento skript (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
[CreateRestorePoint]

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

Kliknete na MoveIt a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu sem dejte log, ktery na vas vyskoci, nebo bude zde C:\_OTM\MovedFiles\xxxxxxxx_xxxxxx (misto tech x budou cisla, predstavujici datum a cas spusteni)

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: NetworkService
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Petr
->Temp folder emptied: 2569899 bytes
->Temporary Internet Files folder emptied: 17681665 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 131072 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 19,00 mb

[EMPTYFLASH]

User: Default User

User: All Users

User: NetworkService

User: LocalService
->Flash cache emptied: 0 bytes

User: Petr
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error creating restore point.
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.

OTM by OldTimer - Version 3.1.21.0 log created on 11272013_162811

Files moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_46c.dat moved successfully.

Registry entries deleted on Reboot...

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe , ulozte na plochu a spustte.
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

OTL logfile created on: 28.11.2013 11:12:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Petr\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

447,36 Mb Total Physical Memory | 123,96 Mb Available Physical Memory | 27,71% Memory free
4,31 Gb Paging File | 3,84 Gb Available in Paging File | 89,08% Paging File free
Paging file location(s): C:\pagefile.sys 4033 4033 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,50 Gb Total Space | 0,11 Gb Free Space | 0,15% Space Free | Partition Type: FAT32

Computer Name: DOMA | User Name: Petr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.11.28 11:10:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Petr\Plocha\OTL.exe
PRC - [2008.04.14 04:22:40 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\osk.exe
PRC - [2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004.08.18 13:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msswchx.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\Monfilt.sys -- (Monfilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgvmodem.sys -- (LGVMODEM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgmdobex.sys -- (lgmdobex)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgmdmgmt.sys -- (lgmdmgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgmdmdm.sys -- (lgmdmdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgmdmdfl.sys -- (lgmdmdfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgmdbus.sys -- (lgmdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgbtbus.sys -- (lgbusenum)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgbtport.sys -- (LgBttPort)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\adiusbaw.sys -- (adiusbaw)
DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\adildr.sys -- (ADILOADER)
DRV - [2013.03.07 00:33:22 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2008.04.13 19:53:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007.09.11 15:20:00 | 000,087,296 | R--- | M] (e3C, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EC168BDA.sys -- (EC168BDA)
DRV - [2007.08.01 21:30:40 | 000,016,376 | R--- | M] (Gemfor s.r.o.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ethpdrv.sys -- (Ethpdrv)
DRV - [2006.11.15 14:34:40 | 004,225,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006.06.14 18:16:00 | 000,425,472 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ASUS)
DRV - [2005.11.03 16:40:08 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02)
DRV - [2005.08.10 14:44:06 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2005.05.16 15:20:40 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004.07.09 04:26:38 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2003.07.01 18:47:08 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003.01.29 08:29:34 | 000,008,703 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2002.09.09 19:54:06 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ASNDIS5.sys -- (ASNDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={ ... rer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com

IE - HKU\S-1-5-21-714400596-3210757239-2929730860-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mail.o2active.cz/iwc_static [Binary data over 200 bytes]
IE - HKU\S-1-5-21-714400596-3210757239-2929730860-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-714400596-3210757239-2929730860-1005\..\SearchScopes,DefaultScope = Yahoo!
IE - HKU\S-1-5-21-714400596-3210757239-2929730860-1005\..\SearchScopes\{5042D780-0816-8CAF-69AC-06A54D832FE0}: "URL" = http://bwrk.startya.com/s/?q={searchTer ... =2-490-0-0
IE - HKU\S-1-5-21-714400596-3210757239-2929730860-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKU\S-1-5-21-714400596-3210757239-2929730860-1005\..\SearchScopes\Yahoo!: "URL" = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
IE - HKU\S-1-5-21-714400596-3210757239-2929730860-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found

O1 HOSTS File: ([2013.11.27 16:28:48 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKU\S-1-5-21-714400596-3210757239-2929730860-1005\..\Toolbar\ShellBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-21-714400596-3210757239-2929730860-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-714400596-3210757239-2929730860-1005\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPopUpsOnBoot = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-714400596-3210757239-2929730860-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-714400596-3210757239-2929730860-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-714400596-3210757239-2929730860-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-714400596-3210757239-2929730860-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-714400596-3210757239-2929730860-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} http://kamera-pecky.viewnetcam.com/kxhcm10.ocx (Reg Error: Key error.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Value error.)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://kamera.petplanet.cz/activex/AMC.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{049CCB79-C510-4FE9-81CC-A103BAA3BD9D}: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.02.27 19:07:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Error creating restore point.

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2013.11.28 11:10:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Petr\Plocha\OTL.exe
[2013.11.27 16:28:11 | 000,000,000 | ---D | C] -- C:\_OTM
[2013.11.27 09:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013.11.26 12:04:59 | 000,000,000 | ---D | C] -- C:\rsit
[2013.11.26 10:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
[2013.11.26 10:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Petr\Data aplikací\Systweak

========== Files - Modified Within 30 Days ==========

[2013.11.28 11:15:52 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.11.28 11:10:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Petr\Plocha\OTL.exe
[2013.11.28 09:53:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.11.27 10:40:42 | 000,000,005 | ---- | M] () -- C:\Documents and Settings\Petr\Data aplikací\mbam.context.scan
[2013.11.26 12:30:10 | 000,695,653 | ---- | M] () -- C:\Documents and Settings\Petr\Plocha\PH Kovo - kovošrot, sběrné suroviny, dvůr, demolice, Cheb, Praha - Počernice, Dolní Rychnov, Karlovy Vary, Bor u Tachova, Ostrov, Kraslice, Kladno - Dubí.mht
[2013.11.26 11:47:30 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2013.11.26 11:47:26 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013.11.26 11:47:26 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013.11.25 08:38:32 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.11.21 11:05:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.11.06 13:04:08 | 000,217,656 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013.11.28 11:15:50 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.11.27 10:40:41 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\Petr\Data aplikací\mbam.context.scan
[2013.11.26 12:30:04 | 000,695,653 | ---- | C] () -- C:\Documents and Settings\Petr\Plocha\PH Kovo - kovošrot, sběrné suroviny, dvůr, demolice, Cheb, Praha - Počernice, Dolní Rychnov, Karlovy Vary, Bor u Tachova, Ostrov, Kraslice, Kladno - Dubí.mht
[2013.10.09 15:16:42 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.08.16 08:35:42 | 000,217,656 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.25 09:38:57 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2012.02.15 08:43:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.03 10:15:34 | 000,001,198 | ---- | C] () -- C:\Documents and Settings\Petr\Local Settings\Data aplikací\FASTWiz.html
[2009.04.11 08:59:33 | 000,087,552 | ---- | C] () -- C:\Documents and Settings\Petr\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009.04.18 07:55:10 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009.12.22 06:09:54 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:56:06 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:06 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009.05.30 11:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.07.22 13:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\iolo
[2009.04.28 18:25:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\~0
[2009.08.03 07:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Drivers HeadQuarters
[2009.11.29 15:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\f-secure
[2009.11.29 15:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\fssg
[2010.03.09 20:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SolidDocuments
[2010.07.01 12:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.09.09 08:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\FileCure
[2011.05.23 09:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MFAData
[2011.05.23 09:36:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\Common Files
[2011.05.23 09:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVG10
[2011.07.21 11:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2013.04.02 11:48:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJEPPEX2
[2013.04.02 11:48:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonEPP
[2011.05.16 17:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\iolo
[2009.07.22 13:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\iolo
[2010.03.09 21:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\Softland
[2009.02.28 07:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Opera
[2009.03.01 12:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\WinTuneup Data
[2009.03.07 07:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Desktopicon
[2009.03.14 12:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\EPSON
[2009.04.18 07:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\GetRightToGo
[2009.04.18 08:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Spell Check Anywhere
[2009.05.03 20:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Cashfiesta
[2009.05.30 16:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\FDRLab
[2009.05.31 15:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Orbit
[2009.05.31 15:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\GrabPro
[2009.06.17 11:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Wireshark
[2009.06.28 11:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Absolutist.com
[2009.07.22 13:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\iolo
[2009.08.03 07:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Power Sound Editor Free
[2009.12.21 15:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\IObit
[2010.03.09 21:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\SolidDocuments
[2010.03.09 21:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.03.09 21:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Softland
[2010.03.09 21:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Moyea
[2010.06.16 09:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\SoftGate
[2011.01.15 08:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\LG Electronics
[2011.01.15 09:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\MOBILedit
[2011.01.15 10:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\MOBILeditForensic
[2013.01.30 10:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\PhotoScape
[2013.11.26 10:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Systweak

========== Purity Check ==========

========== Custom Scans ==========

< >
[2004.11.20 11:14:37 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2009.02.27 19:11:39 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT

< >

< MD5 for: AGP440.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.04.04 07:45:18 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009.04.04 07:45:18 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.04.04 07:45:18 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009.04.04 07:45:18 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.18 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 04:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 04:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 04:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2004.08.18 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
[2004.08.18 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\I386\AUTOCHK.EXE

< MD5 for: CDROM.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2009.04.04 07:45:18 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:cdrom.sys
[2009.04.04 07:45:18 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.18 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.18 13:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 04:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 04:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 04:21:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:21:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.18 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.18 13:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2009.04.04 07:45:18 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:hal.dll
[2009.04.04 07:45:18 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 19:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 19:31:28 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2004.08.18 13:00:00 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2009.04.04 07:45:18 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:Changer.sys
[2009.04.04 07:45:18 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: ISAPNP.SYS >
[2009.04.04 07:45:18 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2009.04.04 07:45:18 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2004.08.18 13:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2008.04.14 03:27:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 03:27:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.18 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 04:22:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 04:22:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 20:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 20:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.18 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.18 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 04:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.18 13:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.18 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 04:22:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 04:22:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
[2004.08.18 13:00:00 | 000,481,792 | ---- | M] (Microsoft Corporation) MD5=CB56F803D2CAF6B3F32E82D2F73F4B3A -- C:\WINDOWS\I386\SYSTEM32\SMSS.EXE

< MD5 for: SVCHOST.EXE >
[2008.04.14 04:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 04:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.18 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 11:45:14 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 11:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\erdnt\cache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 04:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.18 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.18 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:22:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:22:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.18 13:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 04:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 04:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[6 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[67 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009.02.27 19:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Identities
[2009.02.27 19:01:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Petr\Data aplikací\Microsoft
[2009.02.28 07:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Opera
[2009.02.28 16:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Adobe
[2009.02.28 16:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Macromedia
[2009.03.01 12:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\WinTuneup Data
[2009.03.07 07:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Desktopicon
[2009.03.13 15:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\dvdcss
[2009.03.14 12:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\EPSON
[2009.04.18 07:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\GetRightToGo
[2009.04.18 08:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Spell Check Anywhere
[2009.05.03 20:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Cashfiesta
[2009.05.19 14:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Help
[2009.05.30 16:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\FDRLab
[2009.05.31 14:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\WinRAR
[2009.05.31 15:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Orbit
[2009.05.31 15:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\GrabPro
[2009.06.17 11:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Wireshark
[2009.06.28 11:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Absolutist.com
[2009.06.28 17:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\CyberLink
[2009.07.22 13:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\iolo
[2009.07.22 14:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Apple Computer
[2009.07.27 13:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\AVS4YOU
[2009.08.03 07:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Power Sound Editor Free
[2009.12.21 15:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\IObit
[2010.03.09 21:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\SolidDocuments
[2010.03.09 21:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.03.09 21:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Softland
[2010.03.09 21:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Moyea
[2010.06.16 09:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\SoftGate
[2010.07.28 16:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\DivX
[2011.01.15 08:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\LG Electronics
[2011.01.15 09:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\MOBILedit
[2011.01.15 10:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\MOBILeditForensic
[2011.03.04 12:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Google
[2011.05.20 13:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Malwarebytes
[2011.05.22 09:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Real
[2013.01.30 10:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\PhotoScape
[2013.11.26 10:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Systweak

< %APPDATA%\*.exe /s >
[2009.02.11 19:00:00 | 007,853,352 | ---- | M] (iolo technologies, LLC ) -- C:\Documents and Settings\Petr\Data aplikací\iolo\Installers\SearchAndRecover.exe
[2010.06.14 10:16:56 | 000,004,286 | R--- | M] () -- C:\Documents and Settings\Petr\Data aplikací\Microsoft\Installer\{D6615307-A73A-49C5-B90F-D97E027F034A}\_6FEFF9B68218417F98F549.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009.02.27 19:00:36 | 000,458,752 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
[2009.02.27 19:00:36 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.02.27 19:00:36 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2013.11.26 11:47:26 | 000,023,392 | ---- | M] () -- C:\WINDOWS\system32\nscompat.tlb
[2013.11.26 11:47:26 | 000,016,832 | ---- | M] () -- C:\WINDOWS\system32\amcompat.tlb

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 04:22:18 | 000,015,360 | ---- | M] (Microsoft Corporation)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013.11.28 11:15:52 | 000,000,512 | ---- | M] () MD5=2D49A38014FC566D5ED1D65156BA28B5 -- C:\PhysicalMBR.bin

< >

< *crack* /s >

< *keygen* /s >

< *AntiWPA* /s >

< *loader* /s >
[2009.04.18 07:53:36 | 000,000,000 | ---- | M] () -- \Documents and Settings\Petr\Data aplikací\GetRightToGo\SpellCheckAnywhereDownloader[1].d000
[2009.04.18 07:53:36 | 000,000,000 | ---- | M] () -- \Documents and Settings\Petr\Data aplikací\GetRightToGo\SpellCheckAnywhereDownloader[1].data
[2013.11.28 11:02:20 | 000,003,208 | ---- | M] () -- \Documents and Settings\Petr\Local Settings\Temporary Internet Files\Content.IE5\F1OLMS87\imageloader[1].gif
[2004.08.18 13:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2004.08.18 13:00:00 | 000,017,423 | ---- | M] () -- \WINDOWS\I386\DMLOADER.DL_
[2004.08.18 13:00:00 | 000,115,153 | ---- | M] () -- \WINDOWS\I386\OSLOADER.EX_
[2004.08.18 13:00:00 | 000,132,757 | ---- | M] () -- \WINDOWS\I386\OSLOADER.NT_
[2013.11.26 10:42:30 | 000,009,612 | ---- | M] () -- \WINDOWS\Prefetch\FILEUPLOADER.EXE-36ECF349.pf
[2002.12.12 00:14:32 | 000,033,280 | ---- | M] () -- \WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmloader.dll
[2008.04.13 19:31:48 | 000,230,912 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.14 04:21:40 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.13 19:31:48 | 000,278,528 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 04:21:40 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[2002.12.12 00:14:32 | 000,033,280 | ---- | M] () -- \WINDOWS\system32\dllcache\dmloader.dll

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2004.08.17 15:44:16 | 000,030,301 | ---- | M] () -- \cmdcons\SERIAL.SY_
[2011.03.10 00:43:26 | 000,413,696 | ---- | M] () -- \Program Files\Microsoft Silverlight\4.0.60310.0\System.Runtime.Serialization.dll
[2011.04.22 09:16:34 | 001,186,816 | ---- | M] () -- \Program Files\Microsoft Silverlight\4.0.60310.0\System.Runtime.Serialization.ni.dll
[2008.07.29 19:16:38 | 000,966,656 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2004.08.18 13:00:00 | 000,064,640 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\serial.sys
[2012.07.02 11:09:34 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\System.Runtime.Serialization.Formatters.Soap.dll
[2013.05.15 09:50:30 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013.04.11 09:47:40 | 000,966,656 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2013.04.11 12:20:06 | 001,979,392 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0642356d4150a0ebd9589139074e60b2\System.Runtime.Serialization.ni.dll
[2004.08.18 13:00:00 | 000,024,957 | ---- | M] () -- \WINDOWS\I386\DPSERIAL.DL_
[2004.08.18 13:00:00 | 000,030,301 | ---- | M] () -- \WINDOWS\I386\SERIAL.SY_
[2004.08.18 13:00:00 | 000,006,549 | ---- | M] () -- \WINDOWS\I386\SERIALUI.DL_
[2008.07.25 11:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2008.07.25 11:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC10336\System.Runtime.Serialization.Formatters.Soap.dll
[2008.07.25 11:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC11193\System.Runtime.Serialization.Formatters.Soap.dll
[2008.07.25 11:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15249\System.Runtime.Serialization.Formatters.Soap.dll
[2008.07.25 11:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC25632\System.Runtime.Serialization.Formatters.Soap.dll
[2008.07.25 11:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC25745\System.Runtime.Serialization.Formatters.Soap.dll
[2008.07.25 11:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC29612\System.Runtime.Serialization.Formatters.Soap.dll
[2008.07.25 11:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC30492\System.Runtime.Serialization.Formatters.Soap.dll
[2008.07.25 11:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC32904\System.Runtime.Serialization.Formatters.Soap.dll
[2008.07.25 11:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC35655\System.Runtime.Serialization.Formatters.Soap.dll
[2008.07.25 11:17:00 | 008,421,376 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC38819\System.Runtime.Serialization.Formatters.Soap.dll
[2008.07.25 11:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC40573\System.Runtime.Serialization.Formatters.Soap.dll
[2008.07.25 11:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC41808\System.Runtime.Serialization.Formatters.Soap.dll
[2008.07.29 19:16:38 | 000,966,656 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2008.04.14 03:21:08 | 000,064,256 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\serial.sys
[2008.04.14 03:17:26 | 000,028,416 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\grserial.sys
[2004.08.18 13:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2004.08.18 13:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[2004.08.18 13:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dllcache\dpserial.dll
[2004.08.18 13:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\dllcache\serialui.dll
[2008.04.14 03:21:08 | 000,064,256 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys

< *w7lxe* /s >

< >

< >

< End of report >

OTL Extras logfile created on: 28.11.2013 11:12:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Petr\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

447,36 Mb Total Physical Memory | 123,96 Mb Available Physical Memory | 27,71% Memory free
4,31 Gb Paging File | 3,84 Gb Available in Paging File | 89,08% Paging File free
Paging file location(s): C:\pagefile.sys 4033 4033 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,50 Gb Total Space | 0,11 Gb Free Space | 0,15% Space Free | Partition Type: FAT32

Computer Name: DOMA | User Name: Petr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-714400596-3210757239-2929730860-1005\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\System32\USMT\migwiz.exe" = C:\WINDOWS\System32\USMT\migwiz.exe:*:Enabled:Průvodce přenesením souborů a nastavení -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{115C3431-11CA-4917-B498-4CA1FF2AD06D}" = DVBT Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = ADSL USB MODEM
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F722FA9-B994-4C9B-B292-FD32D6206EDF}" = ASUS WLAN Card Utilities/Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6615307-A73A-49C5-B90F-D97E027F034A}" = Nova Stahovák
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11.10.2013 11:31:36 | Computer Name = DOMA | Source = ESENT | ID = 482
Description = wuauclt (224) Pokus o zápis 131072 (0x00020000) bajtů do souboru C:\WINDOWS\SoftwareDistribution\DataStore\Logs\res2.log
na posunu 0 (0x0000000000000000) se nezdařil. Došlo k systémové chybě 112 (0x00000070):
Na disku není dost místa. . Operace zápisu se nezdaří a dojde k chybě -1808 (0xfffff8f0).
Pokud tyto potíže potrvají, je soubor pravděpodobně poškozen a bude nutné jej obnovit
ze záložní kopie.

Error - 11.10.2013 11:31:36 | Computer Name = DOMA | Source = ESENT | ID = 482
Description = wuauclt (224) Pokus o zápis 131072 (0x00020000) bajtů do souboru C:\WINDOWS\SoftwareDistribution\DataStore\Logs\res2.log
na posunu 0 (0x0000000000000000) se nezdařil. Došlo k systémové chybě 112 (0x00000070):
Na disku není dost místa. . Operace zápisu se nezdaří a dojde k chybě -1808 (0xfffff8f0).
Pokud tyto potíže potrvají, je soubor pravděpodobně poškozen a bude nutné jej obnovit
ze záložní kopie.

Error - 11.10.2013 11:31:36 | Computer Name = DOMA | Source = ESENT | ID = 482
Description = wuauclt (224) Pokus o zápis 131072 (0x00020000) bajtů do souboru C:\WINDOWS\SoftwareDistribution\DataStore\Logs\res2.log
na posunu 0 (0x0000000000000000) se nezdařil. Došlo k systémové chybě 112 (0x00000070):
Na disku není dost místa. . Operace zápisu se nezdaří a dojde k chybě -1808 (0xfffff8f0).
Pokud tyto potíže potrvají, je soubor pravděpodobně poškozen a bude nutné jej obnovit
ze záložní kopie.

Error - 11.10.2013 11:31:36 | Computer Name = DOMA | Source = ESENT | ID = 482
Description = wuauclt (224) Pokus o zápis 131072 (0x00020000) bajtů do souboru C:\WINDOWS\SoftwareDistribution\DataStore\Logs\res2.log
na posunu 0 (0x0000000000000000) se nezdařil. Došlo k systémové chybě 112 (0x00000070):
Na disku není dost místa. . Operace zápisu se nezdaří a dojde k chybě -1808 (0xfffff8f0).
Pokud tyto potíže potrvají, je soubor pravděpodobně poškozen a bude nutné jej obnovit
ze záložní kopie.

Error - 11.10.2013 11:31:36 | Computer Name = DOMA | Source = ESENT | ID = 482
Description = wuauclt (224) Pokus o zápis 131072 (0x00020000) bajtů do souboru C:\WINDOWS\SoftwareDistribution\DataStore\Logs\res2.log
na posunu 0 (0x0000000000000000) se nezdařil. Došlo k systémové chybě 112 (0x00000070):
Na disku není dost místa. . Operace zápisu se nezdaří a dojde k chybě -1808 (0xfffff8f0).
Pokud tyto potíže potrvají, je soubor pravděpodobně poškozen a bude nutné jej obnovit
ze záložní kopie.

Error - 11.10.2013 11:31:36 | Computer Name = DOMA | Source = ESENT | ID = 482
Description = wuauclt (224) Pokus o zápis 131072 (0x00020000) bajtů do souboru C:\WINDOWS\SoftwareDistribution\DataStore\Logs\res2.log
na posunu 0 (0x0000000000000000) se nezdařil. Došlo k systémové chybě 112 (0x00000070):
Na disku není dost místa. . Operace zápisu se nezdaří a dojde k chybě -1808 (0xfffff8f0).
Pokud tyto potíže potrvají, je soubor pravděpodobně poškozen a bude nutné jej obnovit
ze záložní kopie.

Error - 11.10.2013 11:36:14 | Computer Name = DOMA | Source = ESENT | ID = 482
Description = wuauclt (224) Pokus o zápis 131072 (0x00020000) bajtů do souboru C:\WINDOWS\SoftwareDistribution\DataStore\Logs\res2.log
na posunu 0 (0x0000000000000000) se nezdařil. Došlo k systémové chybě 112 (0x00000070):
Na disku není dost místa. . Operace zápisu se nezdaří a dojde k chybě -1808 (0xfffff8f0).
Pokud tyto potíže potrvají, je soubor pravděpodobně poškozen a bude nutné jej obnovit
ze záložní kopie.

Error - 11.10.2013 11:36:14 | Computer Name = DOMA | Source = ESENT | ID = 482
Description = wuauclt (224) Pokus o zápis 131072 (0x00020000) bajtů do souboru C:\WINDOWS\SoftwareDistribution\DataStore\Logs\res2.log
na posunu 0 (0x0000000000000000) se nezdařil. Došlo k systémové chybě 112 (0x00000070):
Na disku není dost místa. . Operace zápisu se nezdaří a dojde k chybě -1808 (0xfffff8f0).
Pokud tyto potíže potrvají, je soubor pravděpodobně poškozen a bude nutné jej obnovit
ze záložní kopie.

Error - 20.11.2013 4:17:01 | Computer Name = DOMA | Source = MsiInstaller | ID = 11001
Description =

Error - 26.11.2013 6:44:07 | Computer Name = DOMA | Source = MsiInstaller | ID = 11001
Description =

[ System Events ]
Error - 21.11.2013 7:17:48 | Computer Name = DOMA | Source = Windows Update Agent | ID = 20
Description = Instalace se nezdařila: Instalace následující aktualizace se nezdařila
z důvodu chyby (0x80070003): Aktualizace zabezpečení pro rozhraní Microsoft .NET
Framework 2.0 SP2 v systémech Windows Server 2003 a Windows XP pro platformu x86
(KB2863239).

Error - 21.11.2013 7:17:53 | Computer Name = DOMA | Source = Windows Update Agent | ID = 20
Description = Instalace se nezdařila: Instalace následující aktualizace se nezdařila
z důvodu chyby (0x8009310b): Aktualizace zabezpečení systému Windows XP (KB2834886).

Error - 21.11.2013 7:17:53 | Computer Name = DOMA | Source = Windows Update Agent | ID = 20
Description = Instalace se nezdařila: Instalace následující aktualizace se nezdařila
z důvodu chyby (0x80070003): Aktualizace zabezpečení pro rozhraní Microsoft .NET
Framework 3.0 SP2 v systémech Windows Server 2003 a Windows XP pro platformu x86
(KB2756918).

Error - 21.11.2013 7:17:53 | Computer Name = DOMA | Source = Windows Update Agent | ID = 20
Description = Instalace se nezdařila: Instalace následující aktualizace se nezdařila
z důvodu chyby (0x80070003): Aktualizace zabezpečení pro rozhraní Microsoft .NET
Framework 2.0 SP2 v systémech Windows Server 2003 a Windows XP pro platformu x86
(KB2742596).

Error - 25.11.2013 3:38:33 | Computer Name = DOMA | Source = Service Control Manager | ID = 7000
Description = Služba General Purpose USB Driver (adildr.sys) neuspěla při spuštění
v důsledku následující chyby: %%2

Error - 25.11.2013 3:40:02 | Computer Name = DOMA | Source = Service Control Manager | ID = 7000
Description = Služba General Purpose USB Driver (adildr.sys) neuspěla při spuštění
v důsledku následující chyby: %%2

Error - 25.11.2013 3:53:01 | Computer Name = DOMA | Source = Service Control Manager | ID = 7000
Description = Služba General Purpose USB Driver (adildr.sys) neuspěla při spuštění
v důsledku následující chyby: %%2

Error - 25.11.2013 4:08:43 | Computer Name = DOMA | Source = Service Control Manager | ID = 7000
Description = Služba General Purpose USB Driver (adildr.sys) neuspěla při spuštění
v důsledku následující chyby: %%2

Error - 25.11.2013 4:41:51 | Computer Name = DOMA | Source = Service Control Manager | ID = 7000
Description = Služba General Purpose USB Driver (adildr.sys) neuspěla při spuštění
v důsledku následující chyby: %%2

Error - 25.11.2013 5:04:31 | Computer Name = DOMA | Source = Service Control Manager | ID = 7000
Description = Služba General Purpose USB Driver (adildr.sys) neuspěla při spuštění
v důsledku následující chyby: %%2

< End of report >

Znovu spustte OTL
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[ClearAllRestorePoints]

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:otl
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-714400596-3210757239-2929730860-1005\..\SearchScopes\{5042D780-0816-8CAF-69AC-06A54D832FE0}: "URL" = http://bwrk.startya.com/s/?q={searchTerms}&iesrc=IE-SearchBox&site=Yahoo&cfg=2-490-0-0
IE - HKU\S-1-5-21-714400596-3210757239-2929730860-1005\..\SearchScopes\Yahoo!: "URL" = http://search.yahoo.com/search?fr=chr-g ... =302398&p={searchTerms}
O3 - HKU\S-1-5-21-714400596-3210757239-2929730860-1005\..\Toolbar\ShellBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-21-714400596-3210757239-2929730860-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-714400596-3210757239-2929730860-1005\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (Reg Error: Key error.)
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} http://kamera-pecky.viewnetcam.com/kxhcm10.ocx (Reg Error: Key error.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Value error.)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://kamera.petplanet.cz/activex/AMC.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2009.11.29 15:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\f-secure
[2010.07.01 12:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2011.05.23 09:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVG10
[2011.07.21 11:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2009.12.21 15:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\IObit
[6 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[67 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: NetworkService
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Petr
->Temp folder emptied: 18339769 bytes
->Temporary Internet Files folder emptied: 12410870 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 81920 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 29,00 mb

[EMPTYFLASH]

User: Default User

User: All Users

User: NetworkService

User: LocalService
->Flash cache emptied: 0 bytes

User: Petr
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-714400596-3210757239-2929730860-1005\Software\Microsoft\Internet Explorer\SearchScopes\{5042D780-0816-8CAF-69AC-06A54D832FE0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5042D780-0816-8CAF-69AC-06A54D832FE0}\ not found.
Registry key HKEY_USERS\S-1-5-21-714400596-3210757239-2929730860-1005\Software\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
Registry value HKEY_USERS\S-1-5-21-714400596-3210757239-2929730860-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
Registry value HKEY_USERS\S-1-5-21-714400596-3210757239-2929730860-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-714400596-3210757239-2929730860-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
Starting removal of ActiveX control {0D41B8C5-2599-4893-8183-00195EC8D5F9}
C:\WINDOWS\Downloaded Program Files\asusTek_sys_ctrl.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0D41B8C5-2599-4893-8183-00195EC8D5F9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D41B8C5-2599-4893-8183-00195EC8D5F9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0D41B8C5-2599-4893-8183-00195EC8D5F9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D41B8C5-2599-4893-8183-00195EC8D5F9}\ not found.
Starting removal of ActiveX control {2E28242B-A689-11D4-80F2-0040266CBB8D}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2E28242B-A689-11D4-80F2-0040266CBB8D}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2E28242B-A689-11D4-80F2-0040266CBB8D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E28242B-A689-11D4-80F2-0040266CBB8D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2E28242B-A689-11D4-80F2-0040266CBB8D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E28242B-A689-11D4-80F2-0040266CBB8D}\ not found.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {745395C8-D0E1-4227-8586-624CA9A10A8D}
C:\WINDOWS\Downloaded Program Files\setup.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{745395C8-D0E1-4227-8586-624CA9A10A8D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{745395C8-D0E1-4227-8586-624CA9A10A8D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{745395C8-D0E1-4227-8586-624CA9A10A8D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{745395C8-D0E1-4227-8586-624CA9A10A8D}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Documents and Settings\All Users\Data aplikací\f-secure\Daas2\cert folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\f-secure\Daas2 folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\f-secure\setup folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\f-secure folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\spool\suspic folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\spool folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\arpot\TEMP folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\arpot folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\fw folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\moved folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\integ folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\report folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\log folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\backup folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\journal folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\HtmlData folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\sounds folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\chest folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5 folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\AVG10\Cfg folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\AVG10\log folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\AVG10 folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\AVAST Software\Avast\log folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\AVAST Software\Avast folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\AVAST Software\Persistent Data\Avast\Logs folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\AVAST Software\Persistent Data\Avast folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\AVAST Software\Persistent Data folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\AVAST Software folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\IObit\IObit Uninstaller\Log folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\IObit\IObit Uninstaller folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\IObit\Advanced SystemCare V4\EmptyFolder folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\IObit\Advanced SystemCare V4\SmartRAM folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\IObit\Advanced SystemCare V4\Driver Manager\DriverBackup folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\IObit\Advanced SystemCare V4\Driver Manager folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\IObit\Advanced SystemCare V4\DiskCheck folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\IObit\Advanced SystemCare V4\Startup Manager folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\IObit\Advanced SystemCare V4\Smart RAM folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\IObit\Advanced SystemCare V4\Disk Cleaner folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\IObit\Advanced SystemCare V4\PrivacySweeper folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\IObit\Advanced SystemCare V4\Toolbox folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\IObit\Advanced SystemCare V4\PMonitor folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\IObit\Advanced SystemCare V4\Log folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\IObit\Advanced SystemCare V4\Backup folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\IObit\Advanced SystemCare V4 folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\IObit\InternetBooster folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\IObit\SmartRAM folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\IObit\Advanced SystemCare\Backup\Registry folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\IObit\Advanced SystemCare\Backup folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\IObit\Advanced SystemCare folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\IObit folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP407.tmp deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2FA.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP61F.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP26A.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1FF.tmp\System.IdentityModel.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1FF.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5.tmp folder deleted successfully.
C:\WINDOWS\Installer\MSIF6.tmp deleted successfully.
C:\WINDOWS\Installer\MSI3B5.tmp deleted successfully.
C:\WINDOWS\Installer\MSIA9.tmp deleted successfully.
C:\WINDOWS\Installer\MSID9.tmp deleted successfully.
C:\WINDOWS\Installer\MSI7.tmp deleted successfully.
C:\WINDOWS\Installer\MSI37.tmp deleted successfully.
C:\WINDOWS\Installer\MSI295.tmp deleted successfully.
C:\WINDOWS\Installer\MSI8.tmp deleted successfully.
C:\WINDOWS\Installer\MSIE.tmp deleted successfully.
C:\WINDOWS\Installer\MSIF.tmp deleted successfully.
C:\WINDOWS\Installer\MSI10.tmp deleted successfully.
C:\WINDOWS\Installer\MSI11.tmp deleted successfully.
C:\WINDOWS\Installer\MSI12.tmp deleted successfully.
C:\WINDOWS\Installer\MSI13.tmp deleted successfully.
C:\WINDOWS\Installer\MSI14.tmp deleted successfully.
C:\WINDOWS\Installer\MSI15.tmp deleted successfully.
C:\WINDOWS\Installer\MSI16.tmp deleted successfully.
C:\WINDOWS\Installer\MSI17.tmp deleted successfully.
C:\WINDOWS\Installer\MSI18.tmp deleted successfully.
C:\WINDOWS\Installer\MSI19.tmp deleted successfully.
C:\WINDOWS\Installer\MSI1A.tmp deleted successfully.
C:\WINDOWS\Installer\MSI1B.tmp deleted successfully.
C:\WINDOWS\Installer\MSI1C.tmp deleted successfully.
C:\WINDOWS\Installer\MSI1D.tmp deleted successfully.
C:\WINDOWS\Installer\MSI1E.tmp deleted successfully.
C:\WINDOWS\Installer\MSI1F.tmp deleted successfully.
C:\WINDOWS\Installer\MSI20.tmp deleted successfully.
C:\WINDOWS\Installer\MSI21.tmp deleted successfully.
C:\WINDOWS\Installer\MSI22.tmp deleted successfully.
C:\WINDOWS\Installer\MSI23.tmp deleted successfully.
C:\WINDOWS\Installer\MSI24.tmp deleted successfully.
C:\WINDOWS\Installer\MSI25.tmp deleted successfully.
C:\WINDOWS\Installer\MSI26.tmp deleted successfully.
C:\WINDOWS\Installer\MSI27.tmp deleted successfully.
C:\WINDOWS\Installer\MSI28.tmp deleted successfully.
C:\WINDOWS\Installer\MSI29.tmp deleted successfully.
C:\WINDOWS\Installer\MSI2A.tmp deleted successfully.
C:\WINDOWS\Installer\MSI2B.tmp deleted successfully.
C:\WINDOWS\Installer\MSI2C.tmp deleted successfully.
C:\WINDOWS\Installer\MSI2D.tmp deleted successfully.
C:\WINDOWS\Installer\MSI2E.tmp deleted successfully.
C:\WINDOWS\Installer\MSI2F.tmp deleted successfully.
C:\WINDOWS\Installer\MSI30.tmp deleted successfully.
C:\WINDOWS\Installer\MSI31.tmp deleted successfully.
C:\WINDOWS\Installer\MSI32.tmp deleted successfully.
C:\WINDOWS\Installer\MSI33.tmp deleted successfully.
C:\WINDOWS\Installer\MSI9.tmp deleted successfully.
C:\WINDOWS\Installer\MSI75.tmp deleted successfully.
C:\WINDOWS\Installer\MSI40.tmp deleted successfully.
C:\WINDOWS\Installer\MSI47.tmp deleted successfully.
C:\WINDOWS\Installer\MSIA.tmp deleted successfully.
C:\WINDOWS\Installer\MSI46.tmp deleted successfully.
C:\WINDOWS\Installer\MSIB.tmp deleted successfully.
C:\WINDOWS\Installer\MSI35.tmp deleted successfully.
C:\WINDOWS\Installer\MSI65.tmp deleted successfully.
C:\WINDOWS\Installer\MSIC.tmp deleted successfully.
C:\WINDOWS\Installer\MSI3B.tmp deleted successfully.
C:\WINDOWS\Installer\MSID5.tmp deleted successfully.
C:\WINDOWS\Installer\MSID.tmp deleted successfully.
C:\WINDOWS\Installer\MSI55.tmp deleted successfully.
C:\WINDOWS\Installer\MSI38.tmp deleted successfully.
C:\WINDOWS\Installer\MSI39.tmp deleted successfully.
C:\WINDOWS\Installer\MSI3A.tmp deleted successfully.
C:\WINDOWS\Installer\MSI3C.tmp deleted successfully.
C:\WINDOWS\Installer\MSI34.tmp deleted successfully.
C:\WINDOWS\Installer\MSI2.tmp deleted successfully.
C:\WINDOWS\Installer\MSI3.tmp deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 11282013_161203

Files\Folders moved on Reboot...
C:\Documents and Settings\Petr\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Documents and Settings\Petr\Local Settings\Temporary Internet Files\Content.IE5\39NGJYVH\lscpy[1].html moved successfully.
C:\Documents and Settings\Petr\Local Settings\Temporary Internet Files\Content.IE5\39NGJYVH\context[1].htm moved successfully.
C:\Documents and Settings\Petr\Local Settings\Temporary Internet Files\Content.IE5\AAAMPUSH\225601-budete-zirat-takhle-vypada-bez-make-upu-18-let-od-ziskani-titulu-miss-europe-monika-zidkova[1].html moved successfully.
C:\Documents and Settings\Petr\Local Settings\Temporary Internet Files\Content.IE5\AAAMPUSH\lscpy[1].html moved successfully.
C:\Documents and Settings\Petr\Local Settings\Temporary Internet Files\Content.IE5\AAAMPUSH\viewtopic[1].htm moved successfully.
C:\Documents and Settings\Petr\Local Settings\Temporary Internet Files\Content.IE5\G19K72HP\lsget[1].html moved successfully.
C:\Documents and Settings\Petr\Local Settings\Temporary Internet Files\Content.IE5\G19K72HP\like[1].htm moved successfully.
C:\Documents and Settings\Petr\Local Settings\Temporary Internet Files\Content.IE5\G19K72HP\pocasi_seznam_cz[1].htm moved successfully.
C:\Documents and Settings\Petr\Local Settings\Temporary Internet Files\Content.IE5\PQTYMDRN\seznam_cz[1].htm moved successfully.
C:\Documents and Settings\Petr\Local Settings\Temporary Internet Files\Content.IE5\PQTYMDRN\index_o2active[1].htm moved successfully.
C:\Documents and Settings\Petr\Local Settings\Temporary Internet Files\Content.IE5\PQTYMDRN\lsget[1].html moved successfully.
C:\Documents and Settings\Petr\Local Settings\Temporary Internet Files\Content.IE5\PQTYMDRN\lsset[1].html moved successfully.
C:\Documents and Settings\Petr\Local Settings\Temporary Internet Files\Content.IE5\PQTYMDRN\afr[1].htm moved successfully.
C:\Documents and Settings\Petr\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_784.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.

Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustte
Kliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat

Stahnete Ccleaner http://www.stahuj.centrum.cz/utility_a_ ... /ccleaner/ a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!

Defragmentujte disk(y)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.

Pak dejte novy log z RSIT a napiste, jak je na tom pc.

Dobrý den,
včera naposledy jsem dala asi něco jiného

Dnes se naploše objevilo tohle

OTL logfile created on: 28.11.2013 16:15:30 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Petr\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

447,36 Mb Total Physical Memory | 182,20 Mb Available Physical Memory | 40,73% Memory free
4,31 Gb Paging File | 4,15 Gb Available in Paging File | 96,27% Paging File free
Paging file location(s): C:\pagefile.sys 4033 4033 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,50 Gb Total Space | 1,30 Gb Free Space | 1,75% Space Free | Partition Type: FAT32

Computer Name: DOMA | User Name: Petr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.11.28 11:10:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Petr\Plocha\OTL.exe
PRC - [2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\Monfilt.sys -- (Monfilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgvmodem.sys -- (LGVMODEM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgmdobex.sys -- (lgmdobex)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgmdmgmt.sys -- (lgmdmgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgmdmdm.sys -- (lgmdmdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgmdmdfl.sys -- (lgmdmdfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgmdbus.sys -- (lgmdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgbtbus.sys -- (lgbusenum)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgbtport.sys -- (LgBttPort)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\adiusbaw.sys -- (adiusbaw)
DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\adildr.sys -- (ADILOADER)
DRV - [2013.03.07 00:33:22 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2008.04.13 19:53:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007.09.11 15:20:00 | 000,087,296 | R--- | M] (e3C, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EC168BDA.sys -- (EC168BDA)
DRV - [2007.08.01 21:30:40 | 000,016,376 | R--- | M] (Gemfor s.r.o.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ethpdrv.sys -- (Ethpdrv)
DRV - [2006.11.15 14:34:40 | 004,225,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006.06.14 18:16:00 | 000,425,472 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ASUS)
DRV - [2005.11.03 16:40:08 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02)
DRV - [2005.08.10 14:44:06 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2005.05.16 15:20:40 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004.07.09 04:26:38 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2003.07.01 18:47:08 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003.01.29 08:29:34 | 000,008,703 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2002.09.09 19:54:06 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ASNDIS5.sys -- (ASNDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mail.o2active.cz/iwc_static [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\..\SearchScopes,DefaultScope = Yahoo!
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKCU\..\SearchScopes\Yahoo!: "URL" = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found

O1 HOSTS File: ([2013.11.27 16:28:48 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPopUpsOnBoot = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{049CCB79-C510-4FE9-81CC-A103BAA3BD9D}: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.02.27 19:07:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.11.28 16:12:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.11.28 11:10:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Petr\Plocha\OTL.exe
[2013.11.27 16:28:11 | 000,000,000 | ---D | C] -- C:\_OTM
[2013.11.27 09:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013.11.26 12:04:59 | 000,000,000 | ---D | C] -- C:\rsit
[2013.11.26 10:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
[2013.11.26 10:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Petr\Data aplikací\Systweak

========== Files - Modified Within 30 Days ==========

[2013.11.28 16:13:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.11.28 11:15:52 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.11.28 11:10:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Petr\Plocha\OTL.exe
[2013.11.27 10:40:42 | 000,000,005 | ---- | M] () -- C:\Documents and Settings\Petr\Data aplikací\mbam.context.scan
[2013.11.26 12:30:10 | 000,695,653 | ---- | M] () -- C:\Documents and Settings\Petr\Plocha\PH Kovo - kovošrot, sběrné suroviny, dvůr, demolice, Cheb, Praha - Počernice, Dolní Rychnov, Karlovy Vary, Bor u Tachova, Ostrov, Kraslice, Kladno - Dubí.mht
[2013.11.26 11:47:30 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2013.11.26 11:47:26 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013.11.26 11:47:26 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013.11.25 08:38:32 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.11.21 11:05:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.11.06 13:04:08 | 000,217,656 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013.11.28 11:15:50 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.11.27 10:40:41 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\Petr\Data aplikací\mbam.context.scan
[2013.11.26 12:30:04 | 000,695,653 | ---- | C] () -- C:\Documents and Settings\Petr\Plocha\PH Kovo - kovošrot, sběrné suroviny, dvůr, demolice, Cheb, Praha - Počernice, Dolní Rychnov, Karlovy Vary, Bor u Tachova, Ostrov, Kraslice, Kladno - Dubí.mht
[2013.10.09 15:16:42 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.08.16 08:35:42 | 000,217,656 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.25 09:38:57 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2012.02.15 08:43:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.03 10:15:34 | 000,001,198 | ---- | C] () -- C:\Documents and Settings\Petr\Local Settings\Data aplikací\FASTWiz.html
[2009.04.11 08:59:33 | 000,087,552 | ---- | C] () -- C:\Documents and Settings\Petr\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009.04.18 07:55:10 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009.12.22 06:09:54 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:56:06 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:06 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009.05.30 11:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.07.22 13:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\iolo
[2009.04.28 18:25:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\~0
[2009.08.03 07:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Drivers HeadQuarters
[2009.11.29 15:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\fssg
[2010.03.09 20:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SolidDocuments
[2010.09.09 08:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\FileCure
[2011.05.23 09:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MFAData
[2011.05.23 09:36:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\Common Files
[2013.04.02 11:48:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJEPPEX2
[2013.04.02 11:48:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonEPP
[2009.02.28 07:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Opera
[2009.03.01 12:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\WinTuneup Data
[2009.03.07 07:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Desktopicon
[2009.03.14 12:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\EPSON
[2009.04.18 07:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\GetRightToGo
[2009.04.18 08:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Spell Check Anywhere
[2009.05.03 20:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Cashfiesta
[2009.05.30 16:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\FDRLab
[2009.05.31 15:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Orbit
[2009.05.31 15:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\GrabPro
[2009.06.17 11:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Wireshark
[2009.06.28 11:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Absolutist.com
[2009.07.22 13:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\iolo
[2009.08.03 07:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Power Sound Editor Free
[2010.03.09 21:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\SolidDocuments
[2010.03.09 21:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.03.09 21:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Softland
[2010.03.09 21:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Moyea
[2010.06.16 09:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\SoftGate
[2011.01.15 08:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\LG Electronics
[2011.01.15 09:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\MOBILedit
[2011.01.15 10:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\MOBILeditForensic
[2013.01.30 10:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\PhotoScape
[2013.11.26 10:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Systweak

========== Purity Check ==========

< End of report >

To je log z OTL, ja bych rad videl log z RSIT

VIRY.CZ

R S I T log

R S I T log

Re: R S I T log

Re: R S I T log

Re: R S I T log

Re: R S I T log

Re: R S I T log

Re: R S I T log

Re: R S I T log

Re: R S I T log

Re: R S I T log

Re: R S I T log

Re: R S I T log

Re: R S I T log

Re: R S I T log

Re: R S I T log