========== Files Created - No Company Name ==========

[2010.06.09 17:32:48 | 000,097,589 | ---- | C] () -- C:\Users\Daniel\Desktop\Disk D.jpg
[2010.06.09 17:16:09 | 000,183,126 | ---- | C] () -- C:\Users\Daniel\Desktop\Místní disk.jpg
[2010.06.09 17:14:12 | 000,055,368 | ---- | C] () -- C:\Users\Daniel\Desktop\Plocha.jpg
[2010.06.09 17:10:36 | 000,000,732 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.06.08 20:43:07 | 000,000,652 | ---- | C] () -- C:\Windows\FIX.reg
[2010.06.08 20:43:07 | 000,000,280 | ---- | C] () -- C:\Windows\reset.reg
[2010.06.08 16:23:04 | 000,001,059 | ---- | C] () -- C:\Users\Daniel\Desktop\Counter-Strike Source.lnk
[2010.06.07 18:22:07 | 000,002,288 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.06.05 13:33:54 | 000,794,906 | ---- | C] () -- C:\Windows\unins000.exe
[2010.06.05 13:33:54 | 000,004,153 | ---- | C] () -- C:\Windows\unins000.dat
[2010.06.04 16:32:32 | 000,001,039 | ---- | C] () -- C:\Users\Daniel\Desktop\KMPlayer.lnk
[2010.06.04 16:28:59 | 000,033,021 | ---- | C] () -- C:\Windows\SysWow64\CoreVorbis-uninstall.exe
[2010.06.04 16:26:43 | 000,580,096 | ---- | C] () -- C:\Windows\SysNative\ac3filter64.acm
[2010.06.04 16:26:43 | 000,497,664 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.acm
[2010.06.04 16:24:14 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.06.04 16:04:26 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.06.04 16:04:26 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.06.04 16:04:24 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml
[2010.06.04 16:04:23 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.06.04 16:04:23 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.06.04 16:04:23 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.06.04 16:04:23 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010.06.04 14:09:40 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.06.04 14:09:33 | 000,001,156 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010.06.03 18:46:41 | 000,004,608 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.31 20:19:17 | 000,000,733 | ---- | C] () -- C:\Users\Daniel\Desktop\Download.lnk
[2010.05.29 20:30:00 | 000,001,794 | ---- | C] () -- C:\Users\Daniel\Desktop\Google Chrome.lnk
[2010.05.26 19:28:52 | 000,001,106 | ---- | C] () -- C:\Users\Daniel\Desktop\EVEREST Home Edition.lnk
[2010.05.24 18:56:35 | 000,026,624 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2010.05.23 12:10:40 | 000,000,000 | ---- | C] () -- C:\Users\Daniel\ren
[2010.05.22 10:05:57 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010.05.21 18:31:12 | 000,000,102 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\default.pls
[2010.05.21 17:14:33 | 000,002,745 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2010.05.21 17:14:33 | 000,002,681 | ---- | C] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2010.05.21 16:33:07 | 000,000,832 | ---- | C] () -- C:\Users\Daniel\Desktop\GTA Vice City.lnk
[2010.05.21 13:12:02 | 000,000,980 | ---- | C] () -- C:\Users\Daniel\Desktop\Counter Strike.lnk
[2010.05.21 13:07:43 | 000,066,714 | ---- | C] () -- C:\Windows\SysWow64\Steam_2010_05_21__11_07_43_306.mdmp
[2010.05.21 13:06:31 | 000,066,770 | ---- | C] () -- C:\Windows\SysWow64\Steam_2010_05_21__11_06_31_513.mdmp
[2010.05.21 13:06:06 | 000,066,714 | ---- | C] () -- C:\Windows\SysWow64\Steam_2010_05_21__11_06_06_638.mdmp
[2010.05.21 12:55:30 | 000,066,714 | ---- | C] () -- C:\Windows\SysWow64\Steam_2010_05_21__10_55_30_673.mdmp
[2010.05.12 18:55:56 | 000,004,341 | ---- | C] () -- C:\Users\Daniel\Documents\Dokument.rtf
[2010.04.28 20:21:48 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2010.04.21 17:25:53 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Astroburn Pro
[2010.06.08 09:01:29 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Azureus
[2010.04.21 17:21:39 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DAEMON Tools Lite
[2010.06.08 20:22:31 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ESET
[2010.06.05 13:34:00 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\FFSJ
[2010.06.04 16:15:29 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Hide IP NG
[2010.06.09 17:28:17 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ICQ
[2010.05.22 19:16:56 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Leadertech
[2010.05.22 10:06:01 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TeamViewer
[2010.06.09 17:28:55 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\uTorrent
[2010.05.28 22:27:26 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

Spust OTL, do spodniho okna vloz skript, dej opravit, po restartu log sem

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKU\S-1-5-21-3732995390-3839235142-1401659564-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\S-1-5-21-3732995390-3839235142-1401659564-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-3732995390-3839235142-1401659564-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-3732995390-3839235142-1401659564-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-3732995390-3839235142-1401659564-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3732995390-3839235142-1401659564-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Prefs.js: "Crawler Search" removed from browser.search.defaultenginename
Prefs.js: "PageRage Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Crawler Search" removed from browser.search.order.1
Prefs.js: "http://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60280&qkw=" removed from keyword.URL
C:\Program Files (x86)\Mozilla Firefox\searchplugins\crawlersrch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3732995390-3839235142-1401659564-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-21-3732995390-3839235142-1401659564-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivX Free Codec deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\reset deleted successfully.
C:\Windows\reset.reg moved successfully.
Registry value HKEY_USERS\S-1-5-21-3732995390-3839235142-1401659564-1001\Software\Microsoft\Windows\CurrentVersion\Run\\RGSC deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\inbox\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}\ deleted successfully.
File {37540F19-DD4C-478B-B2DF-C19281BCAF27} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ deleted successfully.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\inbox\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}\ not found.
File {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f160578-4d59-11df-8a63-6cf04905c3e7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f160578-4d59-11df-8a63-6cf04905c3e7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f160578-4d59-11df-8a63-6cf04905c3e7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f160578-4d59-11df-8a63-6cf04905c3e7}\ not found.
File F:\win\CDSplash.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4942ca66-48ad-11df-8304-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4942ca66-48ad-11df-8304-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4942ca66-48ad-11df-8304-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4942ca66-48ad-11df-8304-806e6f6e6963}\ not found.
File move failed. E:\PlayDiskStart.exe scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Daniel
->Temp folder emptied: 236131268 bytes
->Temporary Internet Files folder emptied: 98869640 bytes
->Java cache emptied: 316788 bytes
->FireFox cache emptied: 90200448 bytes
->Google Chrome cache emptied: 214255984 bytes
->Flash cache emptied: 25268 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19050670 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50641 bytes
RecycleBin emptied: 127269787 bytes

Total Files Cleaned = 750,00 mb


OTL by OldTimer - Version 3.2.5.3 log created on 06092010_184355

Files\Folders moved on Reboot...
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
File move failed. E:\PlayDiskStart.exe scheduled to be moved on reboot.
C:\Users\Daniel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Co PC, zlepsilo se?
Udelej kompletni test pres mbam (predtim vsak aktualizuj databazi na treti zalozce) http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button

jojo...mockrát děkuju a čim to bylo?

jeste dej ten log z mbam! chybne veci a bordel v registrech

jeste neni celkovy delam jen C

Ok, pak ho sem dej...Staci udelat kompletni na systemovem disku...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4183

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9.6.2010 21:33:31
mbam-log-2010-06-09 (21-33-31).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 198686
Uplynulý čas: 18 minuta(y), 29 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

spust otl, klik na vycistit...

Nějaky divný.. windows mi po restartu hlásí že mám kopii windowsu..

jakou kopii windows?

Myslel se nelegálni windows už to nedělá

v tom pripade se nemame o cem bavit pokud mas winy nejisteho puvodu- vyreseno zakoupenim licence:?

ale ja mam origo! a hlasilo mi to ze ho mam nelegalne sel sem na microsoft a udelal si overeni toho win a bylo to ok

Hlaska stale trva, pokud jo kontaktuj support microsoftu