Prosím o kontrolu logu Vyřešeno

[xborisek]

ComboFix 13-11-27.01 - Pavla 28.11.2013 13:19:17.9.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.393 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pavla\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-28 do 2013-11-28 )))))))))))))))))))))))))))))))
.
.
2013-11-27 12:59 . 2013-11-27 13:19 -------- d-----w- c:\program files\WhoCrashed
2013-11-25 13:54 . 2013-11-25 21:17 -------- d-----w- C:\AdwCleaner
2013-11-06 18:35 . 2013-11-06 18:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2013-11-06 18:34 . 2013-11-06 18:34 -------- d-----w- c:\program files\IObit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-08 21:24 . 2011-11-15 19:20 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 21:23 . 2013-10-08 21:23 17813896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-10-02 19:44 . 2013-10-02 19:44 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-02 19:44 . 2013-10-02 19:44 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-02 19:44 . 2012-09-18 17:09 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-10-02 19:44 . 2012-09-18 17:09 790440 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"XCPSPSP"="c:\program files\Xerox Office Printing\PrintingScout\XCPSPZ.EXE" [2010-09-26 1097791]
"XCQLU"="c:\program files\Xerox Office Printing\Printer Software\XCQLUZ.EXE" [2010-10-11 974848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [25.8.2013 12:41 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [25.8.2013 12:41 177864]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [27.9.2013 13:25 21576]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [25.8.2013 12:41 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25.8.2013 12:41 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.8.2013 12:41 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [25.8.2013 12:41 66336]
R2 XCPSPWD;Xerox PrintingScout Status Watcher;c:\program files\Xerox Office Printing\PrintingScout\XCPWDN.EXE [9.2.2013 19:04 110660]
R2 XCPSSDB;Xerox PrintingScout Status Database;c:\program files\Xerox Office Printing\PrintingScout\XCSDBN.EXE [9.2.2013 19:04 221253]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
oraclesnmppeerencapsulator
zpjava
avgcoresvc
Ndismeetro
s716obex
NICSer_WPC300N
HssTrayService
usnsvc
appdrv
s716mgmt
M2500
se44unic
UDFReadr
camdrl
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-28 21:24]
.
2013-11-28 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-25 07:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-28 13:27
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2013-11-28 13:29:45
ComboFix-quarantined-files.txt 2013-11-28 12:29
.
Před spuštěním: Volných bajtů: 14 749 151 232
Po spuštění: Volných bajtů: 14 766 575 616
.
- - End Of File - - 652B218E23A2B55A6A6D9B8CCE1582A8
413FC2A0C716421B3158746D63736515

[Reklama]

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::

Driver::
avgcoresvc

NetSvcs::
avgcoresvc

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[xborisek]

ComboFix 13-12-01.01 - Pavla 02.12.2013 22:47:50.10.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.490 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pavla\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pavla\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-02 do 2013-12-02 )))))))))))))))))))))))))))))))
.
.
2013-11-29 09:19 . 2013-11-29 09:20 -------- d-----w- c:\documents and settings\Pavla\Data aplikací\Media Player Classic
2013-11-27 12:59 . 2013-11-27 13:19 -------- d-----w- c:\program files\WhoCrashed
2013-11-25 13:54 . 2013-11-25 21:17 -------- d-----w- C:\AdwCleaner
2013-11-06 18:35 . 2013-11-06 18:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2013-11-06 18:34 . 2013-11-06 18:34 -------- d-----w- c:\program files\IObit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-08 21:24 . 2011-11-15 19:20 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 21:23 . 2013-10-08 21:23 17813896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-10-02 19:44 . 2013-10-02 19:44 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-02 19:44 . 2013-10-02 19:44 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-02 19:44 . 2012-09-18 17:09 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-10-02 19:44 . 2012-09-18 17:09 790440 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"XCPSPSP"="c:\program files\Xerox Office Printing\PrintingScout\XCPSPZ.EXE" [2010-09-26 1097791]
"XCQLU"="c:\program files\Xerox Office Printing\Printer Software\XCQLUZ.EXE" [2010-10-11 974848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [25.8.2013 12:41 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [25.8.2013 12:41 177864]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [27.9.2013 13:25 21576]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [25.8.2013 12:41 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25.8.2013 12:41 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.8.2013 12:41 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [25.8.2013 12:41 66336]
R2 XCPSPWD;Xerox PrintingScout Status Watcher;c:\program files\Xerox Office Printing\PrintingScout\XCPWDN.EXE [9.2.2013 19:04 110660]
R2 XCPSSDB;Xerox PrintingScout Status Database;c:\program files\Xerox Office Printing\PrintingScout\XCSDBN.EXE [9.2.2013 19:04 221253]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
oraclesnmppeerencapsulator
zpjava
avgcoresvc
Ndismeetro
s716obex
NICSer_WPC300N
HssTrayService
usnsvc
appdrv
s716mgmt
M2500
se44unic
UDFReadr
camdrl
.
Obsah adresáře 'Naplánované úlohy'
.
2013-12-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-28 21:24]
.
2013-12-02 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-25 07:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-02 22:58
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3556)
c:\windows\system32\msi.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Celkový čas: 2013-12-02 23:02:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-12-02 22:02
ComboFix2.txt 2013-11-28 12:29
.
Před spuštěním: Volných bajtů: 13 396 369 408
Po spuštění: Volných bajtů: 13 582 032 896
.
- - End Of File - - B30D2AF7286EA87C576A005B968E4ADC
413FC2A0C716421B3158746D63736515

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:04:58, on 2.12.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Xerox Office Printing\PrintingScout\XCSDBN.EXE
C:\Program Files\Xerox Office Printing\PrintingScout\XCPWDN.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Xerox Office Printing\PrintingScout\XCPSPZ.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Pavla\Plocha\HiJackThis.exe
C:\WINDOWS\system32\wscntfy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [XCPSPSP] "C:\Program Files\Xerox Office Printing\PrintingScout\XCPSPZ.EXE"
O4 - HKLM\..\Run: [XCQLU] "C:\Program Files\Xerox Office Printing\Printer Software\XCQLUZ.EXE" /S
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Unknown owner - C:\Program Files\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe
O23 - Service: Xerox PrintingScout Status Watcher (XCPSPWD) - Xerox Corporation - C:\Program Files\Xerox Office Printing\PrintingScout\XCPWDN.EXE
O23 - Service: Xerox PrintingScout Status Database (XCPSSDB) - Xerox Corporation - C:\Program Files\Xerox Office Printing\PrintingScout\XCSDBN.EXE

--
End of file - 6321 bytes


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-02 23:06:27
-----------------------------
23:06:27.890 OS Version: Windows 5.1.2600 Service Pack 3
23:06:27.890 Number of processors: 2 586 0x209
23:06:27.890 ComputerName: PAVLA01 UserName: Pavla
23:06:28.671 Initialize success
23:06:32.234 AVAST engine defs: 13120202
23:07:11.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
23:07:11.953 Disk 0 Vendor: WDC_WD1200JB-00CRA1 17.07W17 Size: 114473MB BusType: 3
23:07:11.984 Disk 0 MBR read successfully
23:07:11.984 Disk 0 MBR scan
23:07:11.984 Disk 0 Windows XP default MBR code
23:07:11.984 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 39001 MB offset 63
23:07:12.000 Disk 0 Partition - 00 0F Extended LBA 75469 MB offset 79875180
23:07:12.015 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 75469 MB offset 79875243
23:07:12.046 Disk 0 scanning sectors +234436545
23:07:12.078 Disk 0 scanning C:\WINDOWS\system32\drivers
23:07:21.000 Service scanning
23:07:34.140 Modules scanning
23:07:39.640 Disk 0 trace - called modules:
23:07:39.656 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
23:07:39.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fd4ab8]
23:07:39.656 3 CLASSPNP.SYS[f756efd7] -> nt!IofCallDriver -> \Device\0000005c[0x82fe93b0]
23:07:39.656 5 ACPI.sys[f74e5620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82f80940]
23:07:39.812 AVAST engine scan C:\WINDOWS
23:07:44.593 AVAST engine scan C:\WINDOWS\system32
23:10:00.812 AVAST engine scan C:\WINDOWS\system32\drivers
23:10:12.828 AVAST engine scan C:\Documents and Settings\Pavla
23:16:55.562 AVAST engine scan C:\Documents and Settings\All Users
23:18:32.890 Scan finished successfully
23:18:57.078 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Pavla\Plocha\MBR.dat"
23:18:57.078 The log file has been saved successfully to "C:\Documents and Settings\Pavla\Plocha\aswMBR.txt"

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

Ten script V Combofixu udělej znovu v nouz. režimu.

[xborisek]

ComboFix 13-12-01.01 - Pavla 04.12.2013 18:50:50.11.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.493 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pavla\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pavla\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-04 do 2013-12-04 )))))))))))))))))))))))))))))))
.
.
2013-11-29 09:19 . 2013-11-29 09:20 -------- d-----w- c:\documents and settings\Pavla\Data aplikací\Media Player Classic
2013-11-27 12:59 . 2013-11-27 13:19 -------- d-----w- c:\program files\WhoCrashed
2013-11-25 13:54 . 2013-11-25 21:17 -------- d-----w- C:\AdwCleaner
2013-11-06 18:35 . 2013-11-06 18:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2013-11-06 18:34 . 2013-11-06 18:34 -------- d-----w- c:\program files\IObit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-08 21:24 . 2011-11-15 19:20 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 21:23 . 2013-10-08 21:23 17813896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-10-02 19:44 . 2013-10-02 19:44 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-02 19:44 . 2013-10-02 19:44 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-02 19:44 . 2012-09-18 17:09 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-10-02 19:44 . 2012-09-18 17:09 790440 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"XCPSPSP"="c:\program files\Xerox Office Printing\PrintingScout\XCPSPZ.EXE" [2010-09-26 1097791]
"XCQLU"="c:\program files\Xerox Office Printing\Printer Software\XCQLUZ.EXE" [2010-10-11 974848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [25.8.2013 12:41 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [25.8.2013 12:41 177864]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [27.9.2013 13:25 21576]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [25.8.2013 12:41 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25.8.2013 12:41 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.8.2013 12:41 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [25.8.2013 12:41 66336]
R2 XCPSPWD;Xerox PrintingScout Status Watcher;c:\program files\Xerox Office Printing\PrintingScout\XCPWDN.EXE [9.2.2013 19:04 110660]
R2 XCPSSDB;Xerox PrintingScout Status Database;c:\program files\Xerox Office Printing\PrintingScout\XCSDBN.EXE [9.2.2013 19:04 221253]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
oraclesnmppeerencapsulator
zpjava
avgcoresvc
Ndismeetro
s716obex
NICSer_WPC300N
HssTrayService
usnsvc
appdrv
s716mgmt
M2500
se44unic
UDFReadr
camdrl
.
Obsah adresáře 'Naplánované úlohy'
.
2013-12-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-28 21:24]
.
2013-12-04 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-25 07:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-04 19:01
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2196)
c:\windows\system32\msi.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2013-12-04 19:05:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-12-04 18:05
ComboFix2.txt 2013-12-02 22:03
ComboFix3.txt 2013-11-28 12:29
.
Před spuštěním: Volných bajtů: 14 087 475 200
Po spuštění: Volných bajtů: 13 278 846 976
.
- - End Of File - - 72C8DD92C97D4AFD2AB1D67B45DA23B7
413FC2A0C716421B3158746D63736515

[jaro3]

Nemáš málo volného místa na disku?

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.

[xborisek]

OTL logfile created on: 7.12.2013 21:12:36 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Pavla\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

767,48 Mb Total Physical Memory | 320,05 Mb Available Physical Memory | 41,70% Memory free
1,83 Gb Paging File | 1,41 Gb Available in Paging File | 77,07% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38,09 Gb Total Space | 20,45 Gb Free Space | 53,70% Space Free | Partition Type: NTFS
Drive D: | 73,70 Gb Total Space | 37,99 Gb Free Space | 51,54% Space Free | Partition Type: NTFS
Drive E: | 122,90 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: PAVLA01 | User Name: Pavla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Pavla\Plocha\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Xerox Office Printing\PrintingScout\XCSDBN.EXE (Xerox Corporation)
PRC - C:\Program Files\Xerox Office Printing\PrintingScout\XCPWDN.EXE (Xerox Corporation)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\13120601\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\13120600\algo.dll ()
MOD - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
MOD - C:\Program Files\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe ()
MOD - C:\Program Files\WinRAR\rarlng.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\system32\nvapi.dll ()


========== Services (SafeList) ==========

SRV - (UDFReadr) -- %systemroot%\system32\msfwsvc.dll File not found
SRV - (se44unic) -- %systemroot%\system32\starwindserviceae.dll File not found
SRV - (s716obex) -- %systemroot%\system32\procdd.dll File not found
SRV - (s716mgmt) -- %systemroot%\system32\acmservice.dll File not found
SRV - (Ndismeetro) -- %systemroot%\system32\cxpt_service.dll File not found
SRV - (M2500) -- %systemroot%\system32\igniteservice.exe.dll File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (camdrl) -- %systemroot%\system32\w800mdm.dll File not found
SRV - (avgcoresvc) -- %systemroot%\system32\idebusdr.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (XCPSSDB) -- C:\Program Files\Xerox Office Printing\PrintingScout\XCSDBN.EXE (Xerox Corporation)
SRV - (XCPSPWD) -- C:\Program Files\Xerox Office Printing\PrintingScout\XCPWDN.EXE (Xerox Corporation)
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (RalinkRegistryWriter) -- C:\Program Files\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe ()


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (dwshd) -- C:\WINDOWS\System32\drivers\dwshd.sys File not found
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswKbd) -- C:\WINDOWS\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0A4019A8-0FD7-4DA9-A53A-D71C8AFB02D5}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0A4019A8-0FD7-4DA9-A53A-D71C8AFB02D5}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA%402020Technologies.com:5.0.93.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.09.27 13:24:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.11.19 19:29:10 | 000,000,000 | ---D | M]

[2009.12.24 01:34:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Extensions
[2009.12.24 01:34:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2013.09.27 13:19:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions
[2010.05.02 13:47:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash
[2011.12.11 21:18:21 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions\2020Player_IKEA@2020Technologies.com
[2013.12.03 20:11:21 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\searchplugins\icqplugin-16.xml
[2011.10.15 20:27:03 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\searchplugins\icqplugin-17.xml
[2011.11.09 12:26:06 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\searchplugins\icqplugin-18.xml
[2013.11.19 19:29:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.11.19 19:29:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.11.19 19:29:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PAVLA\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\OZIA5CZ1.DEFAULT\EXTENSIONS\2020PLAYER_IKEA@2020TECHNOLOGIES.COM
[2003.07.15 05:56:52 | 000,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2013.09.26 19:00:39 | 000,208,760 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2011.09.16 13:37:48 | 000,002,216 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml

O1 HOSTS File: ([2013.12.04 19:01:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [XCPSPSP] C:\Program Files\Xerox Office Printing\PrintingScout\XCPSPZ.EXE (Xerox Corporation)
O4 - HKLM..\Run: [XCQLU] C:\Program Files\Xerox Office Printing\Printer Software\XCQLUZ.EXE (Xerox Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.40.2)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.40.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99973978-10F2-4502-9658-B700F82434CA}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDA471CD-C897-42EB-AEDE-AD017C894C36}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.24 01:07:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006.07.28 07:51:42 | 000,000,039 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.12.07 20:50:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Pavla\Recent
[2013.12.06 22:44:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pavla\Plocha\OTL.exe
[2013.12.06 22:41:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.12.06 22:25:51 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2013.12.05 14:51:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pavla\Dokumenty\ZPS14
[2013.12.05 14:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pavla\Plocha\platno
[2013.12.04 18:59:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013.11.29 10:19:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pavla\Data aplikací\Media Player Classic
[2013.11.27 13:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2013.11.25 14:54:09 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.11.25 13:23:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pavla\Plocha\Nová složka
[2013.11.19 19:29:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013.12.07 21:03:14 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013.12.07 21:03:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.12.07 21:02:54 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013.12.07 21:02:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.12.07 21:02:40 | 804,835,328 | -HS- | M] () -- C:\hiberfil.sys
[2013.12.07 21:02:40 | 000,228,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.12.07 20:52:55 | 000,016,918 | ---- | M] () -- C:\Documents and Settings\Pavla\Dokumenty\cc_20131207_205221.reg
[2013.12.07 11:23:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.12.06 22:44:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pavla\Plocha\OTL.exe
[2013.12.06 14:09:22 | 000,002,561 | ---- | M] () -- C:\Documents and Settings\Pavla\Plocha\Microsoft Office Word 2003.lnk
[2013.12.04 19:01:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.12.01 19:45:47 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Pavla\Local Settings\Data aplikací\SRDownloader.nast
[2013.11.28 20:22:01 | 000,019,666 | ---- | M] () -- C:\Documents and Settings\Pavla\Local Settings\Data aplikací\SRDownloader.err
[2013.11.24 20:36:11 | 000,276,524 | ---- | M] () -- C:\Documents and Settings\Pavla\Dokumenty\cc_20131124_203208.reg

========== Files Created - No Company Name ==========

[2013.12.07 20:52:24 | 000,016,918 | ---- | C] () -- C:\Documents and Settings\Pavla\Dokumenty\cc_20131207_205221.reg
[2013.12.04 19:01:00 | 804,835,328 | -HS- | C] () -- C:\hiberfil.sys
[2013.11.24 20:32:13 | 000,276,524 | ---- | C] () -- C:\Documents and Settings\Pavla\Dokumenty\cc_20131124_203208.reg
[2013.08.29 20:16:36 | 000,162,304 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2013.08.25 12:41:36 | 000,177,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013.08.25 12:41:35 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013.08.15 06:15:45 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013.08.15 06:15:45 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013.08.15 06:15:45 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2012.10.03 13:50:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.08.05 14:02:46 | 000,000,043 | ---- | C] () -- C:\WINDOWS\hpfccopy.INI
[2012.06.26 15:37:12 | 000,141,255 | ---- | C] () -- C:\WINDOWS\hpgins30.dat
[2012.06.26 15:37:12 | 000,000,149 | ---- | C] () -- C:\WINDOWS\hpgmdl30.dat
[2011.10.19 20:02:45 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Pavla\Local Settings\Data aplikací\SRDownloader.nast
[2011.10.19 20:01:40 | 000,019,666 | ---- | C] () -- C:\Documents and Settings\Pavla\Local Settings\Data aplikací\SRDownloader.err
[2009.12.30 15:26:09 | 000,130,560 | ---- | C] () -- C:\Documents and Settings\Pavla\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2013.08.17 10:48:44 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009.10.29 06:26:44 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011.11.15 10:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ashampoo
[2013.08.25 12:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2011.11.18 19:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVG10
[2011.05.08 11:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avg9
[2011.11.20 20:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Canneverbe Limited
[2011.03.15 20:35:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\Common Files
[2010.04.02 13:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\FarmFrenzy-PizzaParty
[2013.08.11 12:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2013.11.06 19:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IObit
[2011.07.08 16:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\KASTNER software
[2011.11.18 19:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MFAData
[2013.11.24 17:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Skyline
[2013.03.30 23:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2012.12.10 23:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\tmp
[2012.01.23 19:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TP-LINK Driver
[2012.09.15 21:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Zoner
[2012.02.19 17:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavla\Data aplikací\602Installer
[2012.02.19 17:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavla\Data aplikací\602XML
[2011.11.15 10:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavla\Data aplikací\Ashampoo
[2011.11.20 20:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavla\Data aplikací\Canneverbe Limited
[2009.12.24 01:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavla\Data aplikací\GHISLER
[2011.03.09 19:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavla\Data aplikací\ICQ
[2013.09.15 19:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavla\Data aplikací\Image Zone Express
[2011.07.08 16:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavla\Data aplikací\Kastner software
[2009.12.24 01:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavla\Data aplikací\OpenOffice.org
[2012.06.27 20:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavla\Data aplikací\Printer Info Cache
[2013.01.19 21:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavla\Data aplikací\Zoner

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\drivers\serial.sys:SummaryInformation
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D1B5B4F1

< End of report >

[xborisek]

OTL Extras logfile created on: 7.12.2013 21:12:36 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Pavla\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

767,48 Mb Total Physical Memory | 320,05 Mb Available Physical Memory | 41,70% Memory free
1,83 Gb Paging File | 1,41 Gb Available in Paging File | 77,07% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38,09 Gb Total Space | 20,45 Gb Free Space | 53,70% Space Free | Partition Type: NTFS
Drive D: | 73,70 Gb Total Space | 37,99 Gb Free Space | 51,54% Space Free | Partition Type: NTFS
Drive E: | 122,90 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: PAVLA01 | User Name: Pavla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE prezentace fotografií] -- "C:\Program Files\dm\dm paradies foto 3\CEWE prezentace fotografií.exe" -d "%1" ()
Directory [dm paradies foto 3] -- "C:\Program Files\dm\dm paradies foto 3\dm paradies foto 3.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\ICQ7.1\ICQ.exe" = C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1
"C:\Program Files\ICQ7.1\aolload.exe" = C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\plugin-container.exe" = C:\Program Files\Mozilla Firefox\plugin-container.exe:*:Disabled:Plugin Container for Firefox -- (Mozilla Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player -- (Microsoft Corporation)
"C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:Windows® installer -- (Microsoft Corporation)
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" = C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe:*:Enabled:Adobe Reader and Acrobat Manager -- (Adobe Systems Incorporated)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{05793354-0E04-4048-81E0-274B91C510EC}" = Software pro tiskárnu Xerox
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF78023-EFA4-491F-9F5A-284DE97AA326}" = TL-WN321G Wireless Utility
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{492BBE30-E09E-4663-825D-A20DFC45CA1E}" = hpg2710QFolder
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FFC1B30-70CE-11D5-A8B2-000374890932}" = aladin
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAF5ED3-20C3-47B5-8CE0-CF82D4BE7AAD}" = OpenOffice.org 3.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.05) - Czech
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C4A0C307-053A-4335-8B28-60E901DB1029}" = Nero 7 Essentials
"{CEC0C2C2-921F-4EB8-8D7E-4F2F03ED02AA}" = ScannerCopy
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F370BB9F-704A-4886-807B-F6CA31AF8D38}" = hpg2710
"{F4158BB4-98FA-4ad5-A0FE-3913A0714A44}" = HP Scanjet G2710 9.0
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"aTube Catcher" = aTube Catcher
"avast" = avast! Free Antivirus
"dm paradies foto 3" = dm paradies foto 3
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOCR" = HP OCR Software 9.0
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 25.0.1 (x86 cs)" = Mozilla Firefox 25.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MS Video Player Components" = MS Video Player Components
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"Totalcmd" = Total Commander (Remove or Repair)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZonerPhotoStudio14_EN_is1" = Zoner Photo Studio 14 FREE

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 19.7.2013 13:49:01 | Computer Name = PAVLA01 | Source = MPSampleSubmission | ID = 5000
Description =

Error - 11.8.2013 8:23:32 | Computer Name = PAVLA01 | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.


Error - 11.8.2013 8:23:32 | Computer Name = PAVLA01 | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.


Error - 18.8.2013 7:37:05 | Computer Name = PAVLA01 | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 26.8.2013 9:33:12 | Computer Name = PAVLA01 | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
se nezdařilo. Chyba: A connection with the server could not be established

Error - 26.8.2013 9:33:17 | Computer Name = PAVLA01 | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
se nezdařilo. Chyba: A connection with the server could not be established

Error - 2.12.2013 17:53:47 | Computer Name = PAVLA01 | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
se nezdařilo. Chyba: A connection with the server could not be established

Error - 2.12.2013 17:53:51 | Computer Name = PAVLA01 | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
se nezdařilo. Chyba: A connection with the server could not be established

Error - 4.12.2013 13:57:14 | Computer Name = PAVLA01 | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
se nezdařilo. Chyba: The server name or address could not be resolved

Error - 4.12.2013 13:57:19 | Computer Name = PAVLA01 | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
se nezdařilo. Chyba: The server name or address could not be resolved

[ System Events ]
Error - 7.12.2013 16:02:58 | Computer Name = PAVLA01 | Source = Service Control Manager | ID = 7023
Description = Služba Ownershipprotocol byla ukončena s následující chybou: %%126

Error - 7.12.2013 16:02:58 | Computer Name = PAVLA01 | Source = Service Control Manager | ID = 7023
Description = Služba Pwd_2K byla ukončena s následující chybou: %%126

Error - 7.12.2013 16:02:58 | Computer Name = PAVLA01 | Source = Service Control Manager | ID = 7023
Description = Služba Soma byla ukončena s následující chybou: %%126

Error - 7.12.2013 16:02:58 | Computer Name = PAVLA01 | Source = Service Control Manager | ID = 7023
Description = Služba Se45nd5 byla ukončena s následující chybou: %%2

Error - 7.12.2013 16:02:58 | Computer Name = PAVLA01 | Source = Service Control Manager | ID = 7023
Description = Služba Vmkbd byla ukončena s následující chybou: %%126

Error - 7.12.2013 16:02:58 | Computer Name = PAVLA01 | Source = Service Control Manager | ID = 7023
Description = Služba Unlockerdriver5 byla ukončena s následující chybou: %%126

Error - 7.12.2013 16:02:58 | Computer Name = PAVLA01 | Source = Service Control Manager | ID = 7023
Description = Služba ZTEusbser6k byla ukončena s následující chybou: %%126

Error - 7.12.2013 16:02:58 | Computer Name = PAVLA01 | Source = Service Control Manager | ID = 7023
Description = Služba Logmein byla ukončena s následující chybou: %%126

Error - 7.12.2013 16:02:58 | Computer Name = PAVLA01 | Source = Service Control Manager | ID = 7023
Description = Služba Agpcpq byla ukončena s následující chybou: %%2

Error - 7.12.2013 16:02:58 | Computer Name = PAVLA01 | Source = Service Control Manager | ID = 7023
Description = Služba KMW_USB byla ukončena s následující chybou: %%2


< End of report >

[xborisek]

Na jednom disku mám 20 GB volnýho místa a na druhým 38 GB, tak myslím, že to není málo.

[jaro3]

OK.

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
SRV - (UDFReadr) -- %systemroot%\system32\msfwsvc.dll File not found
SRV - (se44unic) -- %systemroot%\system32\starwindserviceae.dll File not found
SRV - (s716obex) -- %systemroot%\system32\procdd.dll File not found
SRV - (s716mgmt) -- %systemroot%\system32\acmservice.dll File not found
SRV - (Ndismeetro) -- %systemroot%\system32\cxpt_service.dll File not found
SRV - (M2500) -- %systemroot%\system32\igniteservice.exe.dll File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (camdrl) -- %systemroot%\system32\w800mdm.dll File not found
SRV - (avgcoresvc) -- %systemroot%\system32\idebusdr.dll File not found
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (dwshd) -- C:\WINDOWS\System32\drivers\dwshd.sys File not found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0A4019A8-0FD7-4DA9-A53A-D71C8AFB02D5}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0A4019A8-0FD7-4DA9-A53A-D71C8AFB02D5}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll File not found
[2009.12.24 01:34:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Extensions
[2009.12.24 01:34:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2013.09.27 13:19:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions
[2010.05.02 13:47:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash
[2013.11.19 19:29:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.11.19 19:29:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2011.09.16 13:37:48 | 000,002,216 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O32 - AutoRun File - [2006.07.28 07:51:42 | 000,000,039 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D1B5B4F1

:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
C:\WINDOWS\system32\DUMP*.tmp
c:\windows\Tasks\*.job /s
C:\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\32788R22FWJFW
C:\Documents and Settings\Pavla\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Documents and Settings\All Users\Data aplikací\AVG10
C:\Documents and Settings\All Users\Data aplikací\avg9

:Reg
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" =-

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

[xborisek]

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
Service UDFReadr stopped successfully!
Service UDFReadr deleted successfully!
File %systemroot%\system32\msfwsvc.dll File not found not found.
Service se44unic stopped successfully!
Service se44unic deleted successfully!
File %systemroot%\system32\starwindserviceae.dll File not found not found.
Service s716obex stopped successfully!
Service s716obex deleted successfully!
File %systemroot%\system32\procdd.dll File not found not found.
Service s716mgmt stopped successfully!
Service s716mgmt deleted successfully!
File %systemroot%\system32\acmservice.dll File not found not found.
Service Ndismeetro stopped successfully!
Service Ndismeetro deleted successfully!
File %systemroot%\system32\cxpt_service.dll File not found not found.
Service M2500 stopped successfully!
Service M2500 deleted successfully!
File %systemroot%\system32\igniteservice.exe.dll File not found not found.
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File %SystemRoot%\System32\hidserv.dll File not found not found.
Service camdrl stopped successfully!
Service camdrl deleted successfully!
File %systemroot%\system32\w800mdm.dll File not found not found.
Service avgcoresvc stopped successfully!
Service avgcoresvc deleted successfully!
File %systemroot%\system32\idebusdr.dll File not found not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
File File not found not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
File File not found not found.
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
File File not found not found.
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
File File not found not found.
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
File File not found not found.
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
File File not found not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
File File not found not found.
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
File File not found not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
File File not found not found.
Error: No service named dwshd was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dwshd deleted successfully.
File C:\WINDOWS\System32\drivers\dwshd.sys File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0A4019A8-0FD7-4DA9-A53A-D71C8AFB02D5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A4019A8-0FD7-4DA9-A53A-D71C8AFB02D5}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0A4019A8-0FD7-4DA9-A53A-D71C8AFB02D5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A4019A8-0FD7-4DA9-A53A-D71C8AFB02D5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Prefs.js: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1 removed from extensions.enabledAddons
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully.
C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Extensions folder moved successfully.
Folder C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\ not found.
C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash\sites folder moved successfully.
C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash\search_engine folder moved successfully.
C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash\META-INF folder moved successfully.
C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash\defaults\preferences folder moved successfully.
C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash\defaults folder moved successfully.
C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash\components folder moved successfully.
C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash\chrome\skin\favicon folder moved successfully.
C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash\chrome\skin folder moved successfully.
C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash\chrome\locale\tr folder moved successfully.
C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash\chrome\locale\sk folder moved successfully.
C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash\chrome\locale\ru folder moved successfully.
C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash\chrome\locale\it folder moved successfully.
C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash\chrome\locale\he folder moved successfully.
C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash\chrome\locale\fr folder moved successfully.
C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash\chrome\locale\es folder moved successfully.
C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash\chrome\locale\en-US folder moved successfully.
C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash\chrome\locale\de folder moved successfully.
C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash\chrome\locale\cs folder moved successfully.
C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash\chrome\locale\bg folder moved successfully.
C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash\chrome\locale folder moved successfully.
C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash\chrome\content\img folder moved successfully.
C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash\chrome\content folder moved successfully.
C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash\chrome folder moved successfully.
C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash folder moved successfully.
C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions\2020Player_IKEA@2020Technologies.com\plugins folder moved successfully.
C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions\2020Player_IKEA@2020Technologies.com\META-INF folder moved successfully.
C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions\2020Player_IKEA@2020Technologies.com folder moved successfully.
C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions folder moved successfully.
Folder C:\Documents and Settings\Pavla\Data aplikací\Mozilla\Firefox\Profiles\ozia5cz1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash\ not found.
C:\Program Files\Mozilla Firefox\extensions folder moved successfully.
C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files\Mozilla Firefox\browser\extensions folder moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:D1B5B4F1 deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\*.tmp not found.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\System32\dllcache\*.tmp not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder C:\WINDOWS\system32\DUMP*.tmp not found.
c:\windows\Tasks\Adobe Flash Player Updater.job moved successfully.
c:\windows\Tasks\avast! Emergency Update.job moved successfully.
File\Folder C:\*.tmp not found.
File\Folder C:\WINDOWS\System32\drivers\*.tmp not found.
File\Folder C:\Documents and Settings\All Users\Data aplikací\*.tmp not found.
C:\32788R22FWJFW folder moved successfully.
C:\Documents and Settings\Pavla\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Documents and Settings\All Users\Data aplikací\AVG10\Dumps folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\AVG10 folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\update\prepare\temp folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\update\prepare folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\update\backup folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\update folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\Temp folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\scanlogs folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\Log folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\emc\Queue\TEMP folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\emc\Queue\OUT folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\emc\Queue\ACTIVE folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\emc\Queue folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\emc\Log folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\emc folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\Dumps folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\CfgAll folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\Cfg folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\AvgApi folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\AvgAm folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\admincli folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9 folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\\DisableSR deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Pavla
->Temp folder emptied: 17240900 bytes
->Temporary Internet Files folder emptied: 197010 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 384355669 bytes
->Flash cache emptied: 6279 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16889 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 383,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12082013_234350

Files\Folders moved on Reboot...
File move failed. E:\Autorun.inf scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[jaro3]

Co problémy?