There is Avast Free Antivirus installed and running all shields. Quick scan didn't found anything. I will try to run full scan in the night, but I don't think it will help. I tried hijackthis, which seemed ok to my humble opinion and online analyzer confirmed. I am not posting log of that as advised in guide. OTL log follows. I also tried scan with http://www.safer-networking.org/, but it didn't found anything harmful. Today I had found out that Windows Firewall was turned off, so could be possible way of infection. I had turned it on now. During scan of OTP i had turned off Avast shields and closed all apps.
OTL logfile created on: 2.12.2012 18:19:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\ANDREA
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy
2,49 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 77,14% Memory free
6,09 Gb Paging File | 5,71 Gb Available in Paging File | 93,79% Paging File free
Paging file location(s): C:\pagefile.sys 3840 3840 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 5,59 Gb Free Space | 22,90% Space Free | Partition Type: NTFS
Drive F: | 31,49 Gb Total Space | 25,06 Gb Free Space | 79,58% Space Free | Partition Type: NTFS
Computer Name: ANDREA | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.12.02 17:21:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\ANDREA\OTL.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.11.10 17:42:42 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008.04.14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINXP\explorer.exe
PRC - [2006.11.03 10:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINXP\PixArt\Pac7302\Monitor.exe
========== Modules (No Company Name) ==========
MOD - [2012.12.01 18:30:29 | 002,036,224 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12120101\algo.dll
MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012.11.01 21:37:10 | 001,581,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft\Media Tools\plugins\pl-9b15434a5c528291c2b2ea144fd2eafb.dll
MOD - [2012.11.01 20:34:19 | 000,220,160 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft\Media Tools\MediaIconsOverlays.dll
MOD - [2012.08.23 09:38:24 | 000,574,840 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2012.07.18 20:06:35 | 000,753,664 | ---- | M] () -- C:\WINXP\system32\bcm1xsup.dll
MOD - [2012.03.11 17:07:38 | 000,159,744 | ---- | M] () -- C:\Program Files\Mega Codec Pack\Filters\Haali\mmfinfo.dll
MOD - [2011.09.08 14:59:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Mega Codec Pack\Filters\Haali\mkunicode.dll
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.10.20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2012.11.10 17:42:42 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2008.03.18 15:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\WINXP\system32\agrsmsvc.exe -- (AgereModemAudio)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINXP\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINXP\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINXP\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINXP\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.10.30 23:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINXP\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.10.30 23:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINXP\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINXP\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.02.25 00:02:56 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008.10.23 00:58:36 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008.03.21 15:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007.06.14 14:29:08 | 000,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2005.08.05 10:33:56 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-73586283-630328440-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
IE - HKU\S-1-5-21-73586283-630328440-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-73586283-630328440-1417001333-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-73586283-630328440-1417001333-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-73586283-630328440-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINXP\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINXP\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
========== Chrome ==========
CHR - homepage: http://www.gmail.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.gmail.com/
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINXP\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-73586283-630328440-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-73586283-630328440-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-73586283-630328440-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1344340525578 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDCEBADC-90FB-400B-99C6-3B13B3A514F2}: DhcpNameServer = 213.46.172.36 213.46.172.37
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINXP\system32\userinit.exe) - C:\WINXP\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.07.18 19:51:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.12.02 17:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012.12.02 17:10:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2012.12.02 17:10:14 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINXP\System32\sdnclean.exe
[2012.12.02 17:10:03 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2012.11.26 13:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\soucasne-navyky
[2012.11.10 17:46:31 | 000,000,000 | ---D | C] -- C:\Jts
[2012.11.10 17:44:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Sun
[2012.11.10 17:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012.11.10 17:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.11.10 17:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.11.10 17:40:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Sun
[1 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.12.02 18:17:10 | 000,000,620 | ---- | M] () -- C:\WINXP\tasks\Check for updates (Spybot - Search & Destroy).job
[2012.12.02 17:38:20 | 000,001,032 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-630328440-1417001333-1003UA.job
[2012.12.02 17:10:45 | 000,000,616 | ---- | M] () -- C:\WINXP\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012.12.02 17:10:45 | 000,000,446 | ---- | M] () -- C:\WINXP\tasks\Scan the system (Spybot - Search & Destroy).job
[2012.12.02 17:10:24 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2012.12.02 16:48:03 | 000,433,426 | ---- | M] () -- C:\WINXP\System32\perfh009.dat
[2012.12.02 16:48:03 | 000,068,216 | ---- | M] () -- C:\WINXP\System32\perfc009.dat
[2012.12.02 14:39:42 | 000,000,793 | ---- | M] () -- C:\WINXP\WDICT32.INI
[2012.12.02 12:18:30 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012.12.02 09:55:36 | 000,002,297 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2012.12.01 21:03:13 | 000,000,364 | -H-- | M] () -- C:\WINXP\tasks\avast! Emergency Update.job
[2012.12.01 19:38:00 | 000,000,980 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-630328440-1417001333-1003Core.job
[2012.12.01 08:55:22 | 000,000,214 | ---- | M] () -- C:\WINXP\tasks\AutoKMSDaily.job
[2012.12.01 08:55:07 | 000,151,552 | ---- | M] () -- C:\WINXP\KMSEmulator.exe
[2012.11.30 19:45:13 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012.11.30 08:55:45 | 000,000,212 | ---- | M] () -- C:\WINXP\tasks\AutoKMS.job
[2012.11.30 08:54:57 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl
[2012.11.30 08:54:24 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat
[2012.11.28 21:06:35 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NinjaTrader 7.lnk
[2012.11.26 13:49:03 | 000,151,672 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\idealni-navyky.pdf
[2012.11.26 13:27:28 | 000,501,309 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\soucasne-navyky.zip
[2012.11.26 13:21:38 | 000,088,207 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\soucasne-navyky.pdf
[2012.11.22 20:05:37 | 000,026,546 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\irish.pdf
[2012.11.22 11:50:56 | 000,054,712 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Prodejni_hvezda.pdf
[2012.11.13 21:00:36 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.10 17:46:27 | 000,000,008 | RH-- | M] () -- C:\Documents and Settings\Admin\hwid
[2012.11.10 17:32:48 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\edemo.jnlp
[2012.11.06 09:03:34 | 000,002,625 | ---- | M] () -- C:\WINXP\System32\CONFIG.NT
[1 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.12.02 17:10:44 | 000,000,446 | ---- | C] () -- C:\WINXP\tasks\Scan the system (Spybot - Search & Destroy).job
[2012.12.02 17:10:43 | 000,000,620 | ---- | C] () -- C:\WINXP\tasks\Check for updates (Spybot - Search & Destroy).job
[2012.12.02 17:10:43 | 000,000,616 | ---- | C] () -- C:\WINXP\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012.12.02 17:10:24 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012.12.02 17:10:24 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2012.11.26 13:49:03 | 000,151,672 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\idealni-navyky.pdf
[2012.11.26 13:27:24 | 000,501,309 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\soucasne-navyky.zip
[2012.11.26 13:21:36 | 000,088,207 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\soucasne-navyky.pdf
[2012.11.22 20:05:36 | 000,026,546 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\irish.pdf
[2012.11.22 11:50:54 | 000,054,712 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Prodejni_hvezda.pdf
[2012.11.13 21:00:36 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.10 17:46:27 | 000,000,008 | RH-- | C] () -- C:\Documents and Settings\Admin\hwid
[2012.11.10 17:32:48 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\edemo.jnlp
[2012.08.15 11:03:51 | 000,151,552 | ---- | C] () -- C:\WINXP\KMSEmulator.exe
[2012.07.19 11:15:47 | 000,000,793 | ---- | C] () -- C:\WINXP\WDICT32.INI
[2012.07.19 10:56:18 | 000,178,176 | ---- | C] () -- C:\WINXP\System32\unrar.dll
[2012.07.19 09:24:07 | 000,000,566 | ---- | C] () -- C:\WINXP\System32\SP7302.INI
[2012.07.18 21:41:36 | 000,000,107 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012.07.18 21:32:56 | 000,004,073 | ---- | C] () -- C:\WINXP\ODBCINST.INI
[2012.07.18 21:31:18 | 000,189,000 | ---- | C] () -- C:\WINXP\System32\FNTCACHE.DAT
[2012.07.18 20:27:41 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\winscp.rnd
[2012.07.18 20:12:47 | 000,003,072 | ---- | C] () -- C:\WINXP\System32\iacenc.dll
[2012.07.18 20:06:48 | 000,139,264 | ---- | C] () -- C:\WINXP\System32\preflib.dll
[2012.07.18 20:06:47 | 000,024,064 | ---- | C] () -- C:\WINXP\System32\WLTRYSVC.EXE
[2012.07.18 20:06:46 | 000,753,664 | ---- | C] () -- C:\WINXP\System32\bcm1xsup.dll
[2012.07.18 20:01:49 | 000,147,456 | ---- | C] () -- C:\WINXP\System32\igfxCoIn_v4926.dll
[2012.07.18 19:55:37 | 000,002,048 | --S- | C] () -- C:\WINXP\bootstat.dat
[2012.07.18 19:46:07 | 000,021,640 | ---- | C] () -- C:\WINXP\System32\emptyregdb.dat
[2012.06.07 06:25:32 | 000,086,016 | ---- | C] () -- C:\WINXP\System32\NtDirect.dll
========== ZeroAccess Check ==========
[2012.07.18 21:08:55 | 000,000,227 | RHS- | M] () -- C:\WINXP\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 13:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINXP\system32\wbem\fastprox.dll -- [2010.09.16 17:11:04 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINXP\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.09.15 12:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Foxit Software
[2012.10.29 16:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\KeePass
[2012.07.19 12:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Luxor - Fifth Passage
[2012.07.19 12:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\MumboJumbo
[2012.07.18 21:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012.07.19 12:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
========== Purity Check ==========
< End of report >