Prosím o pomoc, vir přes chat na FB

[wolf1989]

Omlouvám se, usnul jsem. Ten poslední už fungoval, pc se restartovalo, jen nevím kde naleznu ten log.

[motji]

To nevadí, už bylo taky hodně pozdě

Tam kde máte OTL by měli být i logy, zkuste se podívat, ten první bude jakoby přepsaný. Hledejte log Otl.txt.

Pořád jste v safemode?

[wolf1989]

Podle času uvedeného u tohoto, by to mělo být ono.


All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Unable to delete ADS .
Unable to delete ADS C:\ProgramData\TEMP:BB24555F .
Unable to delete ADS C:\ProgramData\TEMP:B203B914 .
Unable to delete ADS C:\ProgramData\TEMP:5A437AC3 .
Unable to delete ADS C:\ProgramData\TEMP:CDFF58FE .
Unable to delete ADS C:\ProgramData\TEMP:DCAF903C .
Unable to delete ADS C:\ProgramData\TEMP:ABE89FFE .
Unable to delete ADS C:\ProgramData\TEMP:B623B5B8 .
Unable to delete ADS C:\ProgramData\TEMP:3064D21D .
Unable to delete ADS C:\ProgramData\TEMP:9E22BBE8 .
Unable to delete ADS C:\ProgramData\TEMP:4F636E25 .
Unable to delete ADS C:\ProgramData\TEMP:814B9485 .
Unable to delete ADS C:\ProgramData\TEMP:3201AC76 .
Unable to delete ADS C:\ProgramData\TEMP:131C0EE9 .
Unable to delete ADS C:\ProgramData\TEMP:E1982A23 .
Unable to delete ADS C:\ProgramData\TEMP:ADE16379 .
Unable to delete ADS C:\ProgramData\TEMP:F7862839 .
Unable to delete ADS C:\ProgramData\TEMP:ABFE9AF5 .
Unable to delete ADS C:\ProgramData\TEMP:798A3728 .
Unable to delete ADS C:\ProgramData\TEMP:CE0A077E .
Unable to delete ADS C:\ProgramData\TEMP:8750DCE4 .
Unable to delete ADS C:\ProgramData\TEMP:35759C73 .
Unable to delete ADS C:\ProgramData\TEMP:41099CE9 .
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\msdownld.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3986.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3B30.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5466.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5C42.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA60E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE4D2.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE7BF.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp folder moved successfully.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\RAC315D.tmp moved successfully.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\RAC50EC.tmp moved successfully.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\RAC532F.tmp moved successfully.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\RAC59B.tmp moved successfully.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\RAC5E26.tmp moved successfully.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\RAC62B.tmp moved successfully.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\RAC641F.tmp moved successfully.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\RAC8D6.tmp moved successfully.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\RACADAC.tmp moved successfully.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\RACBAD6.tmp moved successfully.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\RACC8CA.tmp moved successfully.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\RACCBC6.tmp moved successfully.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\RACD3E1.tmp moved successfully.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\RACDA6.tmp moved successfully.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\RACE05F.tmp moved successfully.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\RACEE83.tmp moved successfully.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\RACEF9B.tmp moved successfully.
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\CyberLink\RVInfo\RV716F.tmp moved successfully.
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\CyberLink\RVInfo\RVFC8F.tmp moved successfully.
C:\Users\Jan\AppData\Roaming\DRO3987.tmp.exe moved successfully.
C:\Users\Jan\AppData\Roaming\DRO498D.tmp.exe moved successfully.
C:\Users\Jan\AppData\Roaming\DRO817E.tmp.exe moved successfully.
C:\Users\Jan\AppData\Roaming\DROB6F0.tmp.exe moved successfully.
C:\Users\Jan\AppData\Roaming\DROB99E.tmp.exe moved successfully.
C:\Users\Jan\AppData\Roaming\DROE34C.tmp.exe moved successfully.
C:\Users\Jan\AppData\Roaming\DROF43D.tmp.exe moved successfully.
C:\Users\Jan\AppData\Roaming\DROFCA6.tmp.exe moved successfully.
C:\Users\Jan\AppData\Roaming\.# folder moved successfully.
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 moved successfully.
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 moved successfully.
File\Folder C:\Users\Jan\AppData\Local\Temp\Gtl.exe not found.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job moved successfully.
C:\Windows\System32\ezsidmv.dat moved successfully.
C:\Windows\tasks\Norton Security Scan for Jan.job moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 220188 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Google Chrome cache emptied: 7778293 bytes
->Opera cache emptied: 2823234 bytes
->Flash cache emptied: 690 bytes

User: Jan
->Temp folder emptied: 1404286202 bytes
->Temporary Internet Files folder emptied: 13326923 bytes
->Java cache emptied: 3235029 bytes
->Google Chrome cache emptied: 26795778 bytes
->Opera cache emptied: 11954843 bytes
->Flash cache emptied: 736 bytes

User: other
->Temp folder emptied: 55469410 bytes
->Temporary Internet Files folder emptied: 19719814 bytes
->Opera cache emptied: 21019083 bytes
->Flash cache emptied: 143583 bytes

User: Public

User: TEMP

User: TEMP.Jan-PC

User: TEMP.Jan-PC.000

User: TEMP.Jan-PC.001

User: TEMP.Jan-PC.002

User: TEMP.Jan-PC.003

User: TEMP.Jan-PC.004

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2048 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,494.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Jan
->Flash cache emptied: 0 bytes

User: other
->Flash cache emptied: 0 bytes

User: Public

User: TEMP

User: TEMP.Jan-PC

User: TEMP.Jan-PC.000

User: TEMP.Jan-PC.001

User: TEMP.Jan-PC.002

User: TEMP.Jan-PC.003

User: TEMP.Jan-PC.004

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 07212011_223234

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\mcmsc_BL0Z9H33uOD1dAX not found!

Registry entries deleted on Reboot...

[wolf1989]

Omlouvám se, že jsem se neozval dřív, ale od rána jsem měl výpadek sítě.

[motji]

V pořádku, neomlouvejte se.
Ještě to v pořádku není.


Stahněte Rkill z jednoho z odkazů, pokud by ho vir blokoval, zkuste stahnout jiný

Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill COM:
http://download.bleepingcomputer.com/grinler/rkill.com



Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif

-spusťte ho a nechejte pracovat. Sám se ukončí.

- Ted nerestartujte počítač!



Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix
- přejmenujte combofix na potvůrka.com

[wolf1989]

Dobrý den, opět jsem tedy zkusil Rkill, ten běžel podle plánu, ale ten Combofix mi opět nahlásil spuštěné antiviráky, i přesto, že jsou nefunkční a vyplé. Poté vytvoří zálohu a začne pracovat, náhle se zobrazí hláška, že nelze najít NIMKMD, a poté, že NIMCD a MTEE nejsou příkazy vnitřní ani vnější. Nevím v čem je problém, podle fóra to všem ostatním jde a jenom mně ne.
Buď je ten vir tak chytrý, nebo já příliš blbý.

[motji]

Zkuste ještě stahnout nový combofix, ten starý smažte a spustit ho v nouzovém režimu. Pokud ani tak nepujde, nebojte, něco vymyslíme

Pokud nepujde, stahněte mi z podpisu AVPtool a udělejte sken . Já tu zas budu v noci.

[wolf1989]

Zkusím to, jinak to spouštím v nouzovém režimu, normální mi vůbec nechce naběhnout a ten combofix si vždycky stahuju nový.

[wolf1989]

Combofix opět nepracuje, pořád to píše jedny a ty samé chybové hlášky, teď jsem spustil cleanup a poté přejdu na AVPTool

[Dartan-an]

Dobrý den, mám stejný problém. Log se mi sem nevešel ani na dvakrát, mohl bych vám prosím poslat odkaz na úschovnu?
http://www.uschovna.cz/zasilka/EBJMTXUSHBTJ3VW8-K3Z
Děkuji

[motji]

Dobrý den, mám stejný problém. Log se mi sem nevešel ani na dvakrát, mohl bych vám prosím poslat odkaz na úschovnu?
http://www.uschovna.cz/zasilka/EBJMTXUSHBTJ3VW8-K3Z
Děkuji

Založte si prosím vlastní topic. Děkujeme

[motji]

Počkám na ten AVPtool

[wolf1989]

Zde je log z AVPTool, bohužel je toho tolik, že se to sem nevejde zkopírovat, proto to sem publikuji z uloz.to
http://www.uloz.to/9768948/log-z-avptool-txt
P.S.: Opětovně se omlouvám, ale večer jsem byl nucen být mimo počítač, uvědomuji si, že sem chodíte ve svůj volný čas, a když tu nejsem, tak mi to připadá, že vaším časem mrhám, příští týden se pokusím polepšit . Děkuji za pochopení.

[motji]

Nemáte se vůbec proč omlouvat. Já tu bohužel taky jsem málo.

Prosím udělejte nový sken OTL.

[wolf1989]

log z OTL

OTL logfile created on: 2011-07-24 20:50:37 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Jan\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: yyyy-MM-dd

2.93 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 80.42% Memory free
6.06 Gb Paging File | 5.64 Gb Available in Paging File | 93.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.09 Gb Total Space | 118.99 Gb Free Space | 41.30% Space Free | Partition Type: NTFS
Drive H: | 931.28 Gb Total Space | 591.48 Gb Free Space | 63.51% Space Free | Partition Type: FAT32

Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-07-21 20:57:33 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe
PRC - [2011-07-09 06:51:19 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2009-10-29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009-10-27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009-07-10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2008-10-29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008-08-08 07:04:10 | 001,091,768 | ---- | M] (C. Ghisler & Co.) -- C:\totalcmd\TOTALCMD.EXE


========== Modules (SafeList) ==========

MOD - [2011-07-21 20:57:33 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe
MOD - [2008-01-21 04:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011-07-04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2011-07-04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2011-07-04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011-02-16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010-03-13 02:29:16 | 000,114,688 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe -- (MSR Service)
SRV - [2009-10-27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009-09-16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009-09-16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009-09-16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009-08-31 23:00:28 | 001,821,184 | ---- | M] (UASSOFT.COM) [Auto | Stopped] -- C:\Program Files\Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE)
SRV - [2009-07-21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009-07-10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009-07-08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009-07-08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009-07-07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009-05-13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009-04-13 11:21:26 | 000,578,848 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009-02-11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009-02-05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008-01-21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008-01-16 10:26:38 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007-07-24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007-01-04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006-12-29 22:24:52 | 000,110,677 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006-12-29 22:24:50 | 000,266,327 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)


========== Driver Services (SafeList) ==========

DRV - [2011-07-04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011-07-04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011-07-04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011-07-04 13:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011-07-04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-04-22 21:46:25 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-12-14 04:52:59 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-12-09 21:46:06 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009-09-16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009-09-16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009-09-16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009-09-16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009-09-16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009-07-16 12:32:26 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009-05-11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009-04-30 00:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2009-04-07 22:04:00 | 000,050,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)
DRV - [2009-03-30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009-03-23 06:40:00 | 004,232,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2009-03-17 04:28:50 | 000,452,096 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009-03-15 12:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009-02-13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009-02-03 17:36:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2008-12-29 14:57:56 | 000,952,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007-09-25 16:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007-04-17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007-01-26 09:34:52 | 000,401,536 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2006-11-14 11:59:12 | 000,013,056 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modrc.sys -- (MODRC)
DRV - [2006-07-10 18:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2006-06-14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005-02-11 11:24:24 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750obex.sys -- (k750obex)
DRV - [2005-02-11 11:22:48 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2005-02-11 11:21:10 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2005-02-11 11:21:02 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005-02-11 11:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... ensa_5635z
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011-07-21 16:33:26 | 000,000,000 | ---D | M]

[2009-10-16 19:28:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\extensions
[2009-10-16 19:28:11 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2011-07-22 02:45:22 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BS Player Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Program Files\BS_Player\tbBS_1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RCApp] C:\Program Files\Gigabyte\RCApp\U7000RCApp.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [JDK5SWFMZY] File not found
O4 - HKCU..\Run: [Videohost] File not found
O4 - HKCU..\Run: [WindowsSysControl] File not found
O4 - HKLM..\RunOnce: [] File not found
O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe ()
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [CleanUp!] C:\Program Files\CleanUp!\Cleanup.exe (Steven R. Gould)
O4 - Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.)
O4 - Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.)
O4 - Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.)
O4 - Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk = C:\Users\Jan\AppData\Local\Temp\_uninst_.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: WikiKomentáře Google... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 94.74.192.252 94.74.192.244
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jan\Pictures\pic_backg_39.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jan\Pictures\pic_backg_39.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011-02-13 19:37:08 | 000,000,034 | ---- | M] () - H:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{8f0cd519-85bf-11de-a505-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8f0cd519-85bf-11de-a505-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE
O33 - MountPoints2\{d465bba2-e85e-11de-a8ab-00238bebf83b}\Shell - "" = AutoRun
O33 - MountPoints2\{d465bba2-e85e-11de-a8ab-00238bebf83b}\Shell\AutoRun\command - "" = G:\LaunchBFII.exe
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\APPInst.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup\rsrc\autorun.exe
O33 - MountPoints2\F\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-07-23 14:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011-07-23 13:36:28 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2011-07-23 13:36:25 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2011-07-23 13:34:05 | 000,000,000 | --SD | C] -- C:\Potvurka15588P
[2011-07-23 00:17:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011-07-22 15:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011-07-21 21:54:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-07-21 20:57:33 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe
[2011-07-21 19:39:30 | 000,000,000 | --SD | C] -- C:\potvurka
[2011-07-21 18:46:51 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF21753.exe
[2011-07-21 18:45:14 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF21440.exe
[2011-07-21 18:31:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011-07-21 18:31:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011-07-21 18:31:01 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF18615.exe
[2011-07-21 18:31:01 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\swsc.exe
[2011-07-21 18:31:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011-07-21 18:30:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-07-21 16:23:47 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011-07-21 16:23:46 | 000,000,000 | ---D | C] -- C:\rsit
[2011-07-21 16:21:59 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011-07-21 11:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Antivirus
[2011-06-29 20:32:26 | 000,000,000 | -HSD | C] -- C:\found.000
[2011-06-27 22:20:38 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\fotok
[2011-06-25 23:09:43 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Logika - testy
[2009-05-17 01:09:45 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[8 C:\Users\Jan\AppData\Roaming\*.tmp files -> C:\Users\Jan\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-07-24 20:49:08 | 000,047,494 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2011-07-24 20:49:08 | 000,011,838 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2011-07-24 20:49:08 | 000,006,990 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-07-24 20:49:08 | 000,004,738 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-07-24 20:44:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-07-24 18:42:54 | 000,044,772 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011-07-24 01:52:49 | 000,000,765 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk
[2011-07-23 00:08:48 | 001,008,041 | ---- | M] () -- C:\Users\Jan\Desktop\rkill.exe
[2011-07-22 10:45:47 | 000,006,756 | ---- | M] () -- C:\Users\Jan\AppData\Local\d3d9caps.dat
[2011-07-22 02:45:22 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011-07-21 21:00:06 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011-07-21 20:57:33 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe
[2011-07-21 18:46:48 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF21753.exe
[2011-07-21 18:45:12 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF21440.exe
[2011-07-21 18:30:47 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF18615.exe
[2011-07-21 16:21:59 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011-07-20 22:09:02 | 000,062,745 | -H-- | M] () -- C:\treeinfo.wc
[2011-07-20 10:11:43 | 000,000,462 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3FDDB30D-3A34-4FDF-9B15-61A8842AE865}.job
[2011-07-20 09:58:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-07-20 09:08:41 | 000,000,972 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011-07-19 12:58:02 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011-07-15 09:04:38 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011-07-15 01:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2011-07-13 16:05:26 | 000,037,478 | ---- | M] () -- C:\Windows\DIIUnin.dat
[2011-07-13 15:52:19 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
[2011-07-11 22:21:58 | 000,180,224 | ---- | M] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-07-10 20:54:03 | 003,910,656 | ---- | M] () -- C:\Users\Jan\Desktop\Evropska_revoluce_2011.pps
[2011-07-04 13:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011-07-04 13:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011-07-04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011-07-04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011-07-04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011-07-04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011-07-04 13:32:20 | 000,054,104 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011-07-04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011-06-26 08:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[8 C:\Users\Jan\AppData\Roaming\*.tmp files -> C:\Users\Jan\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-07-24 01:52:49 | 000,000,765 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk
[2011-07-23 00:08:59 | 001,008,041 | ---- | C] () -- C:\Users\Jan\Desktop\rkill.exe
[2011-07-21 21:00:06 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011-07-21 19:03:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011-07-21 19:03:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011-07-21 18:31:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011-07-21 18:31:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011-07-21 18:31:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011-07-10 20:53:59 | 003,910,656 | ---- | C] () -- C:\Users\Jan\Desktop\Evropska_revoluce_2011.pps
[2011-01-14 21:13:56 | 000,000,571 | ---- | C] () -- C:\Users\Jan\AppData\Local\SRDownloader.err
[2011-01-14 21:12:07 | 000,000,880 | ---- | C] () -- C:\Users\Jan\AppData\Local\SRDownloader.nast
[2010-09-05 00:15:57 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe
[2010-09-02 13:08:31 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010-02-18 17:31:03 | 000,000,000 | ---- | C] () -- C:\Windows\graphedit.INI
[2010-01-31 22:21:14 | 000,000,130 | ---- | C] () -- C:\Windows\EurekaLog.ini
[2010-01-30 14:12:41 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010-01-08 08:20:34 | 000,000,632 | ---- | C] () -- C:\Windows\CoDUO.INI
[2009-12-30 17:40:51 | 000,000,035 | ---- | C] () -- C:\Windows\famwoman.ini
[2009-12-20 03:02:52 | 000,000,287 | ---- | C] () -- C:\Windows\game.ini
[2009-12-14 04:06:50 | 000,000,766 | ---- | C] () -- C:\Windows\CoD.INI
[2009-12-03 14:40:59 | 000,000,032 | ---- | C] () -- C:\Windows\Autorun.INI
[2009-11-23 21:31:12 | 000,006,756 | ---- | C] () -- C:\Users\Jan\AppData\Local\d3d9caps.dat
[2009-10-30 02:59:40 | 000,000,616 | ---- | C] () -- C:\Windows\eReg.dat
[2009-10-28 16:05:02 | 000,000,270 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009-10-23 22:20:33 | 000,000,099 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\MPUI.ini
[2009-10-01 01:35:15 | 000,000,167 | ---- | C] () -- C:\Windows\savers.ini
[2009-09-29 21:21:08 | 000,000,809 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2009-09-29 00:45:10 | 000,000,084 | ---- | C] () -- C:\Windows\WSST_Screen_Saver.ini
[2009-09-29 00:45:09 | 000,180,224 | ---- | C] () -- C:\Windows\UninstallWSST.exe
[2009-09-23 15:58:25 | 000,015,047 | ---- | C] () -- C:\Windows\System32\Main.ini
[2009-09-17 19:52:32 | 001,386,496 | ---- | C] () -- C:\Windows\System32\GLaux.dll
[2009-09-16 18:04:47 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009-09-16 18:04:46 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009-09-16 18:04:42 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009-09-16 18:04:42 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009-09-16 18:04:39 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009-09-16 17:53:50 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2009-08-27 00:31:02 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009-08-22 14:28:11 | 000,000,635 | ---- | C] () -- C:\Windows\Rtcw.INI
[2009-08-16 14:26:38 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009-08-16 14:26:38 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009-08-16 14:26:38 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009-08-16 14:12:55 | 000,037,478 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2009-08-10 15:01:15 | 000,180,224 | ---- | C] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-08-10 14:43:02 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009-08-10 14:37:13 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009-08-10 10:34:25 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009-08-10 10:34:25 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009-08-10 10:34:25 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2009-08-10 10:34:25 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009-08-10 10:24:25 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009-05-17 01:06:54 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009-05-17 01:06:54 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009-05-17 01:06:54 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009-05-17 01:06:53 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009-05-17 01:06:48 | 000,004,184 | ---- | C] () -- C:\Windows\System32\drivers\CDConfig.bin
[2009-05-16 16:10:31 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009-05-16 16:10:31 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008-01-21 08:46:38 | 000,286,912 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2008-01-21 08:46:38 | 000,047,494 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2008-01-21 08:46:38 | 000,034,724 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2008-01-21 08:46:38 | 000,011,838 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2006-11-02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006-11-02 14:47:37 | 000,378,928 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006-11-02 12:33:01 | 000,006,990 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006-11-02 12:33:01 | 000,004,738 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002-08-08 06:11:30 | 000,319,488 | R--- | C] () -- C:\Windows\System32\MafiaSetup.exe
[2002-08-08 06:11:30 | 000,319,488 | R--- | C] () -- C:\Users\Jan\AppData\Roaming\MafiaSetup.exe
[2002-07-24 22:43:46 | 000,667,648 | ---- | C] () -- C:\Windows\System32\FreeImage.dll

========== LOP Check ==========

[2009-09-09 00:18:21 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Acer
[2009-05-16 18:01:44 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Acer GameZone Console
[2010-09-22 21:48:07 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Broad Intelligence
[2010-09-21 00:04:00 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\BSplayer
[2009-08-14 21:50:55 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\BSplayer Pro
[2011-07-21 16:33:26 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DAEMON Tools
[2009-12-03 13:51:05 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DAEMON Tools Lite
[2009-08-14 03:36:18 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\EA
[2011-02-04 16:29:19 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\esmska
[2009-08-11 12:01:28 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\eSobi
[2011-07-21 16:33:26 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\GHISLER
[2011-05-19 08:29:40 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\ICQ
[2009-08-10 14:43:04 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\InterVideo
[2009-08-19 15:34:27 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\iWin
[2009-10-19 06:57:03 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Locktime
[2010-07-01 15:45:11 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Mikrotik
[2009-12-16 23:22:44 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\My Battle for Middle-earth(tm) II Files
[2010-02-24 03:55:27 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Opera
[2010-11-08 18:34:49 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Petroglyph
[2009-09-08 18:04:57 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\PlayFirst
[2009-11-22 19:37:31 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\QIP
[2010-10-19 21:32:15 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\uTorrent
[2010-12-06 20:29:20 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\W
[2011-01-04 10:19:45 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\wargaming.net
[2010-10-01 00:20:05 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Youdagames
[2010-02-19 14:05:30 | 000,000,272 | ---- | M] () -- C:\Windows\Tasks\DVBDream Once 20100218_170351.job
[2010-02-19 14:05:30 | 000,000,272 | ---- | M] () -- C:\Windows\Tasks\DVBDream Once 20100218_170355.job
[2011-07-15 01:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011-06-01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2011-07-15 09:04:38 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011-07-20 10:11:43 | 000,000,462 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3FDDB30D-3A34-4FDF-9B15-61A8842AE865}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGFMVF9VFN4TK1RVDNGCMLLJG7JYFLMYUKVVGVKVF5VP4VH

< End of report >