Prosím o kontrolu logu - PC napadeno virem policie ČR + Vyřešeno

[Lojza1]

OTL logfile created on: 28.2.2013 4:18:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\jirka\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 78,95% Memory free
5,83 Gb Paging File | 5,56 Gb Available in Paging File | 95,34% Paging File free
Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,83 Gb Total Space | 40,62 Gb Free Space | 17,45% Space Free | Partition Type: FAT32

Computer Name: DC090407 | User Name: jirka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\jirka\Plocha\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\MyPC Backup\BackupStack.exe (Just Develop It)
PRC - C:\Program Files\TO2SSM\McciTrayApp.exe (Motive Communications, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\04eea38364e5ced71d02bf104cb5892c\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\MyPC Backup\x86\System.Data.SQLite.dll ()


========== Services (SafeList) ==========

SRV - (RichVideo) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (BackupStack) -- C:\Program Files\MyPC Backup\BackupStack.exe (Just Develop It)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (GGSAFERDriver) -- C:\Program Files\Garena Plus\Room\safedrv.sys File not found
DRV - (GarenaPEngine) -- C:\DOCUME~1\jirka\LOCALS~1\Temp\IKG8DB.tmp File not found
DRV - (catchme) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (ahidhv) -- System32\drivers\fkkkuj.sys File not found
DRV - (a3lkrbvu) -- File not found
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (Applied Networking Inc.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (wip0204) -- C:\WINDOWS\system32\drivers\wip0204.sys (Wippien Software)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 FE B9 84 E1 E2 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {BBE67907-F1B3-4453-98BD-25689D02867D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{BBE67907-F1B3-4453-98BD-25689D02867D}: "URL" = http://www.webhledani.cz/results.aspx?i=39&tp=ie&q={searchTerms}
IE - HKCU\..\SearchScopes\{C73A267B-E845-4E70-95CB-FEF38BFA3228}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_CZ&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^CZ&apn_uid=1b52e14a-7483-439f-9423-f372881f97b1&apn_sauid=C46775E4-0F30-4F83-A3FC-9DF4FD70A007
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.7.2.0
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.03.03 15:23:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.20 17:05:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.20 17:05:56 | 000,000,000 | ---D | M]

[2010.04.23 13:56:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jirka\Data aplikací\Mozilla\Extensions
[2010.04.23 13:56:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jirka\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.04.23 13:56:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\1t6twe54.default\extensions
[2012.04.22 04:44:42 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\1t6twe54.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013.02.21 21:34:04 | 000,817,280 | ---- | M] () (No name found) -- C:\Documents and Settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\1t6twe54.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.02.17 00:23:40 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\1t6twe54.default\searchplugins\icqplugin-12.xml
[2012.03.02 11:52:36 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\1t6twe54.default\searchplugins\icqplugin-13.xml
[2012.03.14 03:00:20 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\1t6twe54.default\searchplugins\icqplugin-7.xml
[2012.03.16 18:39:04 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\1t6twe54.default\searchplugins\icqplugin-14.xml
[2012.03.24 00:09:16 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\1t6twe54.default\searchplugins\icqplugin-4.xml
[2012.03.26 04:18:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\1t6twe54.default\searchplugins\icqplugin-15.xml
[2012.04.20 19:53:54 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\1t6twe54.default\searchplugins\icqplugin-8.xml
[2012.06.05 17:41:04 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\1t6twe54.default\searchplugins\icqplugin-9.xml
[2012.07.18 01:05:04 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\1t6twe54.default\searchplugins\icqplugin-10.xml
[2012.08.28 18:53:36 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\1t6twe54.default\searchplugins\icqplugin-5.xml
[2012.10.04 20:19:06 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\1t6twe54.default\searchplugins\icqplugin-11.xml
[2012.11.15 15:22:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\1t6twe54.default\searchplugins\icqplugin-6.xml
[2013.02.20 17:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.02.20 17:05:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.02.20 17:06:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.10.25 21:09:36 | 000,002,216 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2011.03.10 15:45:18 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2013.01.10 23:08:22 | 000,002,669 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2013.02.20 17:06:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml
[2013.02.20 17:06:04 | 000,000,867 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2013.02.20 17:06:04 | 000,001,580 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2013.02.20 17:06:04 | 000,000,851 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2013.02.20 17:06:04 | 000,002,421 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml

O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [fsm] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 5611 = C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msoqoy.com
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICOFF~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 2023176812 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DB52668-0C04-4B79-B2DD-C0B9B8C1D673}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\jirka\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jirka\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.03 15:00:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.02.27 22:36:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jirka\Plocha\OTL.exe
[2013.02.27 22:36:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Program Files\OTL.exe
[2013.02.26 03:49:33 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013.02.25 17:26:10 | 005,034,894 | R--- | C] (Swearware) -- C:\Documents and Settings\jirka\Plocha\ComboFix.exe
[2013.02.25 17:25:34 | 005,034,894 | ---- | C] (Swearware) -- C:\Program Files\ComboFix.exe
[2013.02.25 17:23:24 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Program Files\rkill.com
[2013.02.23 06:08:14 | 000,000,000 | -HSD | C] -- C:\FOUND.029
[2013.02.22 09:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jirka\Local Settings\Data aplikací\Sun
[2013.02.22 03:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013.02.22 03:41:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jirka\Nabídka Start\Programy\HiJackThis
[2013.02.21 16:37:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikaci\Sun
[2013.02.21 16:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.02.21 16:35:34 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013.02.21 16:35:30 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.02.20 17:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.02.20 15:39:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jirka\Local Settings\Data aplikací\DoNotTrackPlus
[2013.02.20 15:39:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jirka\Data aplikací\CallingID
[2013.02.20 03:04:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jirka\Recent
[2013.02.20 02:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikaci\Avira
[2013.02.20 01:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jirka\Data aplikací\Malwarebytes
[2013.02.20 01:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jirka\Data aplikací\TeamViewer
[2013.02.20 00:53:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\TeamViewer 5
[2013.02.20 00:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2013.02.19 15:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikaci\Malwarebytes
[2013.02.18 21:38:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.02.18 21:37:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.02.18 21:37:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.02.18 21:37:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.02.18 21:37:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.02.18 21:33:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.18 21:33:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.02.18 21:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
[2013.02.18 18:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Local Settings
[2013.02.15 13:57:08 | 000,000,000 | -HSD | C] -- C:\FOUND.028
[2013.02.02 01:40:35 | 000,691,568 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.02.02 01:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikaci\Adobe
[2012.02.22 14:34:27 | 003,587,688 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup315.exe
[2011.08.01 15:26:10 | 003,447,576 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup309.exe
[2010.12.28 04:26:31 | 001,259,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web.exe
[2010.12.27 21:59:45 | 002,401,808 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WLinstaller.exe
[2010.03.23 15:53:26 | 006,827,140 | ---- | C] (FreeDownloadManager.ORG ) -- C:\Program Files\fdminst.exe
[2009.06.14 04:01:21 | 012,248,560 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer11GOLD.exe
[2009.04.27 18:50:14 | 001,345,024 | ---- | C] (Irfan Skiljan) -- C:\Program Files\iview423_setup.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.02.28 04:18:02 | 000,000,466 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DA3E2C97-CDB4-45AD-BC4C-90B94DB5EE18}.job
[2013.02.27 22:36:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTL.exe
[2013.02.27 22:36:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jirka\Plocha\OTL.exe
[2013.02.27 16:01:02 | 000,069,112 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2013.02.27 16:01:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.02.27 16:01:00 | 2146,619,392 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.26 11:09:46 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.02.25 17:25:58 | 005,034,894 | R--- | M] (Swearware) -- C:\Documents and Settings\jirka\Plocha\ComboFix.exe
[2013.02.25 17:25:58 | 005,034,894 | ---- | M] (Swearware) -- C:\Program Files\ComboFix.exe
[2013.02.25 17:24:02 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Program Files\rkill.com
[2013.02.25 17:22:58 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013.02.25 16:14:50 | 000,002,441 | ---- | M] () -- C:\Documents and Settings\jirka\Plocha\HiJackThis.lnk
[2013.02.23 06:01:30 | 000,587,671 | ---- | M] () -- C:\Program Files\adwcleaner0.exe
[2013.02.23 06:01:30 | 000,587,671 | ---- | M] () -- C:\Documents and Settings\jirka\Plocha\adwcleaner0.exe
[2013.02.22 03:41:18 | 001,402,880 | ---- | M] () -- C:\Program Files\HiJackThis.msi
[2013.02.21 16:42:02 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.02.21 16:42:02 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.02.21 16:35:26 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013.02.21 16:35:26 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013.02.21 16:35:26 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.02.21 16:35:26 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.02.21 16:35:26 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.02.21 16:35:26 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013.02.21 16:35:26 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.02.20 03:34:10 | 000,000,400 | -HS- | M] () -- C:\WINDOWS\3483905drv.spi
[2013.02.20 00:53:52 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\TeamViewer 5.lnk
[2013.02.20 00:43:46 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.02.18 21:38:40 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013.02.14 13:27:26 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.02.14 03:05:06 | 000,444,624 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.02.14 03:05:06 | 000,441,546 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2013.02.14 03:05:06 | 000,084,202 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2013.02.14 03:05:06 | 000,072,500 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.02.13 04:24:50 | 000,081,408 | ---- | M] () -- C:\Documents and Settings\jirka\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.31 04:12:32 | 000,000,533 | ---- | M] () -- C:\Documents and Settings\jirka\Plocha\Zástupce - CATA.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.02.26 11:09:41 | 2146,619,392 | -HS- | C] () -- C:\hiberfil.sys
[2013.02.23 06:02:33 | 000,587,671 | ---- | C] () -- C:\Documents and Settings\jirka\Plocha\adwcleaner0.exe
[2013.02.23 06:01:31 | 000,587,671 | ---- | C] () -- C:\Program Files\adwcleaner0.exe
[2013.02.22 03:41:58 | 000,002,441 | ---- | C] () -- C:\Documents and Settings\jirka\Plocha\HiJackThis.lnk
[2013.02.22 03:41:20 | 001,402,880 | ---- | C] () -- C:\Program Files\HiJackThis.msi
[2013.02.20 03:34:06 | 000,000,400 | -HS- | C] () -- C:\WINDOWS\3483905drv.spi
[2013.02.20 00:53:50 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\TeamViewer 5.lnk
[2013.02.18 21:38:38 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013.02.18 21:38:37 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2013.02.18 21:37:02 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.02.18 21:37:02 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.02.18 21:37:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.02.18 21:37:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.02.18 21:37:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.02.18 20:51:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.01.31 04:12:51 | 000,000,533 | ---- | C] () -- C:\Documents and Settings\jirka\Plocha\Zástupce - CATA.lnk
[2012.04.21 03:16:48 | 037,950,050 | ---- | C] () -- C:\Program Files\Battle.rar
[2012.02.15 12:13:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.02 03:58:09 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\jirka\gwro.ini
[2011.11.19 14:40:17 | 001,606,656 | ---- | C] () -- C:\Program Files\SteamInstall.msi
[2011.05.26 00:22:41 | 000,051,186 | ---- | C] () -- C:\Documents and Settings\jirka\Data aplikací\room_v3.dat
[2011.04.24 23:24:03 | 000,046,658 | ---- | C] () -- C:\Documents and Settings\jirka\Data aplikací\room.dat
[2011.02.25 19:01:33 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\jirka\USB001
[2010.12.25 04:27:39 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\jirka\ToMREv4.dat
[2010.09.20 01:01:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jirka\ping
[2010.04.10 17:48:30 | 012,842,720 | ---- | C] () -- C:\Program Files\Mumble-1.2.2.exe
[2009.03.24 15:24:28 | 049,184,948 | ---- | C] () -- C:\Program Files\Median_XL_Firesorc_Wholerun
[2009.03.13 18:45:38 | 000,081,408 | ---- | C] () -- C:\Documents and Settings\jirka\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.13 14:48:44 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\jirka\Data aplikací\default.pls
[2009.03.13 13:35:56 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\jirka\.rnd

========== ZeroAccess Check ==========

[2009.03.03 15:04:04 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 14:00:00 | 001,499,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:56:06 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009.03.13 14:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jirka\Data aplikací\OpenOffice.org
[2009.03.13 16:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jirka\Data aplikací\Miranda
[2009.03.13 17:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jirka\Data aplikací\uTorrent
[2009.03.13 18:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jirka\Data aplikací\ICQ
[2009.03.13 21:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jirka\Data aplikací\DAEMON Tools Lite
[2009.03.13 22:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jirka\Data aplikací\DAEMON Tools Pro
[2009.03.13 22:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jirka\Data aplikací\DAEMON Tools
[2009.04.01 17:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jirka\Data aplikací\Image Zone Express
[2010.03.23 15:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jirka\Data aplikací\Opera
[2010.03.23 15:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jirka\Data aplikací\Software Informer
[2010.04.12 00:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jirka\Data aplikací\Mumble
[2010.05.23 01:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jirka\Data aplikací\TS3Client
[2010.08.16 21:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jirka\Data aplikací\Language
[2010.08.16 21:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jirka\Data aplikací\Wippien
[2010.12.08 02:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jirka\Data aplikací\Subversion
[2011.05.31 14:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jirka\Data aplikací\EurekaLog
[2011.07.30 17:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jirka\Data aplikací\Darer
[2011.12.03 11:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jirka\Data aplikací\BSplayer
[2011.12.03 11:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jirka\Data aplikací\BSplayer Pro
[2009.03.16 02:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jirka\Data aplikací\Ulev
[2013.02.20 01:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jirka\Data aplikací\TeamViewer
[2013.02.20 15:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jirka\Data aplikací\CallingID

========== Purity Check ==========



< End of report >

[Reklama]

[jaro3]

Odinstaluj:
Garena (pokud nepoužíváš)
Java(TM) 6 Update 20
Java Plug-in 1.6.0_20


AVG9--dost starý antivir , už je verze AVG2013 , měl bys aktualizovat!


Uvolni si nějaké místo na disku:
Drive C: | 232,83 Gb Total Space | 40,62 Gb Free Space | 17,45% Space Free | Partition Type: FAT32

viz:

[ Application Events ]
Error - 19.2.2013 21:43:07 | Computer Name = DC090407 | Source = VSS | ID = 4001
Description = Chyba služby Stínová kopie svazků: Nelze nalézt oblasti změn pro vytváření
stínových kopií. Přidejte alespoň jednu jednotku NTFS do systému s dostatkem volného
místa. Pro zálohování nebo vytvoření stínové kopie je zapotřebí volné místo alespoň
100 MB pro každý svazek.

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
SRV - (RichVideo) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (GGSAFERDriver) -- C:\Program Files\Garena Plus\Room\safedrv.sys File not found
DRV - (GarenaPEngine) -- C:\DOCUME~1\jirka\LOCALS~1\Temp\IKG8DB.tmp File not found
DRV - (catchme) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (ahidhv) -- System32\drivers\fkkkuj.sys File not found
DRV - (a3lkrbvu) -- File not found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes,DefaultScope = {BBE67907-F1B3-4453-98BD-25689D02867D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{BBE67907-F1B3-4453-98BD-25689D02867D}: "URL" = http://www.webhledani.cz/results.aspx?i=39&tp=ie&q={searchTerms}
IE - HKCU\..\SearchScopes\{C73A267B-E845-4E70-95CB-FEF38BFA3228}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_CZ&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^CZ&apn_uid=1b52e14a-7483-439f-9423-f372881f97b1&apn_sauid=C46775E4-0F30-4F83-A3FC-9DF4FD70A007
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.7.2.0
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
[2010.04.23 13:56:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jirka\Data aplikací\Mozilla\Extensions
[2010.04.23 13:56:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jirka\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2012.04.22 04:44:42 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\1t6twe54.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013.02.21 21:34:04 | 000,817,280 | ---- | M] () (No name found) -- C:\Documents and Settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\1t6twe54.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 5611 = C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msoqoy.com
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
[2013.02.14 03:05:06 | 000,444,624 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.02.14 03:05:06 | 000,441,546 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2013.02.14 03:05:06 | 000,084,202 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2013.02.14 03:05:06 | 000,072,500 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
C:\WINDOWS\system32\DUMP*.tmp
c:\windows\Tasks\*.job /s
C:\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msoqoy.com
C:\Program Files\ComboFix.exe
C:\FOUND.029
C:\Documents and Settings\All Users\Data aplikaci\Avira
C:\WINDOWS\SWREG.exe
C:\WINDOWS\SWSC.exe
C:\WINDOWS\SWXCACLS.exe
C:\Qoobox
C:\FOUND.028
C:\Documents and Settings\jirka\Plocha\ComboFix.exe
C:\Program Files\ComboFix.exe
C:\WINDOWS\3483905drv.spi
C:\WINDOWS\System32\d3d9caps.dat
C:\Documents and Settings\jirka\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\WINDOWS\PEV.exe
C:\WINDOWS\MBR.exe
C:\WINDOWS\sed.exe
C:\WINDOWS\grep.exe
C:\WINDOWS\zip.exe

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
""=""%1" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" =-

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\Documents and Settings\jirka\ToMREv4.dat
C:\Documents and Settings\jirka\gwro.ini

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

[Lojza1]

Garenu i AVG uz jsem mel odinstalovane(a zkontrolovane i pres CC cleaner) takze nvm jak jinak to mam jeste smazat a proc se to stale zobrazuje v registrech.

U C:\Documents and Settings\jirka\gwro.ini vim o co se jedna(bylo to driv i testovane a bez nalezu) a smazal jsem to.

C:\Documents and Settings\jirka\ToMREv4.dat
https://www.virustotal.com/cs/file/9630 ... 362094153/


All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
Service RichVideo stopped successfully!
Service RichVideo deleted successfully!
File C:\Program Files\CyberLink\Shared files\RichVideo.exe File not found not found.
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File %SystemRoot%\System32\hidserv.dll File not found not found.
Service Hamachi2Svc stopped successfully!
Service Hamachi2Svc deleted successfully!
File C:\Program Files\LogMeIn Hamachi\hamachi-2.exe File not found not found.
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
File %SystemRoot%\System32\appmgmts.dll File not found not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
File File not found not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
File File not found not found.
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
File File not found not found.
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
File File not found not found.
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
File File not found not found.
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
File File not found not found.
Service MRESP50a64 stopped successfully!
Service MRESP50a64 deleted successfully!
File C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found not found.
Service MRENDIS5 stopped successfully!
Service MRENDIS5 deleted successfully!
File C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found not found.
Service MREMPR5 stopped successfully!
Service MREMPR5 deleted successfully!
File C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found not found.
Service MREMP50a64 stopped successfully!
Service MREMP50a64 deleted successfully!
File C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
File File not found not found.
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
File File not found not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
File File not found not found.
Service GGSAFERDriver stopped successfully!
Service GGSAFERDriver deleted successfully!
File C:\Program Files\Garena Plus\Room\safedrv.sys File not found not found.
Service GarenaPEngine stopped successfully!
Service GarenaPEngine deleted successfully!
File C:\DOCUME~1\jirka\LOCALS~1\Temp\IKG8DB.tmp File not found not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys File not found not found.
Service ahidhv stopped successfully!
Service ahidhv deleted successfully!
File System32\drivers\fkkkuj.sys File not found not found.
Error: No service named a3lkrbvu was found to stop!
Service\Driver key a3lkrbvu not found.
File File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BBE67907-F1B3-4453-98BD-25689D02867D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBE67907-F1B3-4453-98BD-25689D02867D}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C73A267B-E845-4E70-95CB-FEF38BFA3228}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C73A267B-E845-4E70-95CB-FEF38BFA3228}\ not found.
Prefs.js: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 removed from extensions.enabledAddons
Prefs.js: {20a82645-c095-46ed-80e3-08825760534b}:1.1 removed from extensions.enabledItems
Prefs.js: jqs@sun.com:1.0 removed from extensions.enabledItems
Prefs.js: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911 removed from extensions.enabledItems
Prefs.js: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.7.2.0 removed from extensions.enabledItems
Prefs.js: DTToolbar@toolbarnet.com:1.1.2.0185 removed from extensions.enabledItems
Prefs.js: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 removed from extensions.enabledItems
Prefs.js: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
C:\Documents and Settings\jirka\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully.
C:\Documents and Settings\jirka\Data aplikací\Mozilla\Extensions folder moved successfully.
Folder C:\Documents and Settings\jirka\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\ not found.
C:\Documents and Settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\1t6twe54.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi moved successfully.
C:\Documents and Settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\1t6twe54.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\5611 deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
C:\WINDOWS\system32\perfh009.dat moved successfully.
C:\WINDOWS\system32\perfh005.dat moved successfully.
C:\WINDOWS\system32\perfc005.dat moved successfully.
C:\WINDOWS\system32\perfc009.dat moved successfully.
========== FILES ==========
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\DUMP4863.tmp moved successfully.
C:\WINDOWS\DUMP4eeb.tmp moved successfully.
C:\WINDOWS\DUMP4e00.tmp moved successfully.
C:\WINDOWS\DUMP543a.tmp moved successfully.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\System32\dllcache\*.tmp not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder C:\WINDOWS\system32\DUMP*.tmp not found.
c:\windows\Tasks\User_Feed_Synchronization-{DA3E2C97-CDB4-45AD-BC4C-90B94DB5EE18}.job moved successfully.
File\Folder C:\*.tmp not found.
File\Folder C:\WINDOWS\System32\drivers\*.tmp not found.
File\Folder C:\Documents and Settings\All Users\Data aplikací\*.tmp not found.
File\Folder C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msoqoy.com not found.
C:\Program Files\ComboFix.exe moved successfully.
C:\FOUND.029 folder moved successfully.
C:\Documents and Settings\All Users\Data aplikaci\Avira folder moved successfully.
C:\WINDOWS\SWREG.exe moved successfully.
C:\WINDOWS\SWSC.exe moved successfully.
C:\WINDOWS\SWXCACLS.exe moved successfully.
C:\Qoobox\BackEnv folder moved successfully.
C:\Qoobox\LastRun folder moved successfully.
C:\Qoobox\TestC folder moved successfully.
C:\Qoobox\Test folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Data aplikaci\TEMP folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Data aplikaci folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32 folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS folder moved successfully.
C:\Qoobox\Quarantine\C\Program Files folder moved successfully.
C:\Qoobox\Quarantine\C folder moved successfully.
C:\Qoobox\Quarantine\Registry_backups folder moved successfully.
C:\Qoobox\Quarantine folder moved successfully.
C:\Qoobox folder moved successfully.
C:\FOUND.028 folder moved successfully.
C:\Documents and Settings\jirka\Plocha\ComboFix.exe moved successfully.
File\Folder C:\Program Files\ComboFix.exe not found.
C:\WINDOWS\3483905drv.spi moved successfully.
C:\WINDOWS\System32\d3d9caps.dat moved successfully.
C:\Documents and Settings\jirka\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\WINDOWS\PEV.exe moved successfully.
C:\WINDOWS\MBR.exe moved successfully.
C:\WINDOWS\sed.exe moved successfully.
C:\WINDOWS\grep.exe moved successfully.
C:\WINDOWS\zip.exe moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command\\""|""%1" %*" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users
->Temp folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1169254 bytes

User: jirka
->Temp folder emptied: 911265 bytes
->Temporary Internet Files folder emptied: 62402943 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 422891315 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 3760 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 37289 bytes
->FireFox cache emptied: 14950490 bytes
->Flash cache emptied: 2008 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 373517873 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 835,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03012013_024831

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[jaro3]

Jak to vypadá nyní?

[Lojza1]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:15:29, on 2.3.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TO2SSM\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MyPC Backup\BackupStack.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICOFF~1\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.atcomp.cz
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2023176812
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) - Just Develop It - C:\Program Files\MyPC Backup\BackupStack.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 4307 bytes

[Orcus]

Jak to vypadá nyní?

[Lojza1]

Popravde jsem si nebyl prilis jisty, co je mysleno tim "to" takze jsem sem dal to nejobecnejsi co me napadlo. :)

[jaro3]

Máš ještě nějaké problémy?

[Lojza1]

Pocitac jede jako predtim, jediny problem mam s crashovanim Doty2, ale to nemusi nutne souviset s virem, takze nejdriv zkusim preinstalovat samotnou dotu.
Dekuji za vsechny rady, co jste mi dali.

[jaro3]

Nemáš zač!

Spusť OTL a klikni na Vyčisti.

S tou hrou-dej nové téma do jiné sekce.

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.