VIRY.CZ

Dobrý den, při aktualizaci Avastu jsem spustil Firefox a ten se začal aktualizovat také (pro daný admin profil). Mám pocit, že při té příležitosti došlo k nějakému útoku. Výsledkem je, že Avast má vypnuté 3 štíty a nelze je zapnout.

Skutečně vám moc děkuji za pomoc a ochotu.
Kapik04

Logfile of random's system information tool 1.06 (written by random/random)
Run by admin at 2014-01-14 19:37:05
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 10 GB (6%) free of 157 GB
Total RAM: 1918 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:37:09, on 14.1.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\All Users\Dokumenty\Sdílené programy\RSIT\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\trend micro\admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.autocompletepro.com/?si=10206&bi=400
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.autocompletepro.com/?si=10206&bi=400
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.autocompletepro.com/?si=10206&bi=400
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.autocompletepro.com/?si=10206&bi=400
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1343024091-725345543-839522115-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Pavel')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Google Update Service (gupdate1c989d6138cf4c2) (gupdate1c989d6138cf4c2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

--
End of file - 8581 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-725345543-839522115-1005Core.job
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-725345543-839522115-1005UA.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]
AC-Pro - C:\Program Files\AutocompletePro\AutocompletePro.dll [2010-11-11 97760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08 77424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-02-17 1192960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-11-20 329712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-11-20 59376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-11-20 79856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
Yontoo - C:\Program Files\Yontoo\YontooIEClient.dll [2012-03-27 792864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-02-17 1192960]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2011-04-21 1000768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2006-01-24 7311360]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2006-01-24 86016]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2013-08-30 4858968]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
""= []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-02-03 110592]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\Documents and Settings\Hry a zábava\Local Settings\temp\~osC.tmp\rlvknlg.exe"="C:\Documents and Settings\Hry a zábava\Local Settings\temp\~osC.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"C:\Documents and Settings\Hry a zábava\Local Settings\Data aplikací\Facebook\Video\Skype\FacebookVideoCalling.exe"="C:\Documents and Settings\Hry a zábava\Local Settings\Data aplikací\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Hry\ZooTycoon_2\zt.exe"="E:\Hry\ZooTycoon_2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\Program Files\PANDORA.TV\PanService\PandoraService.exe"="C:\Program Files\PANDORA.TV\PanService\PandoraService.exe:*:Enabled:PandoraService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2014-01-04 14:21:29 ----D---- C:\Program Files\Mozilla Firefox
2013-12-30 18:38:06 ----D---- C:\Temp

======List of files/folders modified in the last 1 months======

2014-01-14 19:37:06 ----D---- C:\Program Files\trend micro
2014-01-14 19:33:36 ----D---- C:\WINDOWS\Prefetch
2014-01-14 19:29:29 ----D---- C:\WINDOWS\temp
2014-01-14 18:22:59 ----D---- C:\WINDOWS\system32
2014-01-14 18:22:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-14 18:17:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-01-14 18:09:28 ----D---- C:\Program Files
2014-01-14 18:08:59 ----D---- C:\Program Files\Google
2014-01-14 18:00:33 ----SD---- C:\WINDOWS\Tasks
2014-01-14 18:00:18 ----D---- C:\WINDOWS\WinSxS
2014-01-14 18:00:17 ----D---- C:\WINDOWS\system32\drivers
2014-01-14 18:00:16 ----D---- C:\WINDOWS
2014-01-14 18:00:12 ----A---- C:\WINDOWS\system32\aswBoot.exe
2014-01-14 17:49:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2014-01-14 17:43:14 ----D---- C:\Program Files\TuneUp Utilities 2012
2014-01-13 19:29:02 ----D---- C:\WINDOWS\system32\CatRoot2
2014-01-04 14:35:21 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-12-20 14:16:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2014-01-14 26136]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2014-01-14 54832]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-01-14 775952]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-01-14 410528]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2014-01-14 57672]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2005-09-26 286720]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2005-09-26 81920]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-02-03 1975296]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-08-15 83200]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys []
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-14 48128]
S3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
S3 aoqdf6uv;aoqdf6uv; C:\WINDOWS\system32\drivers\aoqdf6uv.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-14 38912]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 ENUM1394;%1394\031887&040892.DeviceDesc%; C:\WINDOWS\system32\DRIVERS\enum1394.sys [2001-08-17 6400]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 kvpndev;Kerio VPN adapter; C:\WINDOWS\System32\DRIVERS\kvpndrv.sys [2006-03-29 59392]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-14 51200]
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-01-24 3535520]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-02-17 34176]
S3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-02-17 13056]
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-20 21248]
S3 rockusb;Driver for rockusb Device; C:\WINDOWS\system32\DRIVERS\rockusb.sys [2010-01-13 73984]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2010-04-14 73728]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-02-03 446464]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-08-30 46808]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-11-20 153584]
R2 KPF4;Kerio Personal Firewall 4; C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe [2005-10-10 1617920]
R2 PanService;PandoraService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [2011-12-21 578264]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2012-05-29 1528672]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 gupdate1c989d6138cf4c2;Google Update Service (gupdate1c989d6138cf4c2); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-08 133104]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2006-01-24 131139]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11 257416]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-08 133104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-01-04 119408]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe []

-----------------EOF-----------------

Zdravim

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

• Ulozte nejlepe na plochu
• Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
• Probehne vytvoreni zalohy a nasledne prohledavani
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Díky za instrukce. Vkládám log z prvního kroku:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Microsoft Windows XP x86
Ran by admin on źt 16.01.2014 at 19:55:41,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1343024091-725345543-839522115-1006\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\ctbr.r404pro
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\ctoolbar.tb4client
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\ctoolbar.tb4script
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\ctoolbar.tb4server
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protocols\handler\tbr
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\autocompletepro.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\yontooieclient.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{183643C8-EE67-4574-9A38-927852E34163}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1DDA201E-5B42-4352-933E-21A92B297E3B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4D25FB7A-8902-4291-960E-9ADA051CFBBF}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E79BB61D-7F1A-41DF-8AD0-402795E3B566}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ctoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\crawler search
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\ctoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dttoolbar.toolbandobj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dttoolbar.toolbandobj.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\suggestmeyes.suggestmeyesbho
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\suggestmeyes.suggestmeyesbho.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ctoolbar_uninstall
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\admin\Data aplikacˇ\getrighttogo"
Successfully deleted: [Folder] "C:\Program Files\autocompletepro"
Successfully deleted: [Folder] "C:\Program Files\crawler"
Successfully deleted: [Folder] "C:\Program Files\daemon tools toolbar"
Successfully deleted: [Folder] "C:\Program Files\yontoo"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\admin\Data aplikacˇ\mozilla\firefox\profiles\mjadoluk.default\user.js
Successfully deleted: [File] C:\Documents and Settings\admin\Data aplikacˇ\mozilla\firefox\profiles\mjadoluk.default\searchplugins\crawlersrch.xml
Successfully deleted the following from C:\Documents and Settings\admin\Data aplikacˇ\mozilla\firefox\profiles\mjadoluk.default\prefs.js

user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,ezLooker,pagerage,buzzdock,toprelatedtopics");
user_pref("extentions.y2layers.installId", "5531f54a-c5b0-4441-8810-232a105cff63");
user_pref("extentions.y2layers.lastDnsTest", 371805);



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 16.01.2014 at 20:28:07,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A tady je log z druhého kroku. Díky za zprávu:


# AdwCleaner v3.017 - Report created 16/01/2014 at 20:46:40
# Updated 12/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : admin - GURU-9VQKIPGX
# Running from : C:\Documents and Settings\All Users\Dokumenty\Sdílené programy\JRT\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge
File Deleted : C:\Documents and Settings\admin\Data aplikací\Mozilla\Firefox\Profiles\mjadoluk.default\Extensions\plugin@yontoo.com.xpi
File Deleted : C:\Documents and Settings\Alena\Data aplikací\Mozilla\Firefox\Profiles\18hnj3sl.default\searchplugins\crawlersrch.xml
File Deleted : C:\Documents and Settings\admin\Data aplikací\Mozilla\Firefox\Profiles\mjadoluk.default\searchplugins\daemon-search.xml

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Documents and Settings\All Users\Nabídka Start\Programy\Crawler lišta\Nápověda pro lištu.lnk
Shortcut Disinfected : C:\Documents and Settings\All Users\Nabídka Start\Programy\Crawler lišta\Více produktů Crawler.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\Crawler
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DBDB6FAA-1F5F-4A18-B60B-7A905C7FF83F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{04006843-5199-4CE4-B3CD-8092CC91706E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Key Deleted : HKCU\Software\AutocompletePro
Key Deleted : HKLM\Software\eRightSoft\OpenCandy
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutocompletePro3_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D08D9F98-1C78-4704-87E6-368B0023D831}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AutocompletePro3_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\CToolbar_UNINSTALL
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\daemon tools toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)]

-\\ Mozilla Firefox v26.0 (cs)

[ File : C:\Documents and Settings\Alena\Data aplikací\Mozilla\Firefox\Profiles\18hnj3sl.default\prefs.js ]


[ File : C:\Documents and Settings\admin\Data aplikací\Mozilla\Firefox\Profiles\mjadoluk.default\prefs.js ]

Line Deleted : user_pref("extentions.y2layers.installId", "005A812E-B450-EDA6-C2BA-225AEA148FAB");
Line Deleted : user_pref("extentions.y2layers.installId_backup", "005A812E-B450-EDA6-C2BA-225AEA148FAB");
Line Deleted : user_pref("keyword.URL", "hxxp://search.autocompletepro.com?si=10206&q=");

[ File : C:\Documents and Settings\Adélka\Data aplikací\Mozilla\Firefox\Profiles\dnrhtcyu.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7085 octets] - [16/01/2014 20:44:37]
AdwCleaner[S0].txt - [6652 octets] - [16/01/2014 20:46:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6712 octets] ##########

Poprosim o log dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100

Tak jsem zase tady. Log vkládám. Před tím jsm eale odinstaloval Avast a také TuneUp Utilities. Pokoušel jsm ese znovu nainstaloavt Avast, ale hned na začátku instalace přišla modrá smrt, vypisovala se RAM na HDD. Další pokus jsm enedal a udělal tento log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-01-2014 02
Ran by Pavel (ATTENTION: The logged in user is not administrator) on GURU-9VQKIPGX on 17-01-2014 19:05:57
Running from C:\Documents and Settings\Pavel\Plocha
Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 6
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) ===================

(Kerio Technologies) C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(forum.viry.cz) C:\Documents and Settings\Pavel\Plocha\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\System32\NvCpl.dll [7311360 2006-01-24] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\System32\NvMcTray.dll [86016 2006-01-24] (NVIDIA Corporation)
HKLM\...\Run: [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [16132608 2007-04-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKCU\...\Run: [NBJ] - C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2048000 2006-09-15] (Ahead Software AG)
HKCU\...\Policies\system: [HideLegacyLogonScripts] 0
HKCU\...\Policies\system: [HideLogoffScripts] 0
HKCU\...\Policies\system: [RunLogonScriptSync] 1
HKCU\...\Policies\system: [RunStartupScriptSync] 0
HKCU\...\Policies\system: [HideStartupScripts] 0

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10002
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?sr ... 0000.10002
SearchScopes: HKCU - ${searchCLSID} URL = http://search.yahoo.com/search?fr=megaup&p={searchTerms}
SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tbid=60341
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?sr ... 0000.10002
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\System32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
Toolbar: HKCU - No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\3ljuwk4a.default
FF DefaultSearchEngine: SweetIM Search
FF SelectedSearchEngine: SweetIM Search
FF Homepage: hxxp://www.seznam.cz/
FF Keyword.URL: hxxp://search.sweetim.com/search.asp?src=2&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @macromedia.com/FlashPlayer9 - C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npfiller.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\3ljuwk4a.default\searchplugins\crawlersrch.xml
FF SearchPlugin: C:\Documents and Settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\3ljuwk4a.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\acpro.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: DownloadHelper - C:\Documents and Settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\3ljuwk4a.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012-11-24]
FF Extension: 602XML Filler - C:\Program Files\Mozilla Firefox\extensions\xmlfiller@software602.cz [2014-01-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-01-04]
FF Extension: avast! Ad Blocker - C:\Program Files\Mozilla Firefox\extensions\adblocker@avast.com.xpi [2014-01-04]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-11-20]

========================== Services (Whitelisted) =================

R2 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [73728 2010-04-14] (Software602 a.s.)
S2 gupdate1c989d6138cf4c2; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-08] (Google Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153584 2012-11-20] (Sun Microsystems, Inc.)
R2 KPF4; C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe [1617920 2005-10-10] (Kerio Technologies)
R2 PanService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [578264 2011-12-21] (Pandora.TV)
S2 TuneUp.UtilitiesSvc; "C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe" [x]
S2 UxTuneUp; %SystemRoot%\System32\uxtuneup.dll [x]

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [48128 2008-04-14] (Microsoft Corporation)
S3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36352 2005-03-09] (Advanced Micro Devices)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 ENUM1394; C:\Windows\System32\DRIVERS\enum1394.sys [6400 2001-08-17] (Microsoft Corporation)
R1 fwdrv; C:\Windows\system32\drivers\fwdrv.sys [286720 2005-09-26] (Kerio Technologies)
R1 khips; C:\Windows\system32\drivers\khips.sys [81920 2005-09-26] ()
S3 kvpndev; C:\Windows\System32\DRIVERS\kvpndrv.sys [59392 2006-03-29] (Kerio Technologies)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R0 nvata; C:\Windows\System32\DRIVERS\nvata.sys [100736 2006-04-24] (NVIDIA Corporation)
S3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [34176 2006-02-17] (NVIDIA Corporation)
S3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [13056 2006-02-17] (NVIDIA Corporation)
S3 pfc; C:\Windows\System32\drivers\pfc.sys [21248 2003-09-20] (Padus, Inc.)
S3 rockusb; C:\Windows\System32\DRIVERS\rockusb.sys [73984 2010-01-13] (Fuzhou Rockchip Electronics Co,Ltd.)
S3 sonypvs1; C:\Windows\System32\DRIVERS\sonypvs1.sys [102220 2002-10-15] (Sony Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [431672 2011-05-20] ()
U3 agk4pped; C:\Windows\System32\Drivers\agk4pped.sys [0 ] (NVIDIA Corporation)
S4 aswSP; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [x]
S4 IntelIde; No ImagePath
S3 MSICPL; \??\D:\install4\MSICPL.sys [x]
S3 NTACCESS; \??\D:\NTACCESS.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 SetupNTGLM7X; \??\D:\NTGLM7X.sys [x]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-17 19:05 - 2014-01-17 19:06 - 00011607 _____ C:\Documents and Settings\Pavel\Plocha\FRST.txt
2014-01-17 19:05 - 2014-01-17 19:05 - 00000000 ____D C:\FRST
2014-01-17 19:02 - 2014-01-17 19:02 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Pavel\Plocha\FRSTLauncher.exe
2014-01-17 19:01 - 2014-01-17 19:01 - 01220096 _____ (Farbar) C:\Documents and Settings\Pavel\Plocha\FRST.exe
2014-01-16 20:44 - 2014-01-16 20:46 - 00000000 ____D C:\AdwCleaner
2014-01-16 19:55 - 2014-01-16 19:55 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-14 18:09 - 2014-01-17 17:00 - 00001824 _____ C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2014-01-14 18:09 - 2014-01-14 18:09 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Chrome
2014-01-04 14:21 - 2014-01-04 14:21 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-01-17 19:06 - 2014-01-17 19:05 - 00011607 _____ C:\Documents and Settings\Pavel\Plocha\FRST.txt
2014-01-17 19:05 - 2014-01-17 19:05 - 00000000 ____D C:\FRST
2014-01-17 19:05 - 2006-12-15 21:43 - 00000000 ___HD C:\Documents and Settings\Pavel\Local Settings\Data aplikací
2014-01-17 19:05 - 2006-12-15 21:43 - 00000000 ____D C:\Documents and Settings\Pavel\Plocha
2014-01-17 19:02 - 2014-01-17 19:02 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Pavel\Plocha\FRSTLauncher.exe
2014-01-17 19:01 - 2014-01-17 19:01 - 01220096 _____ (Farbar) C:\Documents and Settings\Pavel\Plocha\FRST.exe
2014-01-17 18:57 - 2006-12-16 05:31 - 00929478 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-17 18:54 - 2013-10-12 12:14 - 00146690 _____ C:\WINDOWS\setupapi.log
2014-01-17 18:54 - 2013-09-17 20:52 - 00000314 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-01-17 18:54 - 2009-07-01 07:25 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-17 18:53 - 2008-11-23 15:15 - 00000159 _____ C:\WINDOWS\wiadebug.log
2014-01-17 18:53 - 2008-11-23 15:15 - 00000049 _____ C:\WINDOWS\wiaservc.log
2014-01-17 18:53 - 2006-12-15 21:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-17 18:52 - 2006-12-16 05:26 - 780140544 _____ C:\WINDOWS\MEMORY.DMP
2014-01-17 18:45 - 2008-10-12 21:39 - 01054993 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-17 18:41 - 2013-09-17 20:43 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2014-01-17 18:40 - 2006-12-16 05:31 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-01-17 18:40 - 2006-12-16 05:31 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2014-01-17 18:39 - 2006-12-16 05:29 - 00000211 ___SH C:\boot.ini
2014-01-17 18:39 - 2006-12-15 21:39 - 00002504 _____ C:\WINDOWS\system32\CONFIG.NT
2014-01-17 18:36 - 2008-08-09 19:04 - 00131196 _____ C:\WINDOWS\system32\Drivers\fwdrv.err
2014-01-17 18:35 - 2008-08-08 17:32 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2014-01-17 18:35 - 2006-12-15 21:42 - 00032474 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-17 18:32 - 2012-10-13 15:49 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-17 18:29 - 2009-07-01 07:25 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-17 18:09 - 2010-01-03 13:44 - 00524288 _____ C:\WINDOWS\system32\config\TuneUp.evt
2014-01-17 18:08 - 2007-12-25 17:32 - 00000000 ____D C:\Program Files\TVPlayerClassic
2014-01-17 17:00 - 2014-01-14 18:09 - 00001824 _____ C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2014-01-17 16:07 - 2011-05-20 21:14 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2014-01-16 21:57 - 2008-08-10 13:36 - 00000000 ____D C:\Documents and Settings\admin
2014-01-16 21:54 - 2008-02-13 17:46 - 00000157 _____ C:\WINDOWS\disney.ini
2014-01-16 21:54 - 2006-12-15 22:02 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2014-01-16 21:44 - 2008-10-12 21:20 - 00000000 ____D C:\Documents and Settings\All Users\Dokumenty\Sdílené programy
2014-01-16 20:49 - 2012-11-13 17:44 - 00001020 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-725345543-839522115-1005UA.job
2014-01-16 20:46 - 2014-01-16 20:44 - 00000000 ____D C:\AdwCleaner
2014-01-16 20:46 - 2009-02-25 21:41 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Crawler lišta
2014-01-16 20:46 - 2006-12-16 05:30 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2014-01-16 19:55 - 2014-01-16 19:55 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-16 17:49 - 2012-11-13 17:44 - 00000998 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-725345543-839522115-1005Core.job
2014-01-15 20:22 - 2006-12-17 20:32 - 00000000 ____D C:\Documents and Settings\Hry a zábava
2014-01-14 19:40 - 2009-09-15 19:50 - 00000000 ____D C:\rsit
2014-01-14 19:37 - 2009-09-15 19:50 - 00000000 ____D C:\Program Files\trend micro
2014-01-14 18:09 - 2014-01-14 18:09 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Chrome
2014-01-14 18:08 - 2007-03-13 20:30 - 00000000 ____D C:\Program Files\Google
2014-01-14 18:01 - 2006-12-15 21:43 - 00000272 ___SH C:\Documents and Settings\Pavel\ntuser.ini
2014-01-12 15:06 - 2006-12-17 18:01 - 00000000 ____D C:\Documents and Settings\Alena
2014-01-11 20:26 - 2006-12-15 21:43 - 00000000 ____D C:\Documents and Settings\Pavel
2014-01-05 10:45 - 2006-12-15 22:26 - 00002561 _____ C:\Documents and Settings\Pavel\Plocha\Word 2003.lnk
2014-01-05 10:42 - 2010-12-24 23:34 - 00000000 ____D C:\Documents and Settings\All Users\Dokumenty\Adelka
2014-01-04 14:35 - 2012-11-23 19:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-04 14:21 - 2014-01-04 14:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-02 17:29 - 2001-10-25 15:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl

Some content of TEMP:
====================
C:\Documents and Settings\Pavel\Local Settings\temp\9axkh_om.dll
C:\Documents and Settings\Pavel\Local Settings\temp\jre-6u39-windows-i586-iftw.exe
C:\Documents and Settings\Pavel\Local Settings\temp\KMP_3.6.0.87.exe
C:\Documents and Settings\Pavel\Local Settings\temp\m3iqs90p.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2002-09-20 19:05] - [2008-04-14 08:52] - 1034240 ____A (Microsoft Corporation)

C:\Windows\System32\winlogon.exe
[2002-09-20 19:05] - [2008-04-14 08:52] - 0507904 ____A (Microsoft Corporation)

C:\Windows\System32\svchost.exe
[2001-10-25 15:00] - [2008-04-14 08:52] - 0014336 ____A (Microsoft Corporation)

C:\Windows\System32\services.exe
[2001-10-25 15:00] - [2008-04-14 08:52] - 0108544 ____A (Microsoft Corporation)

C:\Windows\System32\User32.dll
[2002-09-20 19:04] - [2008-04-14 08:52] - 0578560 ____A (Microsoft Corporation)

C:\Windows\System32\userinit.exe
[2002-09-20 19:05] - [2008-04-14 08:52] - 0026112 ____A (Microsoft Corporation)

C:\Windows\System32\rpcss.dll
[2005-07-26 05:38] - [2008-04-14 08:51] - 0399360 ____A (Microsoft Corporation)

ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys
[2001-10-25 15:00] - [2008-04-14 07:42] - 0052480 ____A (Microsoft Corporation)





===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Big_Brother) (Fixed) (Total:153.38 GB) (Free:9.27 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (Huge_Brothe) (Fixed) (Total:931.51 GB) (Free:565.52 GB) NTFS

Available physical RAM: 1477.16 MB
Total physical RAM: 1918.42 MB
Percentage of memory in use: 23%

==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => ?
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-725345543-839522115-1005Core.job => ?
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-725345543-839522115-1005UA.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => ?

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

FW: Kerio Personal Firewall (Disabled) {333BECA0-DED8-4139-A516-8D9E44E22669}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Pavel\Plocha" je 4 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe:*:Enabled:umi"
"C:\\Documents and Settings\\Hry a zbava\\Local Settings\\temp\\~osC.tmp\\rlvknlg.exe"="C:\\Documents and Settings\\Hry a zbava\\Local Settings\\temp\\~osC.tmp\\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"C:\\Documents and Settings\\Hry a zbava\\Local Settings\\Data aplikac\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"="C:\\Documents and Settings\\Hry a zbava\\Local Settings\\Data aplikac\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Hry\\ZooTycoon_2\\zt.exe"="E:\\Hry\\ZooTycoon_2\\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"="C:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe:*:Enabled:PandoraService"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"21823:TCP"="21823:TCP:*:Enabled:BitComet 21823 TCP"
"21823:UDP"="21823:UDP:*:Enabled:BitComet 21823 UDP"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
  HKCU\...\Run: [NBJ] - C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2048000 2006-09-15] (Ahead Software AG)
  HKCU\...\Policies\system: [HideLegacyLogonScripts] 0
  HKCU\...\Policies\system: [HideLogoffScripts] 0
  HKCU\...\Policies\system: [RunLogonScriptSync] 1
  HKCU\...\Policies\system: [RunStartupScriptSync] 0
  HKCU\...\Policies\system: [HideStartupScripts] 0
  
  HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10002
  HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
  HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
  HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
  SearchScopes: HKLM - DefaultScope value is missing.
  SearchScopes: HKCU - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002
  SearchScopes: HKCU - ${searchCLSID} URL = http://search.yahoo.com/search?fr=megaup&p={searchTerms}
  SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tp=bs&qkw={searchTerms}&tbid=60341
  SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002
  Toolbar: HKCU - No Name - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
  Toolbar: HKCU - No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
  
  FF DefaultSearchEngine: SweetIM Search
  FF SelectedSearchEngine: SweetIM Search
  FF Keyword.URL: hxxp://search.sweetim.com/search.asp?src=2&q=
  FF SearchPlugin: C:\Documents and Settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\3ljuwk4a.default\searchplugins\crawlersrch.xml
  FF SearchPlugin: C:\Documents and Settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\3ljuwk4a.default\searchplugins\sweetim.xml
  
  R2 PanService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [578264 2011-12-21] (Pandora.TV)
  S4 aswSP; No ImagePath
  S3 catchme; \??\C:\ComboFix\catchme.sys [x]
  S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [x]
  S4 IntelIde; No ImagePath
  S3 MSICPL; \??\D:\install4\MSICPL.sys [x]
  S3 NTACCESS; \??\D:\NTACCESS.sys [x]
  S3 SetupNTGLM7X; \??\D:\NTGLM7X.sys [x]
  
  C:\Program Files\PANDORA.TV
  
  2014-01-17 19:02 - 2014-01-17 19:02 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Pavel\Plocha\FRSTLauncher.exe
  C:\Documents and Settings\Pavel\Local Settings\temp\9axkh_om.dll
  C:\Documents and Settings\Pavel\Local Settings\temp\jre-6u39-windows-i586-iftw.exe
  C:\Documents and Settings\Pavel\Local Settings\temp\KMP_3.6.0.87.exe
  C:\Documents and Settings\Pavel\Local Settings\temp\m3iqs90p.dll
  
  Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => ?
  Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => ?
  Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-725345543-839522115-1005Core.job => ?
  Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-725345543-839522115-1005UA.job => ?
  Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => ?
  Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => ?
  
  Hosts:
  
  End

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Vkládám log, ale nejsem si jistý, že vše proběhlo jak mělo. Po spuštění FRST.EXE a kliknutí na FIX s eobjevila chybová hláška a FRST jsem musel ukončit. Zkusil jsem to pak ještě jednou se stejným výsledkem, ale log se nakonec objevil, tak jsm eprovedl restart a log přikládám.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-01-2014 02
Ran by Pavel at 2014-01-17 21:25:44 Run:1
Running from C:\Documents and Settings\Pavel\Plocha
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKCU\...\Run: [NBJ] - C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2048000 2006-09-15] (Ahead Software AG)
HKCU\...\Policies\system: [HideLegacyLogonScripts] 0
HKCU\...\Policies\system: [HideLogoffScripts] 0
HKCU\...\Policies\system: [RunLogonScriptSync] 1
HKCU\...\Policies\system: [RunStartupScriptSync] 0
HKCU\...\Policies\system: [HideStartupScripts] 0

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10002
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?sr ... 0000.10002
SearchScopes: HKCU - ${searchCLSID} URL = http://search.yahoo.com/search?fr=megaup&p={searchTerms}
SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tp=bs&qkw={searchTerms}&tbid=60341
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?sr ... 0000.10002
Toolbar: HKCU - No Name - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
Toolbar: HKCU - No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

FF DefaultSearchEngine: SweetIM Search
FF SelectedSearchEngine: SweetIM Search
FF Keyword.URL: hxxp://search.sweetim.com/search.asp?src=2&q=
FF SearchPlugin: C:\Documents and Settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\3ljuwk4a.default\searchplugins\crawlersrch.xml
FF SearchPlugin: C:\Documents and Settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\3ljuwk4a.default\searchplugins\sweetim.xml

R2 PanService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [578264 2011-12-21] (Pandora.TV)
S4 aswSP; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [x]
S4 IntelIde; No ImagePath
S3 MSICPL; \??\D:\install4\MSICPL.sys [x]
S3 NTACCESS; \??\D:\NTACCESS.sys [x]
S3 SetupNTGLM7X; \??\D:\NTGLM7X.sys [x]

C:\Program Files\PANDORA.TV

2014-01-17 19:02 - 2014-01-17 19:02 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Pavel\Plocha\FRSTLauncher.exe
C:\Documents and Settings\Pavel\Local Settings\temp\9axkh_om.dll
C:\Documents and Settings\Pavel\Local Settings\temp\jre-6u39-windows-i586-iftw.exe
C:\Documents and Settings\Pavel\Local Settings\temp\KMP_3.6.0.87.exe
C:\Documents and Settings\Pavel\Local Settings\temp\m3iqs90p.dll

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => ?
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-725345543-839522115-1005Core.job => ?
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-725345543-839522115-1005UA.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => ?

Hosts:

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\NBJ => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\HideLegacyLogonScripts => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\HideLogoffScripts => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\RunLogonScriptSync => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\RunStartupScriptSync => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\HideStartupScripts => Value not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Error setting value.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Error setting value.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\${searchCLSID} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\${searchCLSID} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} => Value deleted successfully.
HKCR\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} => Value deleted successfully.
HKCR\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Documents and Settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\3ljuwk4a.default\searchplugins\crawlersrch.xml => Moved successfully.
C:\Documents and Settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\3ljuwk4a.default\searchplugins\sweetim.xml => Moved successfully.
PanService => Error deleting Service
aswSP => Error deleting Service
catchme => Service not found.
GMSIPCI => Error deleting Service
IntelIde => Error deleting Service
MSICPL => Error deleting Service
NTACCESS => Error deleting Service
SetupNTGLM7X => Error deleting Service

"C:\Program Files\PANDORA.TV" directory move:

Could not move "C:\Program Files\PANDORA.TV\PanService\avcodec-53.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\PANDORA.TV\PanService\avformat-53.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\PANDORA.TV\PanService\avutil-51.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\PANDORA.TV\PanService\crossdomain.xml" => Scheduled to move on reboot.
Could not move "C:\Program Files\PANDORA.TV\PanService\killp.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\PANDORA.TV\PanService\msvcp100.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\PANDORA.TV\PanService\msvcr100.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\PANDORA.TV\PanService\noname.gif" => Scheduled to move on reboot.
Could not move "C:\Program Files\PANDORA.TV\PanService\PanConf.ini" => Scheduled to move on reboot.
Could not move "C:\Program Files\PANDORA.TV\PanService\PandoraService.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\PANDORA.TV\PanService\PanElevateExecutor.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\PANDORA.TV\PanService\PanServiceStarter.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\PANDORA.TV\PanService\PanStreamer.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\PANDORA.TV\PanService\Proxy.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\PANDORA.TV\PanService\pthreadVC2.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\PANDORA.TV\PanService\unins000.dat" => Scheduled to move on reboot.
Could not move "C:\Program Files\PANDORA.TV\PanService\unins000.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\PANDORA.TV\PanService\UnistAX.exe" => Scheduled to move on reboot.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-17 21:27:39)<=

==> ATTENTION: System is not rebooted.
"C:\Program Files\PANDORA.TV\PanService\avcodec-53.dll" => File could not move.
"C:\Program Files\PANDORA.TV\PanService\avformat-53.dll" => File could not move.
"C:\Program Files\PANDORA.TV\PanService\avutil-51.dll" => File could not move.
"C:\Program Files\PANDORA.TV\PanService\crossdomain.xml" => File could not move.
"C:\Program Files\PANDORA.TV\PanService\killp.exe" => File could not move.
"C:\Program Files\PANDORA.TV\PanService\msvcp100.dll" => File could not move.
"C:\Program Files\PANDORA.TV\PanService\msvcr100.dll" => File could not move.
"C:\Program Files\PANDORA.TV\PanService\noname.gif" => File could not move.
"C:\Program Files\PANDORA.TV\PanService\PanConf.ini" => File could not move.
"C:\Program Files\PANDORA.TV\PanService\PandoraService.exe" => File could not move.
"C:\Program Files\PANDORA.TV\PanService\PanElevateExecutor.exe" => File could not move.
"C:\Program Files\PANDORA.TV\PanService\PanServiceStarter.exe" => File could not move.
"C:\Program Files\PANDORA.TV\PanService\PanStreamer.dll" => File could not move.
"C:\Program Files\PANDORA.TV\PanService\Proxy.dll" => File could not move.
"C:\Program Files\PANDORA.TV\PanService\pthreadVC2.dll" => File could not move.
"C:\Program Files\PANDORA.TV\PanService\unins000.dat" => File could not move.
"C:\Program Files\PANDORA.TV\PanService\unins000.exe" => File could not move.
"C:\Program Files\PANDORA.TV\PanService\UnistAX.exe" => File could not move.

==== End of Fixlog ====

Ještě detail k tomu, co se děje po pokusu spustit instalaci AVASTu. Hlášení systému je následující:
Byly zjištěny potíže a sys. win. byl ukončen, aby nedošlo k poškození PC. pak následuje text s radou zakázat paměťové možnosti v BIOSu (použití mezipaměti, stínování).
Také je zobrazena násl. tech. informace:
STOP: 0x0000008E (0x0000005, 0x309AB177, 0xAD90E89C, 0x00000000)
khips.sys-address B09AB177 base at B09A9000, DATE STAMP 4337b975.

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
• Zaskrtnete okenko Pro vsechny uzivatele
• Zaskrtnete okenko Kontrola na havet "LOP"
• Zaskrtnete okenko Kontrola na havet "Purity"
• Stari souboru zmente z 30 dnu na 7 dnu
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  CREATERESTOREPOINT
  
  netsvcs
  drivers32
  savembr:0
  
  /md5start
  atapi.sys
  autochk.exe
  cdrom.sys
  explorer.exe
  hal.dll
  scecli.dll
  services.exe
  svchost.exe
  tcpip.sys
  userinit.exe
  winlogon.exe
  /md5stop
  
  %systemroot%*.* /U /s
  %SYSTEMDRIVE%\*.exe
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\drivers\*.sys /3
  %systemroot%\system32\*.* /3
  %SYSTEMDRIVE%\*.exe
  
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
  
  %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
  %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
  %PROGRAMFILES%\Opera\opera.exe /md5
  %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5
  
  %SystemDrive%\PhysicalMBR.bin /md5 
  
  *crack* /s
  *keygen* /s
  *loader* /s

• Kliknete na tlacitko Prohledat
• Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
• Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

Moc děkuji za vaši trpělivost. Mám hotové ty logy. Tady je OTL:
OTL logfile created on: 17.1.2014 22:17:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\admin\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,87 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 78,06% Memory free
2,45 Gb Paging File | 2,14 Gb Available in Paging File | 87,33% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153,38 Gb Total Space | 36,04 Gb Free Space | 23,50% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 538,68 Gb Free Space | 57,83% Space Free | Partition Type: NTFS

Computer Name: GURU-9VQKIPGX | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2014.01.17 22:13:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Plocha\OTL.exe
PRC - [2011.12.21 15:40:56 | 000,578,264 | ---- | M] (Pandora.TV) -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
PRC - [2011.01.20 10:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010.04.14 10:28:44 | 000,073,728 | ---- | M] (Software602 a.s.) -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.10.10 09:58:14 | 001,617,920 | ---- | M] (Kerio Technologies) -- C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
PRC - [2005.10.10 09:56:46 | 002,887,680 | ---- | M] (Kerio Technologies) -- C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe


========== Modules (No Company Name) ==========

MOD - [2011.12.06 15:19:48 | 002,090,496 | ---- | M] () -- C:\Program Files\PANDORA.TV\PanService\avcodec-53.dll
MOD - [2011.12.06 15:19:48 | 001,269,760 | ---- | M] () -- C:\Program Files\PANDORA.TV\PanService\avformat-53.dll
MOD - [2011.12.06 15:19:48 | 000,133,632 | ---- | M] () -- C:\Program Files\PANDORA.TV\PanService\avutil-51.dll
MOD - [2008.10.11 21:18:46 | 000,319,488 | ---- | M] () -- C:\Programy\WinRar\rarlng.dll
MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Programy\WinRar\RarExt.dll
MOD - [2008.08.08 17:51:43 | 011,808,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\947a1d3213a4264aa5bbe1c84c362605\System.Web.ni.dll
MOD - [2008.08.08 17:27:06 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2589.34534__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008.08.08 17:27:06 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2589.34570__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008.08.08 17:27:05 | 001,671,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2589.34579__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008.08.08 17:27:05 | 000,688,128 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2589.34789__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2008.08.08 17:27:05 | 000,184,320 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2589.34592__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008.08.08 17:27:05 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2589.34821__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2008.08.08 17:27:05 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2589.34808__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008.08.08 17:27:05 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2589.34591__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
MOD - [2008.08.08 17:27:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2589.34555__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008.08.08 17:27:05 | 000,015,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2589.34693__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008.08.08 17:27:04 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2589.34761__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008.08.08 17:27:01 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2589.34851__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008.08.08 17:25:44 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2589.34857__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008.08.08 17:25:44 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2589.34584__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2008.08.08 17:25:44 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2589.34549__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008.08.08 17:25:44 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2589.34584__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2008.08.08 17:25:43 | 000,344,064 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2589.34776__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008.08.08 17:25:43 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2589.34781__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008.08.08 17:25:43 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2589.34773__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008.08.08 17:25:40 | 000,667,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2589.34707__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008.08.08 17:25:40 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2589.34795__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008.08.08 17:25:40 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2589.34703__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008.08.08 17:25:39 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2589.34606__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2008.08.08 17:25:39 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2589.34557__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008.08.08 17:25:39 | 000,208,896 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2589.34599__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008.08.08 17:25:39 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2589.34728__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2008.08.08 17:25:39 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2589.34727__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008.08.08 17:25:38 | 000,909,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2589.34815__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2008.08.08 17:25:38 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2589.34612__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008.08.08 17:25:38 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2589.34747__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008.08.08 17:25:37 | 000,651,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2589.34768__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2008.08.08 17:25:37 | 000,475,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2589.34698__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008.08.08 17:25:37 | 000,319,488 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2589.34688__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008.08.08 17:25:37 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2589.34694__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008.08.08 17:25:37 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2589.34702__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008.08.08 17:25:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2560.26010__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008.08.08 17:25:36 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008.08.08 17:25:35 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2560.25964__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008.08.08 17:25:35 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2560.25974__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008.08.08 17:25:34 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2560.25961__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008.08.08 17:25:34 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2537.29860__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008.08.08 17:25:34 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2560.25959__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008.08.08 17:25:34 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2560.26040__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008.08.08 17:25:34 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008.08.08 17:25:34 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2560.26001__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008.08.08 17:25:34 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2560.26002__90ba9c70f846762e\DEM.OS.dll
MOD - [2008.08.08 17:25:34 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2560.25997__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008.08.08 17:25:34 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2531.19989__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008.08.08 17:25:33 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2560.25971__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008.08.08 17:25:33 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2560.25973__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008.08.08 17:25:33 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2560.25968__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008.08.08 17:25:33 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2008.08.08 17:25:33 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008.08.08 17:25:33 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008.08.08 17:25:32 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008.08.08 17:25:32 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2560.26012__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008.08.08 17:25:32 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008.08.08 17:25:31 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2560.26001__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008.08.08 17:25:31 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
MOD - [2008.08.08 17:25:31 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008.08.08 17:25:31 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008.08.08 17:25:31 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008.08.08 17:25:31 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008.08.08 17:25:31 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2560.25986__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008.08.08 17:25:31 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008.08.08 17:25:30 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008.08.08 17:25:30 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008.08.08 17:25:30 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008.08.08 17:25:30 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2560.26001__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008.08.08 17:25:30 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2560.25960__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2008.08.08 17:25:30 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2531.19989__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008.08.08 17:25:30 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2560.25970__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008.08.08 17:25:19 | 000,962,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc41a704976df14fbb30e781d1dd6688\System.Configuration.ni.dll
MOD - [2008.08.08 17:25:07 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2589.34827_cs_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll
MOD - [2008.08.08 17:25:07 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2589.34878__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008.08.08 17:25:05 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2589.34834__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008.08.08 17:25:05 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2560.25964__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008.08.08 17:25:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2560.25982__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008.08.08 17:25:04 | 000,466,944 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2589.34565__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008.08.08 17:25:04 | 000,389,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2589.34827__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2008.08.08 17:25:04 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2589.34833__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008.08.08 17:25:04 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2560.26010__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008.08.08 17:25:04 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2560.25966__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008.08.08 17:25:03 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2589.34533__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008.08.08 17:25:03 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2560.25980__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008.08.08 17:25:03 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2560.25981__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008.08.08 17:25:02 | 001,404,928 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2589.34543__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008.08.08 17:25:01 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2589.34533__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008.08.08 17:25:01 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2560.25970__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008.08.08 17:25:01 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008.08.08 17:25:01 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2560.26004__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008.08.08 17:25:01 | 000,019,968 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2589.34834__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008.08.08 17:25:00 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2589.34532__90ba9c70f846762e\AEM.Server.dll
MOD - [2008.08.08 17:21:27 | 005,640,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\85092e79a45d5a4fb0510c08ae4a3e86\System.Xml.ni.dll
MOD - [2008.08.08 17:21:17 | 013,107,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\300121b53d049640989660cb20aa33f2\System.Windows.Forms.ni.dll
MOD - [2008.08.08 17:21:01 | 001,626,112 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\beff297d692604408162fff9a3d4bb96\System.Drawing.ni.dll
MOD - [2008.08.08 17:20:54 | 008,093,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\0e58eb7e5a48bf4e84dda9914d652cd9\System.ni.dll
MOD - [2008.08.08 17:20:37 | 011,411,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9d2081270a247340981b502d5cf012c4\mscorlib.ni.dll
MOD - [2008.08.08 17:20:04 | 000,299,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2008.08.08 17:20:03 | 000,368,640 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2005.08.11 15:21:48 | 000,790,528 | ---- | M] () -- C:\Program Files\Kerio\Personal Firewall 4\ktlibeay32_0.9.7.2.dll
MOD - [2005.08.11 15:21:48 | 000,159,744 | ---- | M] () -- C:\Program Files\Kerio\Personal Firewall 4\ktssleay32_0.9.7.2.dll
MOD - [2005.08.11 15:21:48 | 000,084,480 | ---- | M] () -- C:\Program Files\Kerio\Personal Firewall 4\ktzlib.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\uxtuneup.dll -- (UxTuneUp)
SRV - File not found [Auto | Stopped] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2014.01.04 14:21:50 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.12.11 13:32:33 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011.12.21 15:40:56 | 000,578,264 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - [2010.04.14 10:28:44 | 000,073,728 | ---- | M] (Software602 a.s.) [Auto | Running] -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe -- (602XML Updater)
SRV - [2005.10.10 09:58:14 | 001,617,920 | ---- | M] (Kerio Technologies) [Auto | Running] -- C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe -- (KPF4)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | On_Demand | Stopped] -- ybozifgh.sys -- (ybozifgh)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aw8ofop2)
DRV - [2014.01.17 22:09:26 | 000,410,528 | ---- | M] (AVAST Software) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\axgpmuqg.sys -- (axgpmuqg)
DRV - [2011.05.20 21:16:05 | 000,431,672 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010.01.13 01:35:18 | 000,073,984 | R--- | M] (Fuzhou Rockchip Electronics Co,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rockusb.sys -- (rockusb)
DRV - [2007.04.23 17:12:28 | 004,402,176 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007.02.03 03:03:24 | 001,975,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.08.15 12:09:48 | 000,083,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006.04.24 16:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006.03.29 21:06:16 | 000,059,392 | ---- | M] (Kerio Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kvpndrv.sys -- (kvpndev)
DRV - [2006.02.17 11:28:32 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.02.17 11:28:30 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005.09.26 11:05:06 | 000,286,720 | ---- | M] (Kerio Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fwdrv.sys -- (fwdrv)
DRV - [2005.09.26 11:05:06 | 000,081,920 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\khips.sys -- (khips)
DRV - [2005.09.23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005.03.09 07:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2003.09.20 08:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002.10.15 21:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2001.08.17 22:46:40 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enum1394.sys -- (ENUM1394)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1343024091-725345543-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-1343024091-725345543-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-1343024091-725345543-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1343024091-725345543-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-1343024091-725345543-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1343024091-725345543-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-1343024091-725345543-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1343024091-725345543-839522115-1006\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1343024091-725345543-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "ACPro"
FF - prefs.js..browser.search.defaultenginename: "DAEMON Search"
FF - prefs.js..browser.search.order.1: "ACPro"
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz"
FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:4.0.8
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: xmlfiller@software602.cz:3.16.1
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.7.0190
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014.01.04 14:21:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014.01.04 14:21:33 | 000,000,000 | ---D | M]

[2008.09.18 20:29:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\admin\Data aplikací\Mozilla\Extensions
[2014.01.16 20:46:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\admin\Data aplikací\Mozilla\Firefox\Profiles\mjadoluk.default\extensions
[2014.01.14 19:34:43 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\admin\Data aplikací\Mozilla\Firefox\Profiles\mjadoluk.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2014.01.14 19:34:43 | 000,343,554 | ---- | M] () (No name found) -- C:\Documents and Settings\admin\Data aplikací\Mozilla\Firefox\Profiles\mjadoluk.default\extensions\artur.dubovoy@gmail.com.xpi
[2014.01.04 14:21:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014.01.04 14:21:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2014.01.04 14:21:31 | 000,000,000 | ---D | M] ("602XML Filler") -- C:\Program Files\Mozilla Firefox\extensions\xmlfiller@software602.cz
[2014.01.04 14:21:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014.01.04 14:21:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMIN\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\MJADOLUK.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMIN\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\MJADOLUK.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM.XPI
[2012.11.20 19:59:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.03.29 12:04:14 | 000,081,920 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npfiller.dll
[2011.02.22 22:48:21 | 000,003,189 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\acpro.xml
[2012.11.23 19:16:17 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml

O1 HOSTS File: ([2008.08.09 17:55:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKU\S-1-5-21-1343024091-725345543-839522115-1006..\Run: [] File not found
O4 - HKU\S-1-5-21-1343024091-725345543-839522115-1006..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1343024091-725345543-839522115-1006..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-725345543-839522115-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1343024091-725345543-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F30A691-F326-4667-A139-04006630BED2}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAEBBF44-108C-4CE5-8F70-7728A381784A}: DhcpNameServer = 84.16.105.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.12.15 21:39:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.02.25 21:31:20 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.mjpg - C:\WINDOWS\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2014.01.17 22:13:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin\Plocha\OTL.exe
[2014.01.17 22:09:26 | 000,410,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\axgpmuqg.sys
[2014.01.17 22:03:09 | 000,410,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\tsewywxk.sys
[2014.01.17 19:30:30 | 000,410,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\gbrqieyi.sys
[2014.01.17 19:05:54 | 000,000,000 | ---D | C] -- C:\FRST
[2014.01.16 20:44:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.01.16 19:55:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010.12.25 00:59:13 | 000,299,786 | ---- | C] (Collabo Interactive Solutions) -- C:\Program Files\RMPly00.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Dokumenty\*.tmp files -> C:\Documents and Settings\All Users\Dokumenty\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2014.01.17 22:18:56 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.01.17 22:13:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Plocha\OTL.exe
[2014.01.17 22:09:52 | 000,395,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014.01.17 22:09:52 | 000,392,918 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2014.01.17 22:09:52 | 000,069,926 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2014.01.17 22:09:52 | 000,059,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014.01.17 22:09:26 | 000,410,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\axgpmuqg.sys
[2014.01.17 22:08:07 | 000,000,314 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014.01.17 22:05:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014.01.17 22:05:29 | 780,140,544 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2014.01.17 22:03:09 | 000,410,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\tsewywxk.sys
[2014.01.17 21:32:01 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014.01.17 20:49:00 | 000,001,020 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-725345543-839522115-1005UA.job
[2014.01.17 19:32:14 | 000,410,528 | ---- | M] () -- C:\WINDOWS\System32\drivers\ybozifgh.sys
[2014.01.17 19:30:30 | 000,410,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\gbrqieyi.sys
[2014.01.17 18:39:13 | 000,002,504 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2014.01.17 18:39:05 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2014.01.17 18:36:52 | 000,131,196 | ---- | M] () -- C:\WINDOWS\System32\drivers\fwdrv.err
[2014.01.16 21:54:02 | 000,000,157 | ---- | M] () -- C:\WINDOWS\disney.ini
[2014.01.16 17:49:33 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-725345543-839522115-1005Core.job
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Dokumenty\*.tmp files -> C:\Documents and Settings\All Users\Dokumenty\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.01.17 22:18:56 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.01.17 19:32:14 | 000,410,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\ybozifgh.sys
[2013.07.22 21:01:42 | 004,948,275 | ---- | C] () -- C:\WINDOWS\System32\FotoMagica_FotoMagica_uninstaller.exe
[2012.09.04 17:59:34 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\admin\Data aplikací\$_hpcst$.hpc
[2012.05.29 19:45:06 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011.05.20 21:46:54 | 000,000,235 | ---- | C] () -- C:\Documents and Settings\admin\Data aplikací\mainhst.zgh
[2010.12.26 18:16:12 | 000,000,061 | ---- | C] () -- C:\Documents and Settings\admin\default.pls
[2010.03.31 20:00:44 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.12 21:56:32 | 001,439,379 | ---- | C] () -- C:\Program Files\Mozilla Firefox.rar

========== ZeroAccess Check ==========

[2008.08.08 17:19:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008.04.14 08:51:56 | 001,499,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2008.04.14 08:51:42 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 08:52:06 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010.06.10 21:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\602XML
[2011.05.20 22:14:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\DAEMON Tools Lite
[2012.03.28 19:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\dvdae
[2010.12.25 01:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Moyea
[2012.09.04 17:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Samsung
[2013.10.06 21:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\TuneUp Software
[2011.05.20 22:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\ZipGenius
[2012.03.12 15:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adélka\Data aplikací\TuneUp Software
[2008.01.03 18:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alena\Data aplikací\MEGAUPLOADTOOLBAR
[2009.02.26 08:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alena\Data aplikací\Spyware Terminator
[2013.10.08 15:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alena\Data aplikací\TuneUp Software
[2013.04.16 18:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alena\Data aplikací\ZipGenius
[2010.05.26 04:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2014.01.17 22:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2013.02.09 15:58:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\Common Files
[2014.01.17 16:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2013.01.27 16:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
[2011.07.08 05:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\M-Photo
[2008.12.18 21:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
[2008.12.18 21:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio Plus
[2008.12.18 21:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio Ultimate
[2008.12.18 21:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Studio 12
[2012.12.09 23:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\tmp
[2013.10.06 21:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
[2011.05.20 21:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\WinZip
[2013.10.06 21:17:49 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Data aplikací\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2013.02.09 16:10:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Data aplikací\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.02.09 16:10:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Data aplikací\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011.01.05 05:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\Spyware Terminator
[2013.10.07 17:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\TuneUp Software
[2009.05.31 20:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Spyware Terminator

========== Purity Check ==========



========== Custom Scans ==========

< >
[2006.12.15 21:37:52 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2006.12.15 21:39:28 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2012.10.13 15:49:46 | 000,000,914 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2012.11.13 17:44:05 | 000,000,998 | ---- | C] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-725345543-839522115-1005Core.job
[2012.11.13 17:44:06 | 000,001,020 | ---- | C] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-725345543-839522115-1005UA.job
[2013.09.17 20:52:55 | 000,000,314 | -H-- | C] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

< >

< MD5 for: ATAPI.SYS >
[2002.09.20 19:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2006.12.20 11:30:01 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2006.12.20 11:30:01 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 05:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.04 06:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\atapi.sys
[2004.08.04 06:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\i386\atapi.sys
[2004.08.04 06:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0018\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2004.08.17 23:49:21 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: CDROM.SYS >
[2002.09.20 19:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys
[2006.12.20 11:30:01 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2006.12.20 11:30:01 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.04 06:59:52 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.17 23:49:22 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 14:11:59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 14:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2002.09.20 19:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:hal.dll
[2006.12.20 11:30:01 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2006.12.20 11:30:01 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.14 00:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.14 00:01:30 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2004.08.04 06:59:09 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: SCECLI.DLL >
[2004.08.17 23:49:16 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SERVICES.EXE >
[2004.08.17 23:49:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=6E401E61F952FBBF708AFBECEFAFAE81 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2008.04.14 08:52:46 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2008.04.14 08:52:46 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\WINDOWS\system32\services.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.17 23:49:27 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2006.04.20 12:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2GDR\tcpip.sys
[2006.04.20 12:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2002.08.29 02:58:12 | 000,332,928 | ---- | M] (Microsoft Corporation) MD5=244A2F9816BC9B593957281EF577D976 -- C:\WINDOWS\$NtUninstallKB917953_0$\tcpip.sys
[2007.10.30 17:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2007.10.30 18:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.04 07:14:40 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2006.04.20 13:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.17 23:49:27 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.17 23:49:27 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< >

< %systemroot%*.* /U /s >
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[7 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\system32\config\systemprofile\Local Settings\temp\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\Local Settings\temp\*.tmp -> ]
[102 C:\WINDOWS\temp\*.tmp files -> C:\WINDOWS\temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.06.10 21:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\602XML
[2009.06.14 20:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Adobe
[2009.06.14 20:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\AdobeUM
[2008.09.18 12:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Ahead
[2008.08.10 13:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\ATI
[2011.05.20 22:14:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\DAEMON Tools Lite
[2008.12.18 21:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\DivX
[2012.03.28 19:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\dvdae
[2012.03.28 19:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\dvdcss
[2009.02.14 12:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Google
[2008.08.10 13:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Identities
[2008.09.18 20:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Macromedia
[2013.01.27 15:04:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\admin\Data aplikací\Microsoft
[2013.03.22 19:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Microsoft Games
[2010.12.25 01:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Moyea
[2008.09.18 20:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Mozilla
[2012.09.04 17:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Samsung
[2009.02.14 12:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Sun
[2013.10.06 21:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\TuneUp Software
[2011.02.13 11:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\WinRAR
[2011.05.20 22:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\ZipGenius

< %APPDATA%\*.exe /s >
[2008.12.18 21:10:36 | 000,029,926 | R--- | M] () -- C:\Documents and Settings\admin\Data aplikací\Microsoft\Installer\{5EB90C06-964F-4195-B83E-BD7E55C88415}\ARPPRODUCTICON.exe
[2013.01.27 15:43:10 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\admin\Data aplikací\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2001.07.03 19:33:00 | 000,053,248 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\SONYHCY.DLL

< %systemroot%\Tasks\*.job >
[2014.01.17 21:32:01 | 000,000,914 | ---- | M] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2014.01.17 22:08:07 | 000,000,314 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2014.01.16 17:49:33 | 000,000,998 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-725345543-839522115-1005Core.job
[2014.01.17 20:49:00 | 000,001,020 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-725345543-839522115-1005UA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2001.11.05 08:23:14 | 000,006,097 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sonyhcb.sys
[2001.11.05 08:23:20 | 000,038,739 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sonyhcc.sys
[2001.11.05 08:23:52 | 000,299,923 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sonyhcs.sys
[2011.05.20 21:16:05 | 000,431,672 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2006.12.16 05:29:22 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006.12.16 05:29:22 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006.12.16 05:29:22 | 000,421,888 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2001.07.03 19:33:00 | 000,053,248 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\SONYHCY.DLL

< %systemroot%\system32\drivers\*.sys /3 >
[2014.01.17 22:09:26 | 000,410,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\axgpmuqg.sys
[2014.01.17 19:30:30 | 000,410,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\gbrqieyi.sys
[2014.01.17 22:03:09 | 000,410,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\tsewywxk.sys
[2014.01.17 19:32:14 | 000,410,528 | ---- | M] () -- C:\WINDOWS\system32\drivers\ybozifgh.sys

< %systemroot%\system32\*.* /3 >
[2014.01.17 18:39:13 | 000,002,504 | ---- | M] () -- C:\WINDOWS\system32\CONFIG.NT
[2014.01.17 22:09:52 | 000,069,926 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2014.01.17 22:09:52 | 000,059,440 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2014.01.17 22:09:52 | 000,392,918 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2014.01.17 22:09:52 | 000,395,200 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2014.01.17 22:09:52 | 000,929,478 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 08:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
"" =
"StartCCC" = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe -- [2006.11.10 11:35:24 | 000,090,112 | ---- | M] ()
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun -- [2011.01.20 10:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2014.01.04 14:21:51 | 000,275,568 | ---- | M] (Mozilla Corporation) MD5=1EEA6C1B35191DC177EA83672B9C3FC0 -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2008.04.14 08:52:28 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=414AFE6E8CCDE984E16D5ED08624CEC6 -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.01.17 22:18:56 | 000,000,512 | ---- | M] () MD5=A04A34949F707716018533DAF4250E0D -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2011.05.21 14:41:15 | 000,000,699 | ---- | M] () -- \Documents and Settings\admin\Recent\Crack.lnk
[2009.03.07 13:53:16 | 163,939,816 | ---- | M] () -- \Documents and Settings\All Users\Dokumenty\Sdílené programy\SIMS_zip\Crack\sims2.all.crack+sn+daemon.v.1.2.exe
[2008.08.24 09:08:56 | 005,450,895 | ---- | M] () -- \Documents and Settings\All Users\Dokumenty\Sdílené programy\SIMS_zip\Crack\cracky the sims 2 atd\crack do sims2 pets\THE_SIMS_2_PETS_CRACK.rar
[2011.01.18 17:35:34 | 010,461,517 | ---- | M] () -- \Documents and Settings\All Users\Dokumenty\Sdílené programy\SIMS_zip\Crack\cracky the sims 2 atd\Crack\The_Sims_2_H&M_Fashion_Stuff_-_CRACK(misha-klaren.blog.cz).rar
[2012.01.08 23:16:45 | 034,109,350 | ---- | M] () -- \Documents and Settings\Hry a zábava\Dokumenty\Stažené soubory\Cracky-do-the-sims2-a-datadisků.rar
[2013.10.05 13:38:02 | 000,000,834 | ---- | M] () -- \Documents and Settings\Hry a zábava\Recent\Cracky-do-the-sims2-a-datadisků.lnk
[2008.01.19 12:56:12 | 008,275,962 | ---- | M] () -- \Programy\Instalace\Ad-Aware.2007.Pro.v7.0.1.6.Crack.rar

< *keygen* /s >
[2013.02.09 15:53:03 | 028,887,111 | ---- | M] () -- \Documents and Settings\All Users\Dokumenty\Sdílené programy\TuneUp-Utilities-2013-13.0.3000.138-Wind-XP+cz+-Keygen.zip
[2008.02.26 16:53:36 | 000,054,272 | ---- | M] () -- \Documents and Settings\All Users\Dokumenty\Sdílené programy\SIMS_zip\Crack\cracky the sims 2 atd\keygen.exe
[2012.01.08 23:02:59 | 000,156,105 | ---- | M] () -- \Documents and Settings\All Users\Dokumenty\Sdílené programy\SIMS_zip\Crack\cracky the sims 2 atd\Crack Do The Sims Univerzita\The.Sims.2.Mansion.and.Garden.Stuff.GENERIC_KEYGEN-FFF.zip
[2008.02.26 16:53:36 | 000,054,272 | ---- | M] () -- \Documents and Settings\All Users\Dokumenty\Sdílené programy\SIMS_zip\Crack\cracky the sims 2 atd\crack do volný čas\keygen.exe
[2012.01.08 23:02:59 | 000,156,105 | ---- | M] () -- \Documents and Settings\Hry a zábava\Dokumenty\Stažené soubory\The.Sims.2.Mansion.and.Garden.Stuff.GENERIC_KEYGEN-FFF.zip
[2013.10.05 13:37:54 | 000,000,011 | ---- | M] () -- \Documents and Settings\Hry a zábava\Local Settings\temp\ZGTemp\The.Sims.2.Mansion.and.Garden.Stuff.GENERIC_KEYGEN-FFF.zgd
[2008.07.04 16:26:55 | 000,014,828 | ---- | M] () -- \Programy\Pinnacle Studio\PINNACLE.STUDIO.ULTIMATE.V12-MAGNiTUDE\Pinnacle.Studio.Ultimate.v12.Keygen.Only-MAGNiTUDE.rar

< *loader* /s >
[2012.06.17 13:51:48 | 000,002,545 | ---- | M] () -- \Documents and Settings\Adélka\Local Settings\Temporary Internet Files\Content.IE5\SGX0WLVW\ajax-loader[1].gif
[2010.10.19 12:09:37 | 000,001,804 | ---- | M] () -- \Documents and Settings\Alena\Local Settings\temp\ckz_KFF8\Lang\Czech\AlbumFTPUploaderDialogs.txt
[2009.10.02 10:58:00 | 000,100,685 | ---- | M] () -- \Documents and Settings\Alena\Local Settings\temp\ckz_KFF8\Lang\Czech\AlbumMakerHelp_Files\FTP_uploader.png
[2010.10.19 12:09:37 | 000,001,752 | ---- | M] () -- \Documents and Settings\Alena\Local Settings\temp\ckz_KFF8\Lang\English\AlbumFTPUploaderDialogs.txt
[2010.02.01 12:37:38 | 000,850,808 | ---- | M] () -- \Documents and Settings\Alena\Local Settings\temp\ckz_KFF8\MPR500 Pro 5\AlbumFTPUploader.exe
[2009.07.15 12:19:52 | 000,055,808 | ---- | M] () -- \Documents and Settings\Alena\Local Settings\temp\ckz_KFF8\MPR500 Pro 5\FTPDownloader.exe
[2012.09.25 12:11:33 | 000,002,756 | ---- | M] () -- \Documents and Settings\Alena\Local Settings\Temporary Internet Files\Content.IE5\O9A7G1QR\RmsLoader[1].js
[2012.09.24 17:26:19 | 000,002,756 | ---- | M] () -- \Documents and Settings\Hry a zábava\Local Settings\Temporary Internet Files\Content.IE5\6F4A58NZ\RmsLoader[1].js
[2012.09.26 17:34:00 | 000,004,178 | ---- | M] () -- \Documents and Settings\Hry a zábava\Local Settings\Temporary Internet Files\Content.IE5\9CPPV7M9\dsq-loader-dark[1].gif
[2013.03.15 19:06:41 | 000,002,895 | ---- | M] () -- \Documents and Settings\Hry a zábava\Local Settings\Temporary Internet Files\Content.IE5\9CPPV7M9\rmsloaderdelayed[1].js
[2003.06.13 19:39:22 | 000,008,400 | ---- | M] () -- \Hry\Hrajte naplno 2005\Tuxtype2\src\loaders.c
[2005.04.18 19:14:28 | 000,086,115 | ---- | M] () -- \Program Files\Common Files\Ahead\AudioPlugins\Downloaders.dll
[2011.10.18 12:25:42 | 000,855,136 | ---- | M] () -- \Program Files\FotoMagica\MPR500 Pro 5\AlbumFTPUploader.exe
[2012.01.07 18:21:24 | 000,002,012 | ---- | M] () -- \Program Files\FotoMagica\MPR500 Pro 5\Lang\slovenčina\AlbumFTPUploaderDialogs.txt
[2009.03.31 08:23:58 | 000,289,280 | ---- | M] () -- \Program Files\Samsung\Samsung New PC Studio\NPSAndroidDownloader.dll
[2009.03.12 08:31:22 | 000,285,184 | ---- | M] () -- \Program Files\Samsung\Samsung New PC Studio\NPSLinuxMitsDownloader.dll
[2009.03.31 08:39:20 | 000,208,896 | ---- | M] () -- \Program Files\Samsung\Samsung New PC Studio\Symbian_Downloader_DLL.dll
[2009.04.02 17:03:40 | 000,258,048 | ---- | M] () -- \Program Files\Samsung\Samsung New PC Studio\ModelExtension\NPSBinaryLoader.dll
[2008.11.25 15:52:24 | 000,266,240 | ---- | M] () -- \Program Files\Samsung\Samsung New PC Studio\ModelExtension\NPSBinaryLoader2.dll
[2008.02.25 07:05:22 | 000,856,064 | ---- | M] () -- \Program Files\The KMPlayer\ImLoader.dll
[2010.02.01 12:37:38 | 000,850,808 | ---- | M] () -- \Program Files\TiskProRadost\AlbumMaker\MPR500 Pro 5\AlbumFTPUploader.exe
[2009.07.15 12:19:52 | 000,055,808 | ---- | M] () -- \Program Files\TiskProRadost\AlbumMaker\MPR500 Pro 5\FTPDownloader.exe
[2010.10.19 12:09:37 | 000,001,804 | ---- | M] () -- \Program Files\TiskProRadost\AlbumMaker\MPR500 Pro 5\Lang\Czech\AlbumFTPUploaderDialogs.txt
[2009.10.02 10:58:00 | 000,100,685 | ---- | M] () -- \Program Files\TiskProRadost\AlbumMaker\MPR500 Pro 5\Lang\Czech\AlbumMakerHelp_Files\FTP_uploader.png
[2010.10.19 12:09:37 | 000,001,752 | ---- | M] () -- \Program Files\TiskProRadost\AlbumMaker\MPR500 Pro 5\Lang\English\AlbumFTPUploaderDialogs.txt
[2010.12.14 09:54:22 | 000,166,400 | ---- | M] () -- \Programy\Fotostar Offline client4\CWImageLoader0.dll
[2006.01.15 06:21:26 | 000,856,064 | ---- | M] () -- \Programy\KMPlayer\ImLoader.dll
[2007.04.17 11:16:14 | 000,486,216 | ---- | M] () -- \Programy\Pinnacle Studio\PINNACLE.STUDIO.ULTIMATE.V12-MAGNiTUDE\DISK2\m-pul12b\Vitascene\current\imageloader10x1.dll
[2008.06.20 18:13:32 | 000,044,032 | ---- | M] () -- \Programy\WinRar\RarExtLoader.exe
[2004.08.17 23:49:04 | 000,035,840 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2004.08.04 06:59:37 | 000,230,400 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\osloader.exe
[2004.08.04 06:59:37 | 000,278,016 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\osloader.ntd
[2002.12.12 00:14:32 | 000,033,280 | ---- | M] () -- \WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmloader.dll
[2008.04.14 08:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.14 00:01:48 | 000,230,912 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.14 00:01:50 | 000,278,528 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 08:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[2006.01.12 09:25:06 | 000,009,622 | ---- | M] () -- \WINDOWS\system32\Macromed\Shockwave 10\shockwave_Projector_Loader.dcr

< End of report >

a tady je druhý log extras:

OTL Extras logfile created on: 17.1.2014 22:17:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\admin\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,87 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 78,06% Memory free
2,45 Gb Paging File | 2,14 Gb Available in Paging File | 87,33% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153,38 Gb Total Space | 36,04 Gb Free Space | 23,50% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 538,68 Gb Free Space | 57,83% Space Free | Partition Type: NTFS

Computer Name: GURU-9VQKIPGX | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1343024091-725345543-839522115-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotostar Offline client.exe] -- "C:\Program Files\Fotostar\Fotostar Offline client\Fotostar Offline client.exe" "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"21823:TCP" = 21823:TCP:*:Enabled:BitComet 21823 TCP
"21823:UDP" = 21823:UDP:*:Enabled:BitComet 21823 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Documents and Settings\Hry a zábava\Local Settings\temp\~osC.tmp\rlvknlg.exe" = C:\Documents and Settings\Hry a zábava\Local Settings\temp\~osC.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe
"C:\Documents and Settings\Hry a zábava\Local Settings\Data aplikací\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\Hry a zábava\Local Settings\Data aplikací\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"E:\Hry\ZooTycoon_2\zt.exe" = E:\Hry\ZooTycoon_2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable -- (Microsoft Corporation)
"C:\Program Files\PANDORA.TV\PanService\PandoraService.exe" = C:\Program Files\PANDORA.TV\PanService\PandoraService.exe:*:Enabled:PandoraService -- (Pandora.TV)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{078E59A5-668C-D895-1BFF-68AB834A95F3}" = Catalyst Control Center Graphics Full New
"{0B6E7EA9-D17E-A9BB-7CE0-A1C737EFB5EE}" = Catalyst Control Center Localization Swedish
"{0FE9DBCE-AB97-90AC-DC4B-BB6C2EDAFF71}" = CCC Help Hungarian
"{155FD632-60F5-A777-538C-3194E889C1D0}" = Catalyst Control Center Localization Greek
"{1E44E5A6-4DCE-F13F-E00E-22076CE97FEA}" = CCC Help Turkish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{26C70E22-6E6D-B28F-9039-5E2052C2A3BB}" = CCC Help Danish
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{29138741-C0FD-3812-EA30-3D4790DBF951}" = CCC Help Korean
"{2BC21CD2-8053-406A-80F6-9AB61717B49D}" = ODF Add-in for Microsoft Office
"{2BFCBEDB-79F3-17C4-67B8-A0098E214F6A}" = Catalyst Control Center Graphics Full Existing
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{324B54DB-8576-73C9-7089-9373FFD85E18}" = CCC Help Chinese Traditional
"{333BECA0-DED8-4139-A516-8D9E44E22669}" = Kerio Personal Firewall
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{38797561-17CD-94D2-F422-D83D5133B427}" = CCC Help Chinese Standard
"{3A6898A1-538B-562F-7339-8C5DA25B7254}" = Catalyst Control Center Localization Polish
"{3D190422-5A11-BB51-18B8-7C404DB0E46A}" = Catalyst Control Center Localization Chinese Standard
"{4063CCFF-AEB3-B34C-7D1A-4B32CE46E368}" = CCC Help German
"{41D38ED0-B916-667A-FDD2-965D04D128D5}" = CCC Help Spanish
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims™ 2 Mazlíčci
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FB3FCC4-AAB5-AED5-4412-B21DABE87025}" = Catalyst Control Center Localization Korean
"{4FDF7A38-81F4-55F3-1661-CC211DBC96A2}" = CCC Help English
"{52E1EC3F-B8E4-19B5-7EE6-A728B64A4310}" = CCC Help Swedish
"{55BD9B64-A9A8-44DF-E4AE-BDF60F5D4E90}" = CCC Help Thai
"{5B014615-5EB8-EE17-4256-A7B1640819A3}" = CCC Help Italian
"{5B852893-9997-AE56-ED51-5F332938B543}" = Skins
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Pro Teenagery Kolekce
"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Ovladače videa společnosti Pinnacle
"{6130E589-D759-43AC-8265-28EB0A711446}" = MadOnion.com/3DMark2001
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims™ 2 Koupelny a kuchyně Interiérový design Kolekce
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Pro rodinnou zábavu - Kolekce
"{6E33F77B-952D-0FF5-87C4-7CDB66B0E8A1}" = Catalyst Control Center Localization Czech
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{709A7F8D-E1DA-A26F-2C10-B91CDA616FD9}" = CCC Help Portuguese
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79DE041C-BCA2-EFBF-5BC1-B89CCC2893D2}" = CCC Help Polish
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BD95C90-3FAA-F55C-E9C2-2951F19474A2}" = Catalyst Control Center Localization Portuguese
"{80157B54-DB3E-4EE9-8AD8-63A905765FF4}_is1" = Opti Drive Control 1.50
"{80B4EB2E-F609-F443-E114-5D935412F085}" = CCC Help Greek
"{80EB1351-E642-33EA-0BF9-C681D616E270}" = CCC Help Czech
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Móda Kolekce
"{854B9E99-4007-E575-8E8E-3EDFA5B64CA9}" = CCC Help Dutch
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 Volný čas
"{892994D3-5963-4877-A8DB-629607E8E928}" = 602XML Filler
"{8D5C88CA-2B55-C174-5AC3-643A638C91C8}" = Catalyst Control Center Localization Italian
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90502AE6-C689-A70E-D03D-1AFB6C233EA0}" = Catalyst Control Center Localization Norwegian
"{96639158-501C-D2C4-D25A-B6A86AA4B906}" = Catalyst Control Center Localization Danish
"{977AB934-E01A-DDEC-CF30-B686D5C0A248}" = Catalyst Control Center Localization French
"{982476DE-F2B9-00B0-36E3-DA06948EC1B4}" = Catalyst Control Center Localization Finnish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims™ 2 Pro luxusní život - Kolekce
"{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}" = ArcSoft Software Suite
"{A3C6BA8A-4BFB-4572-8646-080F17B571EC}" = MRPC(Version 1.8.0)
"{A4E913EC-8F82-14BB-F31F-0B983F540968}" = Catalyst Control Center Localization Spanish
"{A75BF1D0-C7C3-CB55-EE17-3225387FD154}" = ccc-core-static
"{AA39701D-F5EA-7EC9-D311-08AB84970CD8}" = Catalyst Control Center Localization German
"{AC76BA86-7AD7-1029-7B44-A95000000001}" = Adobe Reader 9.5.5 - Czech
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD69F082-B9EE-29BE-14A9-6B453A0B644A}" = CCC Help Japanese
"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Obludárium
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2010.build.42
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}" = Pinnacle Instant DVD Recorder
"{C122B78E-8ACA-BDF3-D150-78B26C3C4B94}" = Catalyst Control Center Graphics Light
"{C1E28A5C-94A0-DE77-52FC-177C2930FC48}" = Catalyst Control Center Localization Hungarian
"{C7DA7D9E-56A7-1E08-1B47-427AE3B0C254}" = Catalyst Control Center Core Implementation
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CBE269E6-CB57-7F2E-3A11-3FF3DE4C1B5D}" = CCC Help Norwegian
"{CFAF33CA-01A5-5FD7-70F4-0195A0FBFD8E}" = CCC Help French
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D0CA80F4-880D-8929-A78D-54E2CC46565D}" = Catalyst Control Center Localization Dutch
"{DB40817E-C5E6-6818-47F2-0359EAE14271}" = Catalyst Control Center Localization Japanese
"{DC49E045-EB3F-9A88-7404-933FF86D9E2F}" = CCC Help Finnish
"{E0DB1A31-F468-8E22-B158-C7756F4DE68E}" = CCC Help Russian
"{E33A3E61-E7DA-65FB-75B4-AA68B6F9D83B}" = ccc-utility
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E65906BF-1BB5-0D31-A62C-54A56B687EF5}" = Catalyst Control Center Localization Thai
"{E97C3316-8C49-2267-0976-C6A56C5DC2F8}" = Catalyst Control Center Localization Turkish
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.0.3.1150)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F17CE6DC-028C-C02E-3739-2C2802C08D7C}" = Catalyst Control Center Localization Chinese Traditional
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Balíček ovladače systému Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Balíček ovladače systému Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner (remove only)
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.2.9
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab Decrypter_is1" = DVDFab Decrypter 3.0.8.6
"EADM" = EA Download Manager
"Flash FLV to Video Audio Converter_is1" = Flash FLV to Video Audio Converter v3.0
"FotoMagica_FotoMagica" = FotoMagica
"Fotostar Offline client" = Fotostar Offline client
"Frozen-Bubble_is1" = Frozen-Bubble 1.0
"HijackThis" = HijackThis 2.0.2
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox 26.0 (x86 cs)" = Mozilla Firefox 26.0 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SuperTux_is1" = SuperTux 0.1.0
"The KMPlayer" = The KMPlayer (remove only)
"TiskProRadost_AlbumMaker" = AlbumMaker
"Totalcmd" = Total Commander (Remove or Repair)
"Winamp" = Winamp
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"xp-AntiSpy" = xp-AntiSpy 3.96-8
"Zoo Empire_is1" = Zoo Empire 1.21
"Zoo Tycoon 2" = Zoo Tycoon 2
"ZS Audio Editor_is1" = ZS Audio Editor 1.0.0.11

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 13.1.2014 14:17:49 | Computer Name = GURU-9VQKIPGX | Source = .NET Runtime | ID = 0
Description =

Error - 14.1.2014 13:52:40 | Computer Name = GURU-9VQKIPGX | Source = .NET Runtime | ID = 0
Description =

Error - 16.1.2014 12:51:15 | Computer Name = GURU-9VQKIPGX | Source = .NET Runtime | ID = 0
Description =

Error - 17.1.2014 13:39:01 | Computer Name = GURU-9VQKIPGX | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Nelze rozpoznat název nebo adresu serveru.

Error - 17.1.2014 13:39:01 | Computer Name = GURU-9VQKIPGX | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 17.1.2014 13:46:44 | Computer Name = GURU-9VQKIPGX | Source = Application Error | ID = 1000
Description = Chybující aplikace taskmgr.exe, verze 5.1.2600.5512, chybující modul
unknown, verze 0.0.0.0, adresa chyby 0x7e174c58.

Error - 17.1.2014 16:25:45 | Computer Name = GURU-9VQKIPGX | Source = Application Error | ID = 1000
Description = Chybující aplikace frst.exe, verze 0.0.0.0, chybující modul frst.exe,
verze 0.0.0.0, adresa chyby 0x0001fcbe.

Error - 17.1.2014 16:26:23 | Computer Name = GURU-9VQKIPGX | Source = Application Error | ID = 1000
Description = Chybující aplikace frst.exe, verze 0.0.0.0, chybující modul frst.exe,
verze 0.0.0.0, adresa chyby 0x0001fff4.

Error - 17.1.2014 16:53:31 | Computer Name = GURU-9VQKIPGX | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.


Error - 17.1.2014 16:53:31 | Computer Name = GURU-9VQKIPGX | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.


[ System Events ]
Error - 17.1.2014 16:25:45 | Computer Name = GURU-9VQKIPGX | Source = Service Control Manager | ID = 7028
Description = Klíč registru catchme odmítl přístup k programům účtu SYSTEM. Správce
služeb proto převzal vlastnictví tohoto klíče.

Error - 17.1.2014 16:26:14 | Computer Name = GURU-9VQKIPGX | Source = Service Control Manager | ID = 7028
Description = Klíč registru catchme odmítl přístup k programům účtu SYSTEM. Správce
služeb proto převzal vlastnictví tohoto klíče.

Error - 17.1.2014 16:26:23 | Computer Name = GURU-9VQKIPGX | Source = Service Control Manager | ID = 7028
Description = Klíč registru catchme odmítl přístup k programům účtu SYSTEM. Správce
služeb proto převzal vlastnictví tohoto klíče.

Error - 17.1.2014 16:29:54 | Computer Name = GURU-9VQKIPGX | Source = Print | ID = 23
Description = Tiskárnu pdfFactory,0 se nepodařilo inicializovat, protože potřebný
ovladač pdfFactory 2 nebyl nalezen.

Error - 17.1.2014 16:29:58 | Computer Name = GURU-9VQKIPGX | Source = Service Control Manager | ID = 7000
Description = Služba TuneUp Theme Extension neuspěla při spuštění v důsledku následující
chyby: %%1083

Error - 17.1.2014 16:29:58 | Computer Name = GURU-9VQKIPGX | Source = Service Control Manager | ID = 7000
Description = Služba TuneUp Utilities Service neuspěla při spuštění v důsledku následující
chyby: %%3

Error - 17.1.2014 17:01:25 | Computer Name = GURU-9VQKIPGX | Source = Service Control Manager | ID = 7000
Description = Služba nfrusxam neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 17.1.2014 17:05:47 | Computer Name = GURU-9VQKIPGX | Source = Print | ID = 23
Description = Tiskárnu pdfFactory,0 se nepodařilo inicializovat, protože potřebný
ovladač pdfFactory 2 nebyl nalezen.

Error - 17.1.2014 17:05:51 | Computer Name = GURU-9VQKIPGX | Source = Service Control Manager | ID = 7000
Description = Služba TuneUp Theme Extension neuspěla při spuštění v důsledku následující
chyby: %%1083

Error - 17.1.2014 17:05:51 | Computer Name = GURU-9VQKIPGX | Source = Service Control Manager | ID = 7000
Description = Služba TuneUp Utilities Service neuspěla při spuštění v důsledku následující
chyby: %%3


< End of report >

Spustte znovu OTL

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  :otl
  MOD - [2011.12.06 15:19:48 | 002,090,496 | ---- | M] () -- C:\Program Files\PANDORA.TV\PanService\avcodec-53.dll
  MOD - [2011.12.06 15:19:48 | 001,269,760 | ---- | M] () -- C:\Program Files\PANDORA.TV\PanService\avformat-53.dll
  MOD - [2011.12.06 15:19:48 | 000,133,632 | ---- | M] () -- C:\Program Files\PANDORA.TV\PanService\avutil-51.dll
  SRV - [2011.12.21 15:40:56 | 000,578,264 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
  DRV - File not found [File_System | On_Demand | Stopped] -- ybozifgh.sys -- (ybozifgh)
  DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
  DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
  DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
  DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
  DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
  DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
  DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
  DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
  DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
  DRV - File not found [Kernel | On_Demand | Stopped] -- D:\install4\MSICPL.sys -- (MSICPL)
  DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
  DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
  DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
  DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
  DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\catchme.sys -- (catchme)
  DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aw8ofop2)
  FF - prefs.js..browser.search.defaultengine: "ACPro"
  FF - prefs.js..browser.search.defaultenginename: "DAEMON Search"
  FF - prefs.js..browser.search.order.1: "ACPro"
  FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
  FF - prefs.js..browser.search.useDBForOrder: false
  FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.7.0190
  FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
  FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
  O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
  O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
  O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
  O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error
  [2014.01.17 22:09:26 | 000,410,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\axgpmuqg.sys
  [2014.01.17 22:03:09 | 000,410,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\tsewywxk.sys
  [2014.01.17 19:30:30 | 000,410,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\gbrqieyi.sys
  [2014.01.17 22:09:26 | 000,410,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\axgpmuqg.sys
  [2014.01.17 22:03:09 | 000,410,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\tsewywxk.sys
  [2014.01.17 19:30:30 | 000,410,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\gbrqieyi.sys
  [2014.01.17 19:32:14 | 000,410,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\ybozifgh.sys
  [2011.05.20 21:46:54 | 000,000,235 | ---- | C] () -- C:\Documents and Settings\admin\Data aplikací\mainhst.zgh
  2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
  [1 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
  [7 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
  [1 C:\WINDOWS\system32\config\systemprofile\Local Settings\temp\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\Local Settings\temp\*.tmp -> ]
  [2014.01.17 22:09:26 | 000,410,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\axgpmuqg.sys
  [2014.01.17 19:30:30 | 000,410,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\gbrqieyi.sys
  [2014.01.17 22:03:09 | 000,410,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\tsewywxk.sys
  [2014.01.17 19:32:14 | 000,410,528 | ---- | M] () -- C:\WINDOWS\system32\drivers\ybozifgh.sys
  
  :reg
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  "NeroFilterCheck"=-
  "KernelFaultCheck"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "DAEMON Tools Lite"=-
  
  :files
  C:\WINDOWS\tasks\Adobe Flash Player Updater.job
  C:\WINDOWS\tasks\avast! Emergency Update.job
  C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-725345543-839522115-1005Core.job
  C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-725345543-839522115-1005UA.job
  C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
  C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
  C:\Program Files\PANDORA.TV
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [EMPTYJAVA]

• Nasledne kliknete na Opravit
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Dobré dopoledne, přikládám další log. Restart jsem musel vynutit, PC se po dokončení scriptu nerestartovalo automaticky.

All processes killed
========== OTL ==========
Releasing module C:\Program Files\PANDORA.TV\PanService\avcodec-53.dll
C:\Program Files\PANDORA.TV\PanService\avcodec-53.dll moved successfully.
Service PanService stopped successfully!
Service PanService deleted successfully!
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe moved successfully.
Service ybozifgh stopped successfully!
Service ybozifgh deleted successfully!
File ybozifgh.sys not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service TuneUpUtilitiesDrv stopped successfully!
Service TuneUpUtilitiesDrv deleted successfully!
File C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys not found.
Service SetupNTGLM7X stopped successfully!
Service SetupNTGLM7X deleted successfully!
File D:\NTGLM7X.sys not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service NTACCESS stopped successfully!
Service NTACCESS deleted successfully!
File D:\NTACCESS.sys not found.
Service MSICPL stopped successfully!
Service MSICPL deleted successfully!
File D:\install4\MSICPL.sys not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service GMSIPCI stopped successfully!
Service GMSIPCI deleted successfully!
File D:\INSTALL\GMSIPCI.SYS not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys not found.
Error: No service named aw8ofop2 was found to stop!
Service\Driver key aw8ofop2 not found.
Prefs.js: "ACPro" removed from browser.search.defaultengine
Prefs.js: "DAEMON Search" removed from browser.search.defaultenginename
Prefs.js: "ACPro" removed from browser.search.order.1
Prefs.js: "DAEMON Search" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.useDBForOrder
Prefs.js: DTToolbar@toolbarnet.com:1.1.7.0190 removed from extensions.enabledItems
Prefs.js: plugin@yontoo.com:1.20.00 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37 removed from extensions.enabledItems
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\WINDOWS\system32\drivers\axgpmuqg.sys moved successfully.
C:\WINDOWS\system32\drivers\tsewywxk.sys moved successfully.
C:\WINDOWS\system32\drivers\gbrqieyi.sys moved successfully.
File C:\WINDOWS\System32\drivers\axgpmuqg.sys not found.
File C:\WINDOWS\System32\drivers\tsewywxk.sys not found.
File C:\WINDOWS\System32\drivers\gbrqieyi.sys not found.
C:\WINDOWS\system32\drivers\ybozifgh.sys moved successfully.
C:\Documents and Settings\admin\Data aplikací\mainhst.zgh moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP160.tmp folder deleted successfully.
C:\WINDOWS\Installer\MSI1B.tmp deleted successfully.
C:\WINDOWS\Installer\MSI2.tmp deleted successfully.
C:\WINDOWS\Installer\MSI24.tmp deleted successfully.
C:\WINDOWS\Installer\MSI2D.tmp deleted successfully.
C:\WINDOWS\Installer\MSI3.tmp deleted successfully.
C:\WINDOWS\Installer\MSI34.tmp deleted successfully.
C:\WINDOWS\Installer\MSIA.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\temp\CR_C6B82.tmp\SETUP_PATCH.PACKED.7Z deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\temp\CR_C6B82.tmp folder deleted successfully.
File C:\WINDOWS\system32\drivers\axgpmuqg.sys not found.
File C:\WINDOWS\system32\drivers\gbrqieyi.sys not found.
File C:\WINDOWS\system32\drivers\tsewywxk.sys not found.
File C:\WINDOWS\system32\drivers\ybozifgh.sys not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
========== FILES ==========
C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
C:\WINDOWS\tasks\avast! Emergency Update.job moved successfully.
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-725345543-839522115-1005Core.job moved successfully.
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-725345543-839522115-1005UA.job moved successfully.
File\Folder C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job not found.
File\Folder C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job not found.
C:\Program Files\PANDORA.TV\PanService folder moved successfully.
C:\Program Files\PANDORA.TV folder moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\005791_.tmp moved successfully.
C:\WINDOWS\NV668692.TMP folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: admin
->Temp folder emptied: 408880428 bytes
->Temporary Internet Files folder emptied: 41920142 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 69259156 bytes
->Flash cache emptied: 6527 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Adélka
->Temp folder emptied: 3135623 bytes
->Temporary Internet Files folder emptied: 16434694 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39030810 bytes
->Flash cache emptied: 19962 bytes

User: Alena
->Temp folder emptied: 243058275 bytes
->Temporary Internet Files folder emptied: 153757858 bytes
->Java cache emptied: 6379 bytes
->FireFox cache emptied: 87278057 bytes
->Flash cache emptied: 157851 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Guest
->Temp folder emptied: 587336 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 22501422 bytes
->Flash cache emptied: 17412 bytes

User: Hry a zábava
->Temp folder emptied: 363453473 bytes
->Temporary Internet Files folder emptied: 50772651 bytes
->FireFox cache emptied: 426021568 bytes

User: Hry a zßbava
->Temp folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 8567298 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Pavel

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 607035 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 291966807 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 153740265 bytes
RecycleBin emptied: 120738008 bytes

Total Files Cleaned = 2 386,00 mb


[EMPTYFLASH]

User: admin
->Flash cache emptied: 0 bytes

User: Administrator

User: Adélka
->Flash cache emptied: 0 bytes

User: Alena
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Hry a zábava

User: Hry a zßbava

User: LocalService

User: NetworkService

User: Pavel

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: admin
->Java cache emptied: 0 bytes

User: Administrator

User: Adélka
->Java cache emptied: 0 bytes

User: Alena
->Java cache emptied: 0 bytes

User: All Users

User: Default User

User: Guest

User: Hry a zábava

User: Hry a zßbava

User: LocalService

User: NetworkService

User: Pavel

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01182014_103301

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL udelalo co melo, jak se chova PC??

Pěkný večer přeji.
Start systému byl rychlejší, ale ta instalace AvastuPro stále shazovala WIN. Zkusil jsem spustit instalasi free Avastu a ta se provedla OK.
Pak jsem spustil licenční soubor k Avastu Pro a byl mi nabídnut upgrade, který jsem nechal proběhnout. Následovala výzva Avastu k restartu PC a zde nastal opět zádrhel. I když se PC automaticky restartovalo, již mi nenaběhl systém, resp. se povedlo spustit pouze poslední funkční konfiguraci. Teď je bohužel Avast zcel avypnutý a neprovádí žádné kontroly a nelze s tím nic dělat.
Nevím, zda by pomohlo, kdybych v té chvíli startoval v nouzovém režimu...