Prosim o kontrolu logu - vir pres Skype

Zpráva

Stormmaster · #1 Příspěvek od **Stormmaster** » 21 led 2013 23:21

Logfile of random's system information tool 1.09 (written by random/random)
Run by Konickovic at 2013-01-21 23:17:09
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 124 GB (70%) free of 177 GB
Total RAM: 3001 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:18:27, on 21.1.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Documents and Settings\Konickovic\Plocha\RSIT.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\OOD2000.exe
C:\Program Files\Skype\Updater\Updater.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\trend micro\Konickovic.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.irfanview.net/faq.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [HP Photosmart 5510 series (NET) #2] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1BF22LPB05NR:NW" -scfn "HP Photosmart 5510 series (NET) #2" -AutoStart 1
O4 - HKLM\..\Policies\Explorer\Run: [3167] C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msauajvfv.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/67.10/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2890517906
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 8250 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2, {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, bkmrksync@nokia.com:1.0.0.736, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.5.3&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"bkmrksync@nokia.com"=C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.146 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852]
"Description"=RealMedia Plugin
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662]
"Description"=RealPlayer Version Plugin
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46]
"Description"=6.0.12.46
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5]
"Description"=A component of your photo software powered by RocketLife
"Path"=C:\Documents and Settings\All Users\Data aplikací\Visan\plugins\npRLSecurePluginLayer.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
NPOFFICE.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
SearchquWebSearch.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\extensions\
{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
{20a82645-c095-46ed-80e3-08825760534b}
{800b5000-a755-47e1-992b-48a1c1357f07}
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\
askcom.xml
conduit.xml
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
icqplugin-16.xml
icqplugin-17.xml
icqplugin-18.xml
icqplugin-19.xml
icqplugin-2.xml
icqplugin-20.xml
icqplugin-21.xml
icqplugin-22.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.gif
icqplugin.src
icqplugin.xml
search-the-web.xml
SearchquWebSearch.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-30 75232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-05-08 141336]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-05-08 173592]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-05-08 142872]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2011-03-24 49208]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-11 919008]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2012-08-08 348664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"3167"=C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msauajvfv.exe [2012-06-02 65024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-07-13 17418928]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]
"HP Photosmart 5510 series (NET) #2"=C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2011-05-25 1801064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-07-31 38872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-10-18 455968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2011-07-05 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-05-01 206848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe"="C:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:Instalace zařízení HP (HP Photosmart 5510 series)"
"C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe"="C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:Síťový komunikátor HP (HP Photosmart 5510 series)"
"C:\Games\World_of_Tanks\WOTLauncher.exe"="C:\Games\World_of_Tanks\WOTLauncher.exe:*:Enabled:World of Tanks Launcher"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Konickovic\76968780866536342\winsvc.exe"="C:\Documents and Settings\Konickovic\76968780866536342\winsvc.exe:*:Enabled:Microsoft Windows Update"
"C:\Documents and Settings\Konickovic\75439967573920484\winsvr.exe"="C:\Documents and Settings\Konickovic\75439967573920484\winsvr.exe:*:Enabled:Windows Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-01-21 23:17:09 ----D---- C:\rsit
2013-01-21 17:25:42 ----AH---- C:\Documents and Settings\Konickovic\Data aplikací\winsvcns.sys

======List of files/folders modified in the last 1 month======

2013-01-21 23:18:27 ----D---- C:\Program Files\trend micro
2013-01-21 23:17:54 ----D---- C:\WINDOWS\Temp
2013-01-21 23:17:34 ----D---- C:\WINDOWS
2013-01-21 23:17:00 ----D---- C:\Documents and Settings\Konickovic\Data aplikací\Skype
2013-01-21 23:15:42 ----D---- C:\WINDOWS\system32\CatRoot2
2013-01-21 23:15:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-01-21 22:46:17 ----D---- C:\WINDOWS\system32\NtmsData
2013-01-21 22:43:49 ----SHD---- C:\WINDOWS\Installer
2013-01-21 22:43:48 ----RD---- C:\Program Files\Skype
2013-01-21 22:43:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2013-01-21 22:41:40 ----D---- C:\Program Files\Google
2013-01-21 22:41:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2013-01-21 22:40:58 ----RD---- C:\Program Files
2013-01-21 22:40:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\BigFishGamesCache
2013-01-21 22:33:40 ----D---- C:\WINDOWS\Debug
2013-01-21 22:33:11 ----SD---- C:\WINDOWS\Tasks
2013-01-21 22:32:36 ----D---- C:\WINDOWS\Prefetch
2013-01-21 22:29:17 ----HD---- C:\WINDOWS\inf
2013-01-21 22:08:42 ----D---- C:\WINDOWS\Registration
2013-01-21 21:59:53 ----D---- C:\WINDOWS\pss
2013-01-21 10:11:49 ----D---- C:\Program Files\Mozilla Firefox
2013-01-18 18:06:23 ----RD---- C:\Dokumenty
2013-01-18 18:03:17 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2013-01-15 19:47:14 ----D---- C:\WINDOWS\system32
2013-01-15 19:00:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-01-15 19:00:38 ----D---- C:\WINDOWS\ie8updates
2013-01-15 19:00:23 ----HD---- C:\WINDOWS\$hf_mig$
2013-01-14 21:58:41 ----AC---- C:\WINDOWS\winamp.ini
2013-01-11 16:18:32 ----D---- C:\WINDOWS\Microsoft.NET
2013-01-11 16:18:28 ----RSD---- C:\WINDOWS\assembly
2013-01-10 19:27:39 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-01-10 19:26:12 ----D---- C:\WINDOWS\WinSxS
2013-01-10 19:00:58 ----A---- C:\WINDOWS\system32\MRT.exe
2013-01-09 17:05:38 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-01-06 06:33:55 ----A---- C:\WINDOWS\system32\mshtml.dll
2013-01-02 08:09:28 ----AC---- C:\WINDOWS\NeroDigital.ini
2012-12-24 10:39:19 ----RSD---- C:\WINDOWS\Fonts
2012-12-23 20:04:21 ----D---- C:\Documents and Settings\Konickovic\Data aplikací\ICQ

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-04-27 137928]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2012-04-16 36000]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-04-16 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2012-04-24 83392]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2009-03-26 1503840]
R3 btaudio;Zvukové zařízení Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2009-04-02 534312]
R3 BTDriver;Ovladač virtuálních komunikací Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2009-04-02 37160]
R3 BTKRNL;Enumenátor sběrnice Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2009-04-02 991136]
R3 BTWDNDIS;Server pro přístup k síti LAN Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2009-04-02 156816]
R3 btwmodem;Modem Bluetooth; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2009-04-02 37032]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2009-04-02 47272]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAU32.sys [2009-03-09 805888]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-05-01 6315008]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2009-11-13 49664]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\WINDOWS\system32\DRIVERS\athr.sys [2009-03-26 1093632]
S3 catchme;catchme; \??\C:\DOCUME~1\KONICK~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2010-07-12 60104]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2010-07-12 73032]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-04-16 5888]
S3 sermouse;Ovladač sériové myši; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-10-24 17664]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2012-05-01 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2009-03-23 349528]
R2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-08-26 116648]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-10-18 79136]
R2 OOD2000;O&O Defrag 2000; C:\WINDOWS\system32\OOD2000.exe [2001-04-06 238080]
R2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-09 251400]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-08-26 116648]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-11-15 382248]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 21 led 2013 23:25

Zdravim

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Search
Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Pockejte na dokonceni PreScanu
Zvolte moznost Prohledat (scan)
Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte
Detailni postup vc. obrazku mate zde http://forum.viry.cz/viewtopic.php?f=24&t=120452

Stormmaster · #3 Příspěvek od **Stormmaster** » 21 led 2013 23:31

# AdwCleaner v2.107 - Logfile created 01/21/2013 at 23:28:40
# Updated 21/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Konickovic - KONICKOVI
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Konickovic\Plocha\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
File Found : C:\WINDOWS\system32\conduitEngine.tmp
Folder Found : C:\Documents and Settings\All Users\Data aplikací\Bandoo
Folder Found : C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
Folder Found : C:\Documents and Settings\All Users\Data aplikací\Trymedia
Folder Found : C:\Documents and Settings\Konickovic\Data aplikací\Bandoo
Folder Found : C:\Documents and Settings\Konickovic\Data aplikací\iWin
Folder Found : C:\Program Files\Bandoo
Folder Found : C:\Program Files\ICQ6Toolbar

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\Software\Bandoo
Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Found : HKLM\SOFTWARE\Classes\AppID\{3AD7A5B6-610D-4A82-979E-0AED20920690}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9C123289-82E1-4DA7-A3C2-B8D28AAD114B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A01A3335-0C30-4312-A430-92356CC37A92}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EDE2C296-2458-4E3B-A846-4B512C0703B5}
Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCoordinator.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\FlashAnimator.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
Key Found : HKLM\SOFTWARE\Classes\BandooCoordinator.BandooCoordinator
Key Found : HKLM\SOFTWARE\Classes\BandooCoordinator.BandooCoordinator.1
Key Found : HKLM\SOFTWARE\Classes\BandooCoordinator.CoordinatorUI
Key Found : HKLM\SOFTWARE\Classes\BandooCoordinator.CoordinatorUI.1
Key Found : HKLM\SOFTWARE\Classes\BandooCoordinator.hxxpAsyncResult
Key Found : HKLM\SOFTWARE\Classes\BandooCoordinator.hxxpAsyncResult.1
Key Found : HKLM\SOFTWARE\Classes\BandooCoordinator.PlugInNotifier
Key Found : HKLM\SOFTWARE\Classes\BandooCoordinator.PlugInNotifier.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooIEPlugin.BandooIEPlugin
Key Found : HKLM\SOFTWARE\Classes\BandooIEPlugin.BandooIEPlugin.1
Key Found : HKLM\SOFTWARE\Classes\BFlashAnimator.BFlashAnimatorCtrl
Key Found : HKLM\SOFTWARE\Classes\BFlashAnimator.BFlashAnimatorCtrl.1
Key Found : HKLM\SOFTWARE\Classes\BGIFAnimator.BGIFAnimatorCtrl
Key Found : HKLM\SOFTWARE\Classes\BGIFAnimator.BGIFAnimatorCtrl.1
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Interface\{01222E21-6BD0-4EB3-94F1-967EB09CCED5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{33DDFC61-F531-4982-8C32-4212B7835D44}
Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9005ED5-4A1D-4606-A4DF-1A25E7D7B417}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2247187
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3AD7A5B6-610D-4A82-979E-0AED20920690}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4410C118-B23C-406C-9F52-9CDABD90A5EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{62E5C9E1-A0E8-4F8C-8EAF-0F9250CC5786}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C123289-82E1-4DA7-A3C2-B8D28AAD114B}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CE1CB632-6817-47B3-8587-D05AF75D6D5A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\9e5114169e9cec08337a2d7c2a1fe21a
Key Found : HKU\S-1-5-21-117609710-343818398-1606980848-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Found : HKU\S-1-5-21-117609710-343818398-1606980848-1003\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8}
Key Found : HKU\S-1-5-21-117609710-343818398-1606980848-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [firefox@bandoo.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

*************************

AdwCleaner[R1].txt - [7333 octets] - [21/01/2013 23:28:40]

########## EOF - C:\AdwCleaner[R1].txt - [7393 octets] ##########

Stormmaster · #4 Příspěvek od **Stormmaster** » 21 led 2013 23:32

RogueKiller V8.4.3 [Jan 21 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Konickovic [Práva správce]
Mód : Kontrola -- Datum : 01/21/2013 23:29:31

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 4 ¤¤¤
[RUN][ROGUE ST] HKLM\[...]\Policies\Explorer\\Run : 3167 (C:\Documents and Settings\All Users\Local Settings\Temp\msauajvfv.exe) -> NALEZENO
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
SSDT[25] : NtClose @ 0x805BC538 -> HOOKED (Unknown @ 0xBA75641C)
SSDT[41] : NtCreateKey @ 0x806240F6 -> HOOKED (Unknown @ 0xBA7563D6)
SSDT[50] : NtCreateSection @ 0x805AB3D0 -> HOOKED (Unknown @ 0xBA756426)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0xBA7563CC)
SSDT[63] : NtDeleteKey @ 0x80624592 -> HOOKED (Unknown @ 0xBA7563DB)
SSDT[65] : NtDeleteValueKey @ 0x80624762 -> HOOKED (Unknown @ 0xBA7563E5)
SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0xBA756417)
SSDT[98] : NtLoadKey @ 0x8062631A -> HOOKED (Unknown @ 0xBA7563EA)
SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0xBA7563B8)
SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0xBA7563BD)
SSDT[177] : NtQueryValueKey @ 0x8062231A -> HOOKED (Unknown @ 0xBA75643F)
SSDT[193] : NtReplaceKey @ 0x806261CA -> HOOKED (Unknown @ 0xBA7563F4)
SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D7E -> HOOKED (Unknown @ 0xBA756430)
SSDT[204] : NtRestoreKey @ 0x80625AD6 -> HOOKED (Unknown @ 0xBA7563EF)
SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0xBA75642B)
SSDT[237] : NtSetSecurityObject @ 0x805C0636 -> HOOKED (Unknown @ 0xBA756435)
SSDT[247] : NtSetValueKey @ 0x80622668 -> HOOKED (Unknown @ 0xBA7563E0)
SSDT[255] : NtSystemDebugControl @ 0x806180CA -> HOOKED (Unknown @ 0xBA75643A)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0xBA7563C7)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xBA75644E)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xBA756453)

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEVT-22ZAT0 +++++
--- User ---
[MBR] 36313a6db5910c56471065c21105bdb6
[BSP] 4b9827c1b7db7d75093e824cd7c9ec82 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 176926 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 362346075 | Size: 300010 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Generic Flash Disk USB Device +++++
--- User ---
[MBR] f370f1a8cb14030ea6148d86dae30535
[BSP] f2e920cbb348efa659923a6ba441194e : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 2001 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[1]_S_01212013_02d2329.txt >>
RKreport[1]_S_01212013_02d2329.txt

#5 Příspěvek od **vyosek** » 21 led 2013 23:34

Spustte znovu RogueKiller

Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte

Spustte znovu AdwCleaner

Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Delete
PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

Stormmaster · #6 Příspěvek od **Stormmaster** » 21 led 2013 23:43

RogueKiller V8.4.3 [Jan 21 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Konickovic [Práva správce]
Mód : Odebrat -- Datum : 01/21/2013 23:36:00

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 4 ¤¤¤
[RUN][ROGUE ST] HKLM\[...]\Policies\Explorer\\Run : 3167 (C:\Documents and Settings\All Users\Local Settings\Temp\msauajvfv.exe) -> VYMAZÁNO
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> NAHRAZENO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
SSDT[25] : NtClose @ 0x805BC538 -> HOOKED (Unknown @ 0xBA75641C)
SSDT[41] : NtCreateKey @ 0x806240F6 -> HOOKED (Unknown @ 0xBA7563D6)
SSDT[50] : NtCreateSection @ 0x805AB3D0 -> HOOKED (Unknown @ 0xBA756426)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0xBA7563CC)
SSDT[63] : NtDeleteKey @ 0x80624592 -> HOOKED (Unknown @ 0xBA7563DB)
SSDT[65] : NtDeleteValueKey @ 0x80624762 -> HOOKED (Unknown @ 0xBA7563E5)
SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0xBA756417)
SSDT[98] : NtLoadKey @ 0x8062631A -> HOOKED (Unknown @ 0xBA7563EA)
SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0xBA7563B8)
SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0xBA7563BD)
SSDT[177] : NtQueryValueKey @ 0x8062231A -> HOOKED (Unknown @ 0xBA75643F)
SSDT[193] : NtReplaceKey @ 0x806261CA -> HOOKED (Unknown @ 0xBA7563F4)
SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D7E -> HOOKED (Unknown @ 0xBA756430)
SSDT[204] : NtRestoreKey @ 0x80625AD6 -> HOOKED (Unknown @ 0xBA7563EF)
SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0xBA75642B)
SSDT[237] : NtSetSecurityObject @ 0x805C0636 -> HOOKED (Unknown @ 0xBA756435)
SSDT[247] : NtSetValueKey @ 0x80622668 -> HOOKED (Unknown @ 0xBA7563E0)
SSDT[255] : NtSystemDebugControl @ 0x806180CA -> HOOKED (Unknown @ 0xBA75643A)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0xBA7563C7)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xBA75644E)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xBA756453)

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEVT-22ZAT0 +++++
--- User ---
[MBR] 36313a6db5910c56471065c21105bdb6
[BSP] 4b9827c1b7db7d75093e824cd7c9ec82 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 176926 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 362346075 | Size: 300010 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[3]_D_01212013_02d2336.txt >>
RKreport[1]_S_01212013_02d2329.txt ; RKreport[2]_S_01212013_02d2335.txt ; RKreport[3]_D_01212013_02d2336.txt

Stormmaster · #7 Příspěvek od **Stormmaster** » 21 led 2013 23:44

RogueKiller V8.4.3 [Jan 21 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Konickovic [Práva správce]
Mód : Oprava HOSTS -- Datum : 01/21/2013 23:36:54

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončeno : << RKreport[5]_H_01212013_02d2336.txt >>
RKreport[1]_S_01212013_02d2329.txt ; RKreport[2]_S_01212013_02d2335.txt ; RKreport[3]_D_01212013_02d2336.txt ; RKreport[4]_H_01212013_02d2336.txt ; RKreport[5]_H_01212013_02d2336.txt

Stormmaster · #8 Příspěvek od **Stormmaster** » 21 led 2013 23:45

# AdwCleaner v2.107 - Logfile created 01/21/2013 at 23:38:36
# Updated 21/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Konickovic - KONICKOVI
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Konickovic\Plocha\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Bandoo
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Trymedia
Folder Deleted : C:\Documents and Settings\Konickovic\Data aplikací\Bandoo
Folder Deleted : C:\Documents and Settings\Konickovic\Data aplikací\iWin
Folder Deleted : C:\Program Files\Bandoo
Folder Deleted : C:\Program Files\ICQ6Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\Software\Bandoo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3AD7A5B6-610D-4A82-979E-0AED20920690}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9C123289-82E1-4DA7-A3C2-B8D28AAD114B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A01A3335-0C30-4312-A430-92356CC37A92}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EDE2C296-2458-4E3B-A846-4B512C0703B5}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCoordinator.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\FlashAnimator.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.BandooCoordinator
Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.BandooCoordinator.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.CoordinatorUI
Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.CoordinatorUI.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.hxxpAsyncResult
Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.hxxpAsyncResult.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.PlugInNotifier
Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.PlugInNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooIEPlugin.BandooIEPlugin
Key Deleted : HKLM\SOFTWARE\Classes\BandooIEPlugin.BandooIEPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\BFlashAnimator.BFlashAnimatorCtrl
Key Deleted : HKLM\SOFTWARE\Classes\BFlashAnimator.BFlashAnimatorCtrl.1
Key Deleted : HKLM\SOFTWARE\Classes\BGIFAnimator.BGIFAnimatorCtrl
Key Deleted : HKLM\SOFTWARE\Classes\BGIFAnimator.BGIFAnimatorCtrl.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01222E21-6BD0-4EB3-94F1-967EB09CCED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{33DDFC61-F531-4982-8C32-4212B7835D44}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9005ED5-4A1D-4606-A4DF-1A25E7D7B417}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2247187
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3AD7A5B6-610D-4A82-979E-0AED20920690}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4410C118-B23C-406C-9F52-9CDABD90A5EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{62E5C9E1-A0E8-4F8C-8EAF-0F9250CC5786}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C123289-82E1-4DA7-A3C2-B8D28AAD114B}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CE1CB632-6817-47B3-8587-D05AF75D6D5A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\9e5114169e9cec08337a2d7c2a1fe21a
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [firefox@bandoo.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

*************************

AdwCleaner[R1].txt - [7462 octets] - [21/01/2013 23:28:40]
AdwCleaner[S1].txt - [7133 octets] - [21/01/2013 23:38:36]

########## EOF - C:\AdwCleaner[S1].txt - [7193 octets] ##########

#9 Příspěvek od **vyosek** » 21 led 2013 23:47

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

Stormmaster · #10 Příspěvek od **Stormmaster** » 22 led 2013 06:11

OTL logfile created on: 21.1.2013 23:51:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Konickovic\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,93 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 83,80% Memory free
4,77 Gb Paging File | 4,35 Gb Available in Paging File | 91,22% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 172,78 Gb Total Space | 121,38 Gb Free Space | 70,25% Space Free | Partition Type: NTFS
Drive E: | 292,98 Gb Total Space | 288,29 Gb Free Space | 98,40% Space Free | Partition Type: NTFS
Drive F: | 1,95 Gb Total Space | 1,95 Gb Free Space | 99,90% Space Free | Partition Type: FAT32

Computer Name: KONICKOVI | User Name: Konickovic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2013.01.21 23:48:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Konickovic\Plocha\OTL.exe
PRC - [2012.08.08 17:54:24 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.06.26 12:10:30 | 001,516,632 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2012.06.11 10:33:26 | 000,724,376 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012.06.11 10:33:14 | 000,174,488 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012.06.11 10:33:06 | 000,126,872 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2012.06.11 10:32:52 | 000,165,784 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
PRC - [2012.05.02 00:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.01 23:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 01:11:59 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.05.25 17:23:16 | 001,801,064 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
PRC - [2009.03.23 16:41:06 | 001,451,384 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009.03.23 16:41:06 | 000,603,488 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012.07.31 02:08:04 | 000,016,872 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2012.06.26 12:11:10 | 000,345,688 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll
MOD - [2012.06.26 12:11:08 | 000,282,200 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2012.06.26 12:11:02 | 008,197,208 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll
MOD - [2012.06.26 12:11:00 | 002,302,040 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2012.06.26 12:10:58 | 000,202,328 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
MOD - [2012.06.26 12:10:58 | 000,027,736 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
MOD - [2012.04.16 22:11:02 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009.03.23 16:40:06 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2009.03.23 16:38:08 | 000,069,697 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2008.04.14 07:51:48 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2002.07.19 18:16:50 | 000,270,336 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll
MOD - [2002.05.14 18:22:34 | 000,122,880 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Services (SafeList) ==========

SRV - [2013.01.09 17:05:38 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.11 10:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.05.02 00:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.01 23:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2001.04.06 13:57:46 | 000,238,080 | ---- | M] (O&O Software GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\OOD2000.exe -- (OOD2000)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\KONICK~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012.06.11 10:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.04.27 09:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.24 23:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 20:18:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.07.12 14:49:18 | 000,060,104 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2010.07.12 13:48:56 | 000,073,032 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.13 09:43:50 | 000,049,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009.04.02 01:50:00 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009.04.02 01:50:00 | 000,534,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009.04.02 01:50:00 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2009.04.02 01:50:00 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009.04.02 01:50:00 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2009.04.02 01:50:00 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2009.03.26 09:35:00 | 001,503,840 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009.03.26 09:35:00 | 001,093,632 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athr.sys -- (athr)
DRV - [2009.03.09 12:32:00 | 000,805,888 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2006.11.22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={ ... rer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.avira.com/?l=dis&o=APN104 ... cale=en_CZ
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.avira.com/?l=dis&o=APN104 ... cale=en_CZ
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-117609710-343818398-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-117609710-343818398-1606980848-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-117609710-343818398-1606980848-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-117609710-343818398-1606980848-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-117609710-343818398-1606980848-1003\..\SearchScopes\{07396E0B-1A74-4FD1-B016-247CF0E8DCBE}: "URL" = http://websearch.ask.com/redirect?clien ... 552FDDB9D4
IE - HKU\S-1-5-21-117609710-343818398-1606980848-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-117609710-343818398-1606980848-1003\..\SearchScopes\{E59A45FF-B5CF-4D7F-917D-4ED3166A78D6}: "URL" = http://search.freecause.com/search?ourm ... earchTerms}
IE - HKU\S-1-5-21-117609710-343818398-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Mario Forever Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_result ... r=1.2.9&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.5.3
FF - prefs.js..extensions.enabledAddons: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.2.2
FF - prefs.js..extensions.enabledAddons: {ea614400-e918-4741-9a97-7a972ff7c30b}:2.5.12
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... r=1.5.3&q="
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Documents and Settings\All Users\Data aplikací\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Konickovic\Local Settings\Data aplikací\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Konickovic\Local Settings\Data aplikací\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2012.08.10 14:07:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.09 20:24:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.16 14:30:45 | 000,000,000 | ---D | M]

[2010.12.01 18:11:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Extensions
[2013.01.04 22:02:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\extensions
[2012.10.08 14:37:18 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010.04.27 13:49:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.07.26 16:16:26 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2013.01.04 22:02:04 | 000,000,000 | ---D | M] (Seznam liĹˇtiÄŤka) -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2011.11.17 19:25:44 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\askcom.xml
[2010.01.20 12:14:04 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\conduit.xml
[2013.01.19 20:57:24 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-1.xml
[2011.06.18 19:56:18 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-10.xml
[2011.06.27 19:32:49 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-11.xml
[2011.08.18 19:13:57 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-12.xml
[2011.09.04 07:55:29 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-13.xml
[2011.09.07 17:17:04 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-14.xml
[2011.10.01 20:06:41 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-15.xml
[2011.11.10 15:09:07 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-16.xml
[2012.01.02 20:31:44 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-17.xml
[2012.02.02 18:29:52 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-18.xml
[2012.02.12 11:53:44 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-19.xml
[2010.10.21 15:44:07 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-2.xml
[2012.02.18 13:56:36 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-20.xml
[2012.03.07 20:25:30 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-21.xml
[2012.03.07 20:26:36 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-22.xml
[2010.10.29 15:45:47 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-3.xml
[2010.12.01 19:15:17 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-4.xml
[2011.01.09 20:58:13 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-5.xml
[2011.03.08 20:33:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-6.xml
[2011.03.24 09:25:36 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-7.xml
[2011.04.30 17:36:53 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-8.xml
[2011.05.06 08:28:24 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-9.xml
[2012.07.24 13:48:30 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin.gif
[2012.07.24 13:48:30 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin.src
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin.xml
[2010.10.01 20:33:51 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\search-the-web.xml
[2010.08.12 12:12:24 | 000,005,529 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\SearchquWebSearch.xml
[2012.06.22 17:18:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.09 18:58:14 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.03.09 20:24:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012.03.09 20:24:21 | 000,000,000 | ---D | M] (Seznam liĹˇtiÄŤka) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2012.01.29 17:10:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.04.12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.29 16:37:00 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2012.01.29 16:37:00 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2012.01.29 16:37:00 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2012.01.29 16:37:00 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012.01.29 16:37:00 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - homepage: http://www.seznam.cz/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.seznam.cz/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Konickovic\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Konickovic\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Konickovic\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: registryAccess (Enabled) = C:\Documents and Settings\Konickovic\Local Settings\Data aplikac\u00ED\Google\Chrome\User Data\Default\Extensions\aaaaoahhbmfiopgbablmbaehhfjfbgob\7.13.2.0_0\background/registryAccess.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Documents and Settings\Konickovic\Data aplikac\u00ED\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Konickovic\Local Settings\Data aplikac\u00ED\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2013.01.21 23:36:54 | 000,000,019 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-117609710-343818398-1606980848-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-117609710-343818398-1606980848-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-21-117609710-343818398-1606980848-1003..\Run: [HP Photosmart 5510 series (NET) #2] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-117609710-343818398-1606980848-1003..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-117609710-343818398-1606980848-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-117609710-343818398-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-117609710-343818398-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-117609710-343818398-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/67.10/uploader2.cab (UploadListView Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 2890517906 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.04.12 20:21:05 | 000,000,000 | ---D | M] - C:\Auto-diagnostika -- [ NTFS ]
O32 - AutoRun File - [2010.01.07 21:21:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (pgdfgsvc C 1)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2013.01.21 23:49:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Konickovic\Plocha\OTL.exe
[2013.01.21 23:29:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Konickovic\Plocha\RK_Quarantine
[2013.01.21 23:17:09 | 000,000,000 | ---D | C] -- C:\rsit
[2013.01.21 22:33:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Konickovic\Recent
[2013.01.21 17:26:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Local Settings
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Konickovic\Local Settings\Data aplikací\*.tmp files -> C:\Documents and Settings\Konickovic\Local Settings\Data aplikací\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2013.01.21 23:56:16 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.01.21 23:48:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Konickovic\Plocha\OTL.exe
[2013.01.21 23:41:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.21 23:40:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.21 23:27:24 | 000,766,464 | ---- | M] () -- C:\Documents and Settings\Konickovic\Plocha\RogueKiller.exe
[2013.01.21 23:27:06 | 000,574,315 | ---- | M] () -- C:\Documents and Settings\Konickovic\Plocha\adwcleaner.exe
[2013.01.21 22:27:06 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Konickovic\Plocha\RSIT.exe
[2013.01.21 21:56:00 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\winsvcns.sys
[2013.01.21 09:55:19 | 000,153,137 | ---- | M] () -- C:\Documents and Settings\Konickovic\Plocha\sdf.JPG
[2013.01.20 16:57:38 | 000,020,231 | ---- | M] () -- C:\Documents and Settings\Konickovic\Plocha\Vector_Animal_00027-300x300.jpg
[2013.01.19 19:40:55 | 000,072,961 | ---- | M] () -- C:\Documents and Settings\Konickovic\Plocha\149340_358109057630700_1809745914_n.jpg
[2013.01.15 20:41:30 | 000,116,188 | ---- | M] () -- C:\Documents and Settings\Konickovic\Plocha\20.jpg
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Konickovic\Local Settings\Data aplikací\*.tmp files -> C:\Documents and Settings\Konickovic\Local Settings\Data aplikací\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.01.21 23:56:16 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.01.21 23:28:17 | 000,766,464 | ---- | C] () -- C:\Documents and Settings\Konickovic\Plocha\RogueKiller.exe
[2013.01.21 23:28:09 | 000,574,315 | ---- | C] () -- C:\Documents and Settings\Konickovic\Plocha\adwcleaner.exe
[2013.01.21 22:31:59 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Konickovic\Plocha\RSIT.exe
[2013.01.21 17:25:42 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Konickovic\Data aplikací\winsvcns.sys
[2013.01.21 09:55:19 | 000,153,137 | ---- | C] () -- C:\Documents and Settings\Konickovic\Plocha\sdf.JPG
[2013.01.20 16:57:45 | 000,020,231 | ---- | C] () -- C:\Documents and Settings\Konickovic\Plocha\Vector_Animal_00027-300x300.jpg
[2013.01.19 19:40:54 | 000,072,961 | ---- | C] () -- C:\Documents and Settings\Konickovic\Plocha\149340_358109057630700_1809745914_n.jpg
[2013.01.15 20:41:30 | 000,116,188 | ---- | C] () -- C:\Documents and Settings\Konickovic\Plocha\20.jpg
[2012.11.20 14:48:04 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2012.05.16 13:17:00 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Konickovic\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.10 13:22:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.03.10 13:22:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.03.10 13:22:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.03.10 13:22:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.03.10 13:22:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.02.16 15:34:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.05 15:30:34 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Konickovic\Local Settings\Data aplikací\fusioncache.dat
[2011.12.27 15:32:41 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\Ament.ini
[2011.12.24 11:36:54 | 000,000,891 | ---- | C] () -- C:\Documents and Settings\Konickovic\.recently-used.xbel
[2011.04.10 10:33:33 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011.03.29 20:39:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\msds.dat
[2011.03.19 15:27:37 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\hlduinst.exe

========== ZeroAccess Check ==========

[2010.01.07 19:23:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009.10.29 06:26:44 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 07:52:06 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011.01.20 19:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AdventureChronicles1
[2011.01.06 17:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alawar Stargaze
[2011.12.10 12:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AlawarWrapper
[2011.03.12 21:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AWEM
[2012.04.02 20:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Big Fish Games
[2011.10.22 09:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\CropBusters
[2010.12.13 17:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DivoGames
[2011.12.11 15:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Easybits GO
[2012.04.02 20:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Encore
[2010.11.28 16:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Escape From Paradise_11
[2011.03.12 21:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\EscapeTheMuseum2
[2012.03.07 14:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\F4D55F3B015F661800223CF5D151FC4E
[2011.01.28 11:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Funny Bear Studio
[2013.01.21 23:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2012.08.10 14:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2010.01.11 19:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\LightScribe
[2010.12.05 13:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2011.01.09 21:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Phenomedia
[2010.10.14 20:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Playrix Entertainment
[2011.03.01 14:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Princess Isabella
[2011.09.16 20:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\rionix
[2010.11.19 22:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Rumbic Studio
[2011.04.25 07:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\RVLGames
[2013.01.18 18:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2012.11.03 14:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Visan
[2010.10.01 17:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Alawar
[2012.10.02 19:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\AlawarEntertainment
[2011.03.23 16:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Awem
[2011.09.16 20:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\EnchantedCavern
[2011.12.15 18:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\EnchantedCavern2
[2010.12.31 11:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\FairyNook
[2012.03.17 19:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Friday's games
[2011.12.24 11:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\gtk-2.0
[2012.12.23 20:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\ICQ
[2010.12.12 19:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\InImages
[2010.05.24 15:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\LG Electronics
[2011.02.03 14:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Lonely Troops
[2011.11.20 19:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\md studio
[2010.07.02 17:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Mikrotik
[2010.12.05 14:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Nokia
[2010.12.05 13:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\PC Suite
[2012.06.30 08:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\PhotoFiltre
[2011.02.13 12:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Sky Bros
[2011.08.28 07:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\TeamViewer
[2010.02.08 12:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Thinstall
[2011.11.21 15:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\VendelGAMES
[2012.11.03 14:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Visan
[2012.07.02 15:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\wargaming.net

========== Purity Check ==========

========== Custom Scans ==========

< >
[2012.03.10 13:41:19 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT

< >

< MD5 for: ATAPI.SYS >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 07:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe

< MD5 for: CDROM.SYS >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.13 23:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe

< MD5 for: HAL.DLL >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.13 23:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\hal.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 07:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 07:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.02.09 12:18:56 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=3D107D45CCFDB266E91D84B52CD7F430 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009.02.09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009.02.09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\system32\services.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 07:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 07:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 07:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 07:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< >

< %systemroot%*.* /U /s >
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[17 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[4 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.01.07 19:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Adobe
[2010.10.01 17:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Alawar
[2012.10.02 19:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\AlawarEntertainment
[2010.01.30 21:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Apple Computer
[2012.05.26 07:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Avira
[2011.03.23 16:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Awem
[2011.09.16 20:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\EnchantedCavern
[2011.12.15 18:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\EnchantedCavern2
[2010.12.31 11:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\FairyNook
[2012.03.17 19:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Friday's games
[2012.08.26 16:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Google
[2011.12.24 11:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\gtk-2.0
[2011.02.03 08:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Help
[2012.05.19 20:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\HpUpdate
[2012.12.23 20:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\ICQ
[2010.01.07 21:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Identities
[2010.12.12 19:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\InImages
[2010.05.24 15:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\InstallShield
[2010.05.24 15:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\LG Electronics
[2011.02.03 14:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Lonely Troops
[2010.01.09 18:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Macromedia
[2011.11.20 19:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\md studio
[2010.01.10 15:45:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Media Player Classic
[2012.09.13 09:08:20 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Microsoft
[2010.07.02 17:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Mikrotik
[2010.12.01 18:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla
[2010.01.12 19:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Nero
[2010.12.05 14:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Nokia
[2010.12.05 13:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\PC Suite
[2012.06.30 08:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\PhotoFiltre
[2010.01.08 06:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Real
[2011.02.13 12:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Sky Bros
[2013.01.21 23:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Skype
[2011.05.28 07:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\skypePM
[2010.01.07 19:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Sun
[2011.08.28 07:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\TeamViewer
[2010.02.08 12:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Thinstall
[2011.11.21 15:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\VendelGAMES
[2012.11.03 14:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\Visan
[2012.07.02 15:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\wargaming.net
[2011.10.02 20:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Konickovic\Data aplikací\WinRAR

< %APPDATA%\*.exe /s >
[2011.12.28 18:11:38 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010.01.07 22:08:21 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010.01.07 22:08:20 | 001,093,632 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010.01.07 22:08:20 | 000,495,616 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2013.01.21 23:41:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 07:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun -- [2012.07.13 12:33:24 | 017,418,928 | R--- | M] (Skype Technologies S.A.)
"PC Suite Tray" = "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray -- [2012.06.26 12:10:30 | 001,516,632 | ---- | M] (Nokia)
"HP Photosmart 5510 series (NET) #2" = "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1BF22LPB05NR:NW" -scfn "HP Photosmart 5510 series (NET) #2" -AutoStart 1 -- [2011.05.25 17:23:16 | 001,801,064 | ---- | M] (Hewlett-Packard Co.)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2012.01.29 17:10:19 | 000,924,632 | ---- | M] (Mozilla Corporation) MD5=2DE2B92C4EFEF841CEAA9752FC8FA91F -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009.03.08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013.01.21 23:56:16 | 000,000,512 | ---- | M] () MD5=36313A6DB5910C56471065C21105BDB6 -- C:\PhysicalMBR.bin

< >

< *crack* /s >

< *keygen* /s >
[2003.11.23 00:00:00 | 000,049,152 | ---- | M] () -- \Documents and Settings\Konickovic\Plocha\fabia\VAG-zaloh\Vagcom Keygenerator\VagComKeyGen.exe
[2003.11.23 00:00:00 | 000,049,152 | ---- | M] () -- \Program Files\VAG-COM 304CZ\Vagcom Keygenerator\VagComKeyGen.exe

< *loader* /s >
[2007.10.23 08:07:44 | 000,000,232 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Nero\Nero8\OnlineServices\NOSWebConfig\MySpace\uploadError.xml
[2012.02.29 07:49:32 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.gif
[2012.02.29 07:49:32 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.png
[2011.03.20 17:12:29 | 000,000,857 | ---- | M] () -- \Documents and Settings\Konickovic\Plocha\fabia\USDownloader.lnk
[2012.05.01 23:57:30 | 000,047,568 | ---- | M] () -- \Program Files\Avira\AntiVir Desktop\avwebloader.dll
[2012.05.01 23:57:42 | 000,232,912 | ---- | M] () -- \Program Files\Avira\AntiVir Desktop\avwebloader.exe
[2012.05.01 23:59:06 | 001,715,152 | ---- | M] () -- \Program Files\Avira\AntiVir Desktop\avwebloadergui.dll
[2007.11.16 09:49:34 | 000,107,816 | ---- | M] () -- \Program Files\Common Files\Nero\Shared\NSCLoader.dll
[2009.10.06 06:08:30 | 000,145,082 | ---- | M] () -- \Program Files\HP\HP Photosmart 5510 series\Bin\HelpViewer\Resources\Loader.gif
[2012.02.07 04:04:12 | 000,101,606 | ---- | M] () -- \Program Files\Hry.cz\Eternal Journey New Atlantis Collectors Edition\DataLoc\Sounds\Music\Music_Loader.ogg
[2011.06.18 13:07:18 | 000,005,795 | ---- | M] () -- \Program Files\ICQ7.5\imApp\theme\IMAGES\XtraPreloader\loader.jpg
[2011.06.18 13:07:18 | 000,004,180 | ---- | M] () -- \Program Files\ICQ7.5\imApp\theme\IMAGES\XtraPreloader\zlango-preloader.png
[2011.06.18 13:07:18 | 000,005,520 | ---- | M] () -- \Program Files\ICQ7.5\imApp\theme\MUICoreLib\xtraLoader.swf
[2011.07.28 06:15:00 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.5\Xtraz\icq\content\icq_profile\preloader.html
[2011.06.18 13:08:15 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.5\Xtraz\icq\content\profile_forms\preloader.html
[2011.06.18 13:08:15 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.5\Xtraz\icq\content\profile_lightboxs\preloader.html
[2012.06.26 11:36:20 | 000,002,560 | ---- | M] () -- \Program Files\Nokia\Nokia PC Suite 7\Lang\MapLoader_cze.NLR
[2008.07.22 13:53:32 | 000,529,408 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\USDownloader.exe
[2008.11.06 19:05:22 | 000,000,506 | -HS- | M] () -- \Program Files\Ostatni\USDownloader135\USDownloader.exe.manifest
[2011.03.21 19:38:32 | 000,003,836 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\USDownloader.ini
[2011.03.21 19:37:52 | 012,436,590 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\USDownloader.log
[2011.03.21 19:38:32 | 000,004,497 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\USDownloader.lst
[2011.03.21 19:37:53 | 000,004,497 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\USDownloader.lst1.bak
[2011.03.21 19:09:17 | 000,004,455 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\USDownloader.lst2.bak
[2011.03.21 18:32:39 | 000,004,553 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\USDownloader.lst3.bak
[2011.03.21 17:58:17 | 000,004,553 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\USDownloader.lst4.bak
[2011.03.21 17:05:23 | 000,004,539 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\USDownloader.lst5.bak
[2011.03.21 16:31:07 | 000,004,539 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\USDownloader.lst6.bak
[2011.03.21 15:41:01 | 000,004,525 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\USDownloader.lst7.bak
[2011.03.21 15:06:33 | 000,004,525 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\USDownloader.lst8.bak
[2011.03.21 07:01:35 | 000,004,441 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\USDownloader.lst9.bak
[2011.02.18 21:13:48 | 000,015,737 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\Langs\USDownloader.ara.lng
[2011.02.18 21:13:50 | 000,017,772 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\Langs\USDownloader.bul.lng
[2007.06.14 14:02:10 | 000,018,268 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\Langs\USDownloader.cat.lng
[2011.02.18 21:13:50 | 000,013,529 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\Langs\USDownloader.chs.lng
[2011.03.21 19:38:02 | 000,016,996 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\Langs\USDownloader.cze.lng
[2011.02.18 21:13:50 | 000,017,527 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\Langs\USDownloader.de.lng
[2008.06.27 15:06:52 | 000,017,786 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\Langs\USDownloader.du.lng
[2007.06.14 14:03:14 | 000,017,427 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\Langs\USDownloader.ell.lng
[2008.06.24 23:56:06 | 000,016,557 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\Langs\USDownloader.eng.lng
[2008.04.20 01:05:08 | 000,019,089 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\Langs\USDownloader.fre.lng
[2008.06.23 21:04:40 | 000,019,156 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\Langs\USDownloader.hu.lng
[2007.06.19 13:48:14 | 000,017,335 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\Langs\USDownloader.it.lng
[2008.07.02 13:35:08 | 000,016,525 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\Langs\USDownloader.lit.lng
[2007.12.16 04:50:52 | 000,016,839 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\Langs\USDownloader.nor.lng
[2011.02.18 21:13:52 | 000,017,898 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\Langs\USDownloader.pl.lng
[2007.06.18 22:11:58 | 000,017,909 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\Langs\USDownloader.ptbr.lng
[2011.02.18 21:13:52 | 000,017,758 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\Langs\USDownloader.ro.lng
[2011.02.18 21:13:52 | 000,013,851 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\Langs\USDownloader.rus.lng
[2008.06.27 23:56:08 | 000,016,918 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\Langs\USDownloader.ser.lng
[2007.11.20 11:44:34 | 000,016,760 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\Langs\USDownloader.sk.lng
[2011.02.18 21:13:54 | 000,018,346 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\Langs\USDownloader.spa.lng
[2007.07.09 17:41:56 | 000,016,202 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\Langs\USDownloader.swe.lng
[2008.07.04 10:59:50 | 000,017,726 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\Langs\USDownloader.tr.lng
[2008.05.06 01:41:22 | 000,013,624 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\Langs\USDownloader.tw.lng
[2007.06.14 14:05:38 | 000,017,043 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\Langs\USDownloader.ukr.lng
[2011.02.18 21:12:56 | 000,034,304 | ---- | M] () -- \Program Files\Ostatni\USDownloader135\Plugins\SexUploader.plg
[2009.09.15 13:06:36 | 001,001,032 | ---- | M] () -- \WINDOWS\Downloaded Program Files\UploaderX.dll
[2008.04.14 07:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[1 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2008.04.14 07:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dllcache\dmloader.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 6144 bytes -> C:\WINDOWS\Cursors\arrow_n.cur:NEDTA.DAT
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:9F38BF31
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:371A321E
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:80A7A4A5
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:A8ADE5D8

< End of report >

Stormmaster · #11 Příspěvek od **Stormmaster** » 22 led 2013 06:12

OTL Extras logfile created on: 21.1.2013 23:51:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Konickovic\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,93 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 83,80% Memory free
4,77 Gb Paging File | 4,35 Gb Available in Paging File | 91,22% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 172,78 Gb Total Space | 121,38 Gb Free Space | 70,25% Space Free | Partition Type: NTFS
Drive E: | 292,98 Gb Total Space | 288,29 Gb Free Space | 98,40% Space Free | Partition Type: NTFS
Drive F: | 1,95 Gb Total Space | 1,95 Gb Free Space | 99,90% Space Free | Partition Type: FAT32

Computer Name: KONICKOVI | User Name: Konickovic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-117609710-343818398-1606980848-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe
"C:\Program Files\ICQ7.5\ICQ.exe" = C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\ICQ7.5\ICQ.exe" = C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:Instalace zařízení HP (HP Photosmart 5510 series) -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:Síťový komunikátor HP (HP Photosmart 5510 series) -- (Hewlett-Packard Co.)
"C:\Games\World_of_Tanks\WOTLauncher.exe" = C:\Games\World_of_Tanks\WOTLauncher.exe:*:Enabled:World of Tanks Launcher
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Documents and Settings\Konickovic\76968780866536342\winsvc.exe" = C:\Documents and Settings\Konickovic\76968780866536342\winsvc.exe:*:Enabled:Microsoft Windows Update
"C:\Documents and Settings\Konickovic\75439967573920484\winsvr.exe" = C:\Documents and Settings\Konickovic\75439967573920484\winsvr.exe:*:Enabled:Windows Service

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{423799F1-0BD5-4B2D-8BD6-2A49BCEA583B}" = Atheros Wireless LAN Client Adapter
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59046D29-2E6B-4224-BF0D-64F3E7A93F7B}" = LightScribe System Software 1.10.19.1
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{65A54DC3-5FF6-4C75-906E-3EA1A3B71029}" = Nero 8 Essentials
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6EF72FC6-842E-4FE6-BF88-BFBF03C9DA74}" = Windows Workflow Foundation CS Language Pack
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F947BFE-C2DF-4779-9909-5BEE746BD0C4}" = Microsoft .NET Framework 2.0 Language Pack - CSY
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = Software Bluetooth WIDCOMM
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E46C962-FC76-4B81-8C9D-76182E9625E5}" = Studie zlepšení produktu HP Photosmart 5510 series
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAB6D0F8-02B3-4E89-B24C-0BB153C21445}" = Windows Presentation Foundation Language Pack (CSY)
"{AC76BA86-7AD7-1029-7B44-A95000000001}" = Adobe Reader 9.5.2 - Czech
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2D1D296-C3B4-4B46-8587-EB4E154A117D}" = Základní software zařízení HP Photosmart 5510 series
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D8979435-753B-40AE-9318-5E712C160A71}" = Windows Communication Foundation Language Pack - CSY
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}" = HP Photosmart 5510 series Nápověda
"{E86E5246-AA7E-11D4-88C9-00105ADBE398}" = O&O Defrag 2000 Freeware Edition
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FB09515C-8E3E-4E0F-A1F2-032F38DEC185}" = Microsoft .NET Framework 3.0 Czech Language Pack
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Balíček ovladače systému Windows - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Balíček ovladače systému Windows - Nokia Modem (02/25/2011 7.01.0.9)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AutoDiagnostika_is1" = AutoDiagnostika
"Avira AntiVir Desktop" = Avira Free Antivirus
"BFG-SpongeBob SquarePants Typing" = SpongeBob SquarePants Typing
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Balíček ovladače systému Windows - Nokia Modem (02/25/2011 4.7)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photo Creations" = HP Photo Creations
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Klášter na kraji lesa" = Klášter na kraji lesa
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.7.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - CSY" = Microsoft .NET Framework 2.0 Language Pack - CSY
"Microsoft .NET Framework 3.0 Czech Language Pack" = Microsoft .NET Framework 3.0 Czech Language Pack
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 10.0 (x86 cs)" = Mozilla Firefox 10.0 (x86 cs)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nokia PC Suite" = Nokia PC Suite
"The Treasures Of Montezuma 3" = The Treasures Of Montezuma 3
"Věčná cesta: Nová Atlantida. Sběratelská edice" = Věčná cesta: Nová Atlantida. Sběratelská edice
"Winamp" = Winamp (Remove Only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = Archivátor WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-117609710-343818398-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"PhotoFiltre" = PhotoFiltre

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 21.1.2013 6:45:00 | Computer Name = KONICKOVI | Source = Application Error | ID = 1000
Description = Chybující aplikace communicator.exe, verze 0.0.0.0, chybující modul
communicator.exe, verze 0.0.0.0, adresa chyby 0x0000ee4d.

Error - 21.1.2013 7:45:00 | Computer Name = KONICKOVI | Source = Application Error | ID = 1000
Description = Chybující aplikace communicator.exe, verze 0.0.0.0, chybující modul
communicator.exe, verze 0.0.0.0, adresa chyby 0x0000ee4d.

Error - 21.1.2013 11:45:00 | Computer Name = KONICKOVI | Source = Application Error | ID = 1000
Description = Chybující aplikace communicator.exe, verze 0.0.0.0, chybující modul
communicator.exe, verze 0.0.0.0, adresa chyby 0x0000ee4d.

Error - 21.1.2013 12:45:02 | Computer Name = KONICKOVI | Source = Application Error | ID = 1000
Description = Chybující aplikace communicator.exe, verze 0.0.0.0, chybující modul
communicator.exe, verze 0.0.0.0, adresa chyby 0x0000ee4d.

Error - 21.1.2013 12:51:39 | Computer Name = KONICKOVI | Source = Application Error | ID = 1000
Description = Chybující aplikace avcenter.exe, verze 12.3.0.15, chybující modul
hhctrl.ocx, verze 5.2.3790.4110, adresa chyby 0x00013004.

Error - 21.1.2013 12:51:41 | Computer Name = KONICKOVI | Source = Application Error | ID = 1000
Description = Chybující aplikace avcenter.exe, verze 12.3.0.15, chybující modul
mfc100u.dll, verze 10.0.40219.325, adresa chyby 0x0014dc91.

Error - 21.1.2013 12:51:43 | Computer Name = KONICKOVI | Source = Application Error | ID = 1000
Description = Chybující aplikace avcenter.exe, verze 12.3.0.15, chybující modul
mfc100u.dll, verze 10.0.40219.325, adresa chyby 0x0014dc91.

Error - 21.1.2013 12:51:45 | Computer Name = KONICKOVI | Source = Application Error | ID = 1000
Description = Chybující aplikace avcenter.exe, verze 12.3.0.15, chybující modul
mfc100u.dll, verze 10.0.40219.325, adresa chyby 0x0014dc91.

Error - 21.1.2013 13:45:00 | Computer Name = KONICKOVI | Source = Application Error | ID = 1000
Description = Chybující aplikace communicator.exe, verze 0.0.0.0, chybující modul
communicator.exe, verze 0.0.0.0, adresa chyby 0x0000ee4d.

Error - 21.1.2013 16:57:33 | Computer Name = KONICKOVI | Source = Application Error | ID = 1000
Description = Chybující aplikace 5455471377.exe, verze 1.6.0.3, chybující modul
5455471377.exe, verze 1.6.0.3, adresa chyby 0x0000a0d7.

[ System Events ]
Error - 21.1.2013 17:40:15 | Computer Name = KONICKOVI | Source = Vyměnitelné úložiště | ID = 262255
Description = Službě RSM se nepodařilo načíst médium v jednotce Jednotka 0 knihovny
Generic Flash Disk USB Device.

Error - 21.1.2013 17:40:17 | Computer Name = KONICKOVI | Source = Vyměnitelné úložiště | ID = 262255
Description = Službě RSM se nepodařilo načíst médium v jednotce Jednotka 0 knihovny
Generic Flash Disk USB Device.

Error - 21.1.2013 17:42:33 | Computer Name = KONICKOVI | Source = Vyměnitelné úložiště | ID = 262255
Description = Službě RSM se nepodařilo načíst médium v jednotce Jednotka 0 knihovny
Generic Flash Disk USB Device.

Error - 21.1.2013 17:42:35 | Computer Name = KONICKOVI | Source = Vyměnitelné úložiště | ID = 262255
Description = Službě RSM se nepodařilo načíst médium v jednotce Jednotka 0 knihovny
Generic Flash Disk USB Device.

Error - 21.1.2013 17:44:21 | Computer Name = KONICKOVI | Source = Vyměnitelné úložiště | ID = 262255
Description = Službě RSM se nepodařilo načíst médium v jednotce Jednotka 0 knihovny
Generic Flash Disk USB Device.

Error - 21.1.2013 17:44:23 | Computer Name = KONICKOVI | Source = Vyměnitelné úložiště | ID = 262255
Description = Službě RSM se nepodařilo načíst médium v jednotce Jednotka 0 knihovny
Generic Flash Disk USB Device.

Error - 21.1.2013 17:45:46 | Computer Name = KONICKOVI | Source = Vyměnitelné úložiště | ID = 262255
Description = Službě RSM se nepodařilo načíst médium v jednotce Jednotka 0 knihovny
Generic Flash Disk USB Device.

Error - 21.1.2013 17:45:48 | Computer Name = KONICKOVI | Source = Vyměnitelné úložiště | ID = 262255
Description = Službě RSM se nepodařilo načíst médium v jednotce Jednotka 0 knihovny
Generic Flash Disk USB Device.

Error - 21.1.2013 18:40:47 | Computer Name = KONICKOVI | Source = SRService | ID = 104
Description = Proces inicializace nástroje Obnovení systému se nezdařil.

Error - 21.1.2013 18:41:11 | Computer Name = KONICKOVI | Source = Service Control Manager | ID = 7023
Description = Služba Služba obnovení systému byla ukončena s následující chybou:
%%2

< End of report >

#12 Příspěvek od **vyosek** » 22 led 2013 10:01

Vas log se studuje Obrázek

a pracuje se na nem Obrázek

.
Prosim o strpeni! Obrázek

#13 Příspěvek od **vyosek** » 22 led 2013 10:06

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\KONICK~1\LOCALS~1\Temp\catchme.sys -- (catchme)
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.avira.com/?l=dis&o=APN104 ... cale=en_CZ
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.avira.com/?l=dis&o=APN104 ... cale=en_CZ
IE - HKU\S-1-5-21-117609710-343818398-1606980848-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-117609710-343818398-1606980848-1003\..\SearchScopes\{07396E0B-1A74-4FD1-B016-247CF0E8DCBE}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^ABZ&apn_dtid=^YYYYYY^YY^CZ&apn_uid=1a1becef-b611-4937-8e9c-7922714ca3cf&apn_sauid=392EF814-2D5D-49C6-B1C8-71552FDDB9D4
IE - HKU\S-1-5-21-117609710-343818398-1606980848-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-117609710-343818398-1606980848-1003\..\SearchScopes\{E59A45FF-B5CF-4D7F-917D-4ED3166A78D6}: "URL" = http://search.freecause.com/search?ourm ... e=63009&p={searchTerms}
IE - HKU\S-1-5-21-117609710-343818398-1606980848-1003\..\URLSearchHook: - No CLSID value found
FF - prefs.js..browser.search.defaultthis.engineName: "Mario Forever Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q="
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
[2012.07.26 16:16:26 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.11.17 19:25:44 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\askcom.xml
[2010.01.20 12:14:04 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\conduit.xml
[2013.01.19 20:57:24 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-1.xml
[2011.06.18 19:56:18 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-10.xml
[2011.06.27 19:32:49 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-11.xml
[2011.08.18 19:13:57 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-12.xml
[2011.09.04 07:55:29 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-13.xml
[2011.09.07 17:17:04 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-14.xml
[2011.10.01 20:06:41 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-15.xml
[2011.11.10 15:09:07 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-16.xml
[2012.01.02 20:31:44 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-17.xml
[2012.02.02 18:29:52 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-18.xml
[2012.02.12 11:53:44 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-19.xml
[2010.10.21 15:44:07 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-2.xml
[2012.02.18 13:56:36 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-20.xml
[2012.03.07 20:25:30 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-21.xml
[2012.03.07 20:26:36 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-22.xml
[2010.10.29 15:45:47 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-3.xml
[2010.12.01 19:15:17 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-4.xml
[2011.01.09 20:58:13 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-5.xml
[2011.03.08 20:33:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-6.xml
[2011.03.24 09:25:36 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-7.xml
[2011.04.30 17:36:53 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-8.xml
[2011.05.06 08:28:24 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-9.xml
[2012.07.24 13:48:30 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin.gif
[2012.07.24 13:48:30 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin.src
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin.xml
[2010.10.01 20:33:51 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\search-the-web.xml
[2010.08.12 12:12:24 | 000,005,529 | ---- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\SearchquWebSearch.xml
[2010.01.09 18:58:14 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
O3 - HKU\S-1-5-21-117609710-343818398-1606980848-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-117609710-343818398-1606980848-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2013.01.21 21:56:00 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Konickovic\Data aplikací\winsvcns.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[17 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[4 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
@Alternate Data Stream - 6144 bytes -> C:\WINDOWS\Cursors\arrow_n.cur:NEDTA.DAT
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:9F38BF31
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:371A321E
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:80A7A4A5
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:A8ADE5D8

:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Konickovic\76968780866536342\winsvc.exe"=-
"C:\Documents and Settings\Konickovic\75439967573920484\winsvr.exe"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=-
"Adobe ARM"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"3167"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=-
"Skype"=-
"PC Suite Tray"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

:files
C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msauajvfv.exe
C:\Documents and Settings\Konickovic\76968780866536342
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Stormmaster · #14 Příspěvek od **Stormmaster** » 22 led 2013 10:36

All processes killed
========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\KONICK~1\LOCALS~1\Temp\catchme.sys not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-117609710-343818398-1606980848-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-117609710-343818398-1606980848-1003\Software\Microsoft\Internet Explorer\SearchScopes\{07396E0B-1A74-4FD1-B016-247CF0E8DCBE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07396E0B-1A74-4FD1-B016-247CF0E8DCBE}\ not found.
Registry key HKEY_USERS\S-1-5-21-117609710-343818398-1606980848-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-117609710-343818398-1606980848-1003\Software\Microsoft\Internet Explorer\SearchScopes\{E59A45FF-B5CF-4D7F-917D-4ED3166A78D6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E59A45FF-B5CF-4D7F-917D-4ED3166A78D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-117609710-343818398-1606980848-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Prefs.js: "Mario Forever Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.icq.com/search/afe_result ... r=1.2.9&q=" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "http://search.icq.com/search/afe_result ... r=1.5.3&q=" removed from keyword.URL
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\askcom.xml moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\conduit.xml moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-14.xml moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-15.xml moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-16.xml moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-17.xml moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-18.xml moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-19.xml moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-20.xml moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-21.xml moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-22.xml moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin.gif moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin.src moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\icqplugin.xml moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\search-the-web.xml moved successfully.
C:\Documents and Settings\Konickovic\Data aplikací\Mozilla\Firefox\Profiles\q9t4usxt.default\searchplugins\SearchquWebSearch.xml moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
Registry value HKEY_USERS\S-1-5-21-117609710-343818398-1606980848-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-117609710-343818398-1606980848-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Documents and Settings\Konickovic\Data aplikací\winsvcns.sys moved successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10B.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10C.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP12B.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP12D.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP140.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15A.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP178.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP179.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP193.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1B2.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1E0.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP22E.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP23.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP243.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP63.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP70.tmp\System.ServiceModel.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP70.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP78.tmp folder deleted successfully.
C:\WINDOWS\Installer\MSI254.tmp deleted successfully.
C:\WINDOWS\Installer\MSI25B.tmp deleted successfully.
C:\WINDOWS\Installer\MSI3F.tmp deleted successfully.
C:\WINDOWS\Installer\MSI9C.tmp deleted successfully.
C:\WINDOWS\system32\CONFIG.TMP deleted successfully.
ADS C:\WINDOWS\Cursors\arrow_n.cur:NEDTA.DAT deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:9F38BF31 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:371A321E deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:80A7A4A5 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:A8ADE5D8 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Konickovic\76968780866536342\winsvc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Konickovic\75439967573920484\winsvr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\3167 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Skype deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PC Suite Tray deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck\ deleted successfully.
========== FILES ==========
C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msauajvfv.exe moved successfully.
File\Folder C:\Documents and Settings\Konickovic\76968780866536342 not found.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->FireFox cache emptied: 38313345 bytes
->Flash cache emptied: 507 bytes

User: All Users
->Temp folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 18142124 bytes

User: Konickovic
->Temp folder emptied: 1313648 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 60389110 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2050 bytes

User: LocalService
->Temp folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8827 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 278228972 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 378,00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Konickovic
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Konickovic
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01222013_102052

Files\Folders moved on Reboot...
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
C:\WINDOWS\temp\hlktmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#15 Příspěvek od **vyosek** » 22 led 2013 10:58

Fajn, jak se chova PC

VIRY.CZ

Prosim o kontrolu logu - vir pres Skype

Prosim o kontrolu logu - vir pres Skype

Re: Prosim o kontrolu logu - vir pres Skype

Re: Prosim o kontrolu logu - vir pres Skype

Re: Prosim o kontrolu logu - vir pres Skype

Re: Prosim o kontrolu logu - vir pres Skype

Re: Prosim o kontrolu logu - vir pres Skype

Re: Prosim o kontrolu logu - vir pres Skype

Re: Prosim o kontrolu logu - vir pres Skype

Re: Prosim o kontrolu logu - vir pres Skype

Re: Prosim o kontrolu logu - vir pres Skype

Re: Prosim o kontrolu logu - vir pres Skype

Re: Prosim o kontrolu logu - vir pres Skype

Re: Prosim o kontrolu logu - vir pres Skype

Re: Prosim o kontrolu logu - vir pres Skype

Re: Prosim o kontrolu logu - vir pres Skype