VIRY.CZ

Ahoj,
Outpost si vyžádal vzdálenou kontrolu, výsledek:
BF-rost Backdoor HKEY_USERS\S-1-5-21-1644491937-706699826-1957994488-500\software\Wget
BZub Trojan HKEY_LOCAL_MACHINE\software\Microsoft\windows\currentversion\ControlPanel\load
Řekla bych, že pokus o odstranění se Outpostu nepodařil. N\A proces při startu Opery se objevuje stále. Teď upaluji do práce. Ahoj a dík.

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

Log z MBAM:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4370

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

31.7.2010 0:23:34
mbam-log-2010-07-31 (00-23-34).txt

Typ skenu: Úplný sken (C:\|D:\|E:\|F:\|G:\|H:\|)
Skenované objekty: 254269
Uplynulý čas: 5 hodina(y), 12 minuta(y), 0 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Ted to vypadá s počítačem jak?

Pořád žádná sláva. Avira se už zase nektualizuje.

Avira AntiVir Premium Updater
Complete product update

Creation time: Sat Jul 31 11:53:36 2010


Operating system:
Windows XP (Service Pack 3) [5.1.2600] 32 bit

Product information:
Product version: 10.0.0.603
Updater: C:\Program Files\Avira\AntiVir Desktop\update.exe 10.0.0.29
Update resource: C:\Program Files\Avira\AntiVir Desktop\updaterc.dll 10.0.9.0
Library: C:\Program Files\Avira\AntiVir Desktop\update.dll 0.1.0.44
GUI: C:\Program Files\Avira\AntiVir Desktop\updgui.dll 10.0.2.0

Temp Directory: C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\TEMP\UPDATE\
Backup folder: C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\BACKUP\
Installation Directory: C:\Program Files\Avira\AntiVir Desktop\
Updater folder: C:\Program Files\Avira\AntiVir Desktop\
AppData folder: C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\

Proxy settings:
System settings used

11:53:41 [UPD] [INFO] Checking whether newer files are available.
11:53:41 [UPD] [INFO] Select update server 'http://62.146.87.171/update'.
11:53:41 [UPD] [INFO] Downloading of 'http://62.146.87.171/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
11:53:51 [UPD] [INFO] Downloading of 'http://62.146.87.171/update/idx/wks_avi ... n-pepr.idx' to 'C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\TEMP\UPDATE\idx\wks_avira10-win32-en-pepr.idx'.
11:53:51 [UPD] [INFO] Downloading of 'http://62.146.87.171/update/idx/wks_avi ... pr.info.gz' to 'C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\TEMP\UPDATE\idx\wks_avira10-win32-en-pepr.info.gz'.
11:53:52 [UPD] [INFO] Downloading of 'http://62.146.87.171/update/idx/webcat- ... nt.info.gz' to 'C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\TEMP\UPDATE\idx\webcat-common-int.info.gz'.
11:53:52 [UPD] [INFO] Downloading of 'http://62.146.87.171/update/idx/vdf.info.gz' to 'C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\TEMP\UPDATE\idx\vdf.info.gz'.
11:53:52 [UPD] [INFO] Downloading of 'http://62.146.87.171/update/idx/rdf-common-int.info.gz' to 'C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\TEMP\UPDATE\idx\rdf-common-int.info.gz'.
11:53:53 [UPD] [INFO] Downloading of 'http://62.146.87.171/update/idx/ave2-win32-int.info.gz' to 'C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\TEMP\UPDATE\idx\ave2-win32-int.info.gz'.
11:53:53 [UPD] [INFO] Downloading of 'http://62.146.87.171/update/idx/wks_avi ... fo.info.gz' to 'C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\TEMP\UPDATE\idx\wks_avira10-win32-en-pepr-info.info.gz'.
11:53:53 [UPD] [INFO] Downloading of 'http://62.146.87.171/update/idx/hips-win32-int.info.gz' to 'C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\TEMP\UPDATE\idx\hips-win32-int.info.gz'.
11:53:53 [UPD] [INFO] Downloading of 'http://62.146.87.171/update/idx/scanner ... nt.info.gz' to 'C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\TEMP\UPDATE\idx\scanner-win32-int.info.gz'.
11:53:53 [UPD] [INFO] Compare local files with status of update server
11:53:53 [UPD] [INFO] Product-info file: Executing mandatory product update initiated by Avira.
11:53:53 [UPD] [INFO] Checking module SELFUPDATE:
11:53:54 [UPD] [INFO] Checking module WEBCAT:
11:53:54 [UPD] [INFO] File 'webcat/common/int/webcat2.dat' (local, server): cd518e21571cd6b28335f07a2f82b75b != ba6504ff2f5ee1312229a0ca355f690f
11:53:54 [UPD] [INFO] File 'webcat/common/int/webcat3.dat' (local, server): ba69480902ab3420c6c341d7412ac71d != 02586aa4406807723ab074b4c6c32101
11:53:54 [UPD] [INFO] File 'webcat/common/int/webcat4.dat' (local, server): 39203730b98d1e51b5b21cfd8cec9f49 != 949aff2501af53f7f51acbb7d2be57aa
11:53:54 [UPD] [INFO] Checking module VDF:
11:53:54 [UPD] [INFO] File 'n_vdf/vbase031.vdf' (local, server): 7.10.10.24 < 7.10.10.25
11:53:54 [UPD] [INFO] File 'n_vdf/aevdf.dat' (local, server): 7.10.10.24 < 7.10.10.25
11:53:54 [UPD] [INFO] Checking module RDF:
11:53:54 [UPD] [INFO] Checking module AVE2:
11:53:54 [UPD] [INFO] Checking module MAIN:
11:53:57 [UPD] [INFO] The IGNORE flag is set for the file 'wks_avira10/win32/en/pepr/filelist.ini'. The file will therefore not be taken into account.
11:53:57 [UPD] [INFO] The IGNORE flag is set for the file 'wks_avira10/win32/en/pepr/insthlp.exe'. The file will therefore not be taken into account.
11:53:58 [UPD] [INFO] The IGNORE flag is set for the file 'wks_avira10/win32/en/pepr/presetup.exe'. The file will therefore not be taken into account.
11:53:58 [UPD] [INFO] File'wks_avira10/win32/en/pepr/en-us/quicksysscan.avp' is already installed and is not being updated.
11:53:58 [UPD] [INFO] The IGNORE flag is set for the file 'wks_avira10/win32/en/pepr/vcredist_x86.exe'. The file will therefore not be taken into account.
11:53:58 [UPD] [INFO] Checking module COMMAPPDATA_AV:
11:53:58 [UPD] [INFO] File'wks_avira10/win32/en/pepr/addr_file.html' is already installed and is not being updated.
11:53:58 [UPD] [INFO] Checking module COMMAPP:
11:53:58 [UPD] [INFO] File'wks_avira10/win32/en/pepr/en-us/produpd.avj' is already installed and is not being updated.
11:53:58 [UPD] [INFO] File'wks_avira10/win32/en/pepr/en-us/scanjob.avj' is already installed and is not being updated.
11:53:58 [UPD] [INFO] File'wks_avira10/win32/en/pepr/en-us/startupd.avj' is already installed and is not being updated.
11:53:58 [UPD] [INFO] File'wks_avira10/win32/en/pepr/en-us/updjob.avj' is already installed and is not being updated.
11:53:58 [UPD] [INFO] Checking module COMMAPDATA_AV_PROFILES:
11:53:59 [UPD] [INFO] File'wks_avira10/win32/en/pepr/en-us/folder.avp' is already installed and is not being updated.
11:53:59 [UPD] [INFO] Checking module TEXT:
11:53:59 [UPD] [INFO] The IGNORE flag is set for the file 'wks_avira10/win32/en/pepr/en-us/eula.txt'. The file will therefore not be taken into account.
11:53:59 [UPD] [INFO] Checking module DRV:
11:53:59 [UPD] [INFO] Checking module PRODINFO:
11:53:59 [UPD] [INFO] Checking module HIPS:
11:53:59 [UPD] [INFO] Checking module SCANNER:
11:53:59 [UPD] [INFO] The program is running as an unrestricted full version.
11:53:59 [UPD] [INFO] 'C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\BACKUP\' requires 193466 bytes of free disk space.
11:53:59 [UPD] [INFO] 'C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\TEMP\UPDATE\' requires 357970 bytes of free disk space.
11:53:59 [UPD] [INFO] 'C:\Program Files\Avira\AntiVir Desktop\' requires 259464 bytes of free disk space.
11:53:59 [UPD] [INFO] Disk space OK.
11:53:59 [UPD] [INFO] Drive: C:\, free capacity: 393945088 bytes.
11:53:59 [UPD] [INFO] New files are being downloaded...
11:53:59 [UPD] [INFO] Downloading of 'http://62.146.87.171/update/webcat/comm ... at2.dat.gz' to 'C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\TEMP\UPDATE\webcat\common\int\webcat2.dat.gz'.
11:54:01 [UPD] [INFO] Downloading of 'http://62.146.87.171/update/webcat/comm ... at3.dat.gz' to 'C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\TEMP\UPDATE\webcat\common\int\webcat3.dat.gz'.
11:54:01 [UPD] [INFO] Downloading of 'http://62.146.87.171/update/webcat/comm ... at4.dat.gz' to 'C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\TEMP\UPDATE\webcat\common\int\webcat4.dat.gz'.
11:54:02 [UPD] [INFO] Downloading of 'http://62.146.87.171/update/n_vdf/vbase031.vdf.gz' to 'C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase031.vdf.gz'.
11:54:04 [UPD] [INFO] Downloading of 'http://62.146.87.171/update/n_vdf/aevdf.dat.gz' to 'C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\aevdf.dat.gz'.
11:57:08 [UPD] [ERROR] Validation of engine failed. Error258


Summary:
********
5 Files downloaded
0 Files installed

Sat Jul 31 11:57:08 2010
The update failed!

Já tu budu bohužel až večer

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript: - zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

OTL log:
OTL logfile created on: 31.7.2010 15:37:51 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Administrator\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

639,00 Mb Total Physical Memory | 248,00 Mb Available Physical Memory | 39,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 9,64 Gb Free Space | 19,75% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 33,98 Gb Free Space | 69,60% Space Free | Partition Type: NTFS
Drive E: | 51,39 Gb Total Space | 18,45 Gb Free Space | 35,91% Space Free | Partition Type: NTFS
Drive F: | 24,41 Gb Total Space | 24,29 Gb Free Space | 99,50% Space Free | Partition Type: NTFS
Drive G: | 43,95 Gb Total Space | 43,88 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive H: | 43,42 Gb Total Space | 22,38 Gb Free Space | 51,55% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: SY-C944F64ABC43
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 180 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.07.31 15:31:43 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
PRC - [2010.05.14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010.04.01 13:34:01 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 11:30:04 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:29:26 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 22:12:21 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.09.04 11:59:36 | 000,410,904 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2006.04.21 21:06:14 | 000,069,632 | ---- | M] () -- C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
PRC - [2002.10.15 18:00:20 | 001,818,624 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe


========== Modules (SafeList) ==========

MOD - [2010.07.31 15:31:43 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
MOD - [2008.04.14 08:49:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010.05.14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010.04.01 13:41:48 | 000,405,672 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2010.04.01 13:34:01 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.30 12:40:18 | 000,337,064 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2010.02.24 10:29:26 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.02.09 16:30:00 | 001,338,160 | ---- | M] (Agnitum Ltd.) [Auto | Stopped] -- C:\Program Files\Agnitum\Outpost Firewall Pro\acs.exe -- (acssrv)
SRV - [2009.08.23 16:59:23 | 000,306,432 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.02.06 18:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008.07.29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2007.12.20 10:41:56 | 000,029,440 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2007.09.04 11:59:36 | 000,410,904 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2006.04.21 21:06:14 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe -- (prfldsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010.03.01 10:06:44 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.02.09 13:33:22 | 000,034,488 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\Filt\ASWFilt.dll -- (ASWFilt)
DRV - [2010.02.09 13:32:46 | 000,715,000 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SandBox.sys -- (SandBox)
DRV - [2009.11.02 13:20:26 | 000,257,304 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2009.08.18 17:55:21 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.18 16:30:56 | 000,031,128 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw)
DRV - [2009.02.06 18:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008.09.26 18:06:24 | 000,129,824 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2008.09.26 18:06:24 | 000,040,496 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hotcore3.sys -- (hotcore3)
DRV - [2008.09.26 18:06:24 | 000,032,048 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2008.09.14 18:09:12 | 000,400,864 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008.09.14 18:09:12 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008.09.14 18:08:45 | 000,120,992 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008.04.14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007.12.27 16:45:42 | 000,085,760 | ---- | M] (Rocket Division Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\StarPortLite.sys -- (StarPortLite) StarPort Storage Controller (Lite)
DRV - [2007.11.03 12:21:02 | 000,068,096 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2007.09.14 16:04:46 | 002,455,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007.06.18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007.03.26 15:25:50 | 000,038,784 | R--- | M] (Axesstel) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Axtmvprt.sys -- (Axtmvprt)
DRV - [2007.03.26 15:25:30 | 000,040,064 | R--- | M] (Axesstel) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Axtmvmdm.sys -- (Axtmvmdm)
DRV - [2007.03.22 17:36:38 | 000,003,456 | R--- | M] (Axesstel) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Axtmvflt.sys -- (Axtmvflt)
DRV - [2006.10.02 10:39:28 | 000,030,808 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore2.sys -- (hotcore2)
DRV - [2006.04.21 08:22:24 | 000,070,912 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\prvflder.sys -- (Prvflder)
DRV - [2005.01.02 03:11:43 | 000,003,968 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2005.01.02 03:07:05 | 000,009,728 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2004.08.16 13:17:18 | 000,798,592 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmuda3.sys -- (cmuda3)
DRV - [2004.08.04 00:32:32 | 000,084,480 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97via.sys -- (VIAudio) Zvukový řadič VIA AC'97 (WDM)
DRV - [2004.08.04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003.10.19 14:59:50 | 000,025,856 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2002.11.18 15:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 64 80 A6 3C E8 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.10 23:42:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.10 23:41:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2010.07.10 16:42:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.07.10 16:42:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.07.10 16:42:20 | 000,000,000 | ---D | M]

[2010.07.10 23:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Extensions
[2010.07.31 10:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\q13obgam.default\extensions
[2010.07.31 10:55:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\q13obgam.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.05.24 13:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Sunbird\Profiles\5qx1jtgw.default\extensions
[2010.07.10 23:41:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.06.26 10:27:08 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.06.26 10:27:08 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.06.26 10:27:08 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.06.26 10:27:08 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.06.26 10:27:08 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.07.29 07:48:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\googletoolbar.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\googletoolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\googletoolbar.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\googletoolbar.dll (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Backward &Links - C:\Program Files\Google\googletoolbar.dll (Google Inc.)
O8 - Extra context menu item: Cac&hed Snapshot of Page - C:\Program Files\Google\googletoolbar.dll (Google Inc.)
O8 - Extra context menu item: Najít pomocí &Google - C:\Documents and Settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\Web\gsearch.htm ()
O8 - Extra context menu item: Přeložit stránku pomocí Google - C:\Documents and Settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm ()
O8 - Extra context menu item: Si&milar Pages - C:\Program Files\Google\googletoolbar.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\googletoolbar.dll (Google Inc.)
O9 - Extra Button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll (Agnitum Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 0948983460 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Dokumenty\Obrázky\kočka a kotě.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Dokumenty\Obrázky\kočka a kotě.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.09 01:02:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (smrgdf E:\Program Files\iolo\System Mechanic 6",) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 180 Days ==========

[2010.07.31 15:31:42 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2010.07.31 12:54:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010.07.30 19:04:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
[2010.07.30 19:04:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.07.30 19:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.07.30 19:03:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.07.30 19:03:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.07.29 19:18:09 | 063,818,973 | ---- | C] (ZONER software ) -- C:\Documents and Settings\Administrator\Plocha\zps11_cz_professional.exe
[2010.07.29 07:20:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.07.29 07:20:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.07.29 07:20:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.07.29 07:20:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.07.29 07:19:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.07.29 07:06:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.07.28 00:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Avira
[2010.07.28 00:11:32 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010.07.28 00:11:22 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.07.28 00:11:22 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.07.28 00:11:22 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.07.28 00:11:22 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.07.28 00:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010.07.27 14:58:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\ATI
[2010.07.14 02:37:47 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010.07.10 23:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010.07.09 18:44:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\HpUpdate
[2010.07.09 18:43:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2010.07.02 16:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha\VANKA
[2010.07.02 16:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha\JIRINA
[2010.07.02 16:20:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha\LENKA
[2010.07.02 16:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha\SZTS
[2010.07.02 16:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha\EVA
[2010.07.02 16:18:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha\SULAK
[2010.07.02 16:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha\VEVERKA
[2010.06.09 13:09:20 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010.05.21 13:37:23 | 002,723,951 | ---- | C] (Adobe Systems, Inc.) -- C:\Documents and Settings\Administrator\Plocha\Ufon_Prasti_toho_krtka.exe
[2010.05.15 17:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha\meilyWestern
[2010.05.06 18:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.05.06 15:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Apple
[2010.05.02 16:23:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010.05.02 16:22:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Apple
[2010.05.02 16:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010.05.02 16:22:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Apple
[2010.05.02 16:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Apple Computer
[2010.04.30 12:52:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010.04.30 12:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010.04.30 12:46:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Sun
[2010.04.30 12:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.04.30 12:46:06 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.04.30 12:46:06 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.04.30 12:46:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.04.30 12:46:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.04.30 12:46:06 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.04.30 12:45:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010.04.30 12:18:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Real
[2010.04.20 07:32:05 | 000,285,696 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2010.04.04 13:54:25 | 000,000,000 | ---D | C] -- C:\Program Files\Axesstel
[2010.04.01 19:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.03.31 00:16:34 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PresentationHostProxy.dll
[2010.03.31 00:10:40 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PresentationHost.exe
[2010.03.25 09:51:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010.03.25 09:26:46 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.03.22 20:38:00 | 003,600,384 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2010.03.11 06:33:39 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010.03.05 16:42:09 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asycfilt.dll
[2010.02.26 17:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dokumenty\recepty
[2010.02.23 12:01:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha\Kalendar2010
[2010.02.14 10:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha\UFON
[2010.02.12 06:35:01 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 180 Days ==========

[2010.07.31 15:31:43 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2010.07.31 15:18:57 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.31 15:18:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.31 15:17:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.31 12:55:46 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010.07.31 12:55:19 | 009,175,040 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010.07.31 12:54:29 | 010,707,888 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\IconCache.db
[2010.07.30 19:04:21 | 000,000,715 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.07.29 20:00:50 | 063,818,973 | ---- | M] (ZONER software ) -- C:\Documents and Settings\Administrator\Plocha\zps11_cz_professional.exe
[2010.07.29 07:52:22 | 000,000,267 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.07.29 07:48:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.07.29 00:09:48 | 003,746,488 | R--- | M] () -- C:\Documents and Settings\Administrator\Plocha\ComboFix.exe
[2010.07.26 07:38:59 | 000,182,784 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.22 15:39:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.07.18 12:43:32 | 000,000,030 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010.07.14 21:14:52 | 000,000,606 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.07.13 21:07:00 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\RSIT.exe
[2010.07.12 18:14:49 | 000,442,378 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.07.12 18:14:49 | 000,438,772 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.07.12 18:14:49 | 000,083,582 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.07.12 18:14:49 | 000,072,210 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.07.12 18:14:48 | 001,050,470 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.07.11 09:57:21 | 000,000,286 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\cc_20100711_095718.reg
[2010.07.11 09:56:47 | 000,002,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\cc_20100711_095642.reg
[2010.07.10 23:41:48 | 000,001,627 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
[2010.07.10 23:19:09 | 000,309,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\pruser.conf
[2010.07.10 21:05:03 | 000,000,026 | ---- | M] () -- C:\WINDOWS\ATICIM.MIF
[2010.07.10 19:11:51 | 000,001,074 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\cc_20100710_191147.reg
[2010.07.10 17:56:08 | 000,001,852 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\cc_20100710_175603.reg
[2010.07.08 08:06:03 | 046,303,120 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\avira_antivir_premium_en.exe
[2010.07.08 07:23:28 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010.07.05 12:15:58 | 008,388,608 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT_BAK_11970
[2010.07.04 07:25:42 | 000,000,568 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\cc_20100704_072538.reg
[2010.07.03 08:52:40 | 001,166,454 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\cojeto.jpg
[2010.07.02 17:23:07 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010.06.30 07:39:12 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\PSYCHOTEST (1).doc
[2010.06.27 11:46:22 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\kalhoty.bmp
[2010.06.26 17:52:23 | 000,004,811 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\twin.jpg
[2010.06.26 05:00:25 | 000,023,639 | ---- | M] () -- C:\WINDOWS\System32\TuneUpDefragService_20100626-030025.dmp
[2010.06.25 08:02:42 | 000,003,448 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\cc_20100625_080117.reg
[2010.06.23 07:00:41 | 009,081,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\Zivotopisfoto.doc
[2010.06.20 19:52:05 | 000,007,334 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\Nový objekt - OpenDocument Text.odt
[2010.06.17 07:18:41 | 001,992,192 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\URBAN8.pps
[2010.06.14 16:31:20 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010.06.13 20:02:33 | 000,009,537 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\obiliMama.ods
[2010.06.13 07:13:58 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\motivacni-dopis.doc
[2010.06.12 19:04:57 | 000,001,522 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\cc_20100612_190453.reg
[2010.06.09 14:25:15 | 000,012,414 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\cc_20100609_142511.reg
[2010.06.09 13:51:43 | 000,173,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.06 14:16:21 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\Zivotopis.doc
[2010.06.06 09:52:29 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\Zivotopisvika.doc
[2010.06.03 17:07:27 | 000,046,202 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\sylva.jpg
[2010.05.30 10:55:44 | 000,023,042 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\SMS.jpg
[2010.05.27 14:29:53 | 000,023,042 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\158.jpg
[2010.05.26 13:35:12 | 001,096,192 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\Paroubek.doc
[2010.05.26 13:34:33 | 000,254,012 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\Paroubek.odt
[2010.05.26 13:21:02 | 000,718,254 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\Paroubek.jpg
[2010.05.25 13:41:52 | 001,999,834 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\Datovy-trezor-manual.pdf
[2010.05.24 19:53:32 | 001,082,528 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\VR_CzechPoint.pdf
[2010.05.21 14:14:28 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010.05.21 13:40:11 | 002,723,951 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Administrator\Plocha\Ufon_Prasti_toho_krtka.exe
[2010.05.14 17:30:45 | 000,051,807 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\img0001.jpg
[2010.05.14 02:34:36 | 000,354,245 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\Untitled 1.odt
[2010.05.13 15:15:45 | 008,289,792 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\Konec praveho ceskeho piva.pps
[2010.05.10 19:10:04 | 001,839,616 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\SalvadorDali.pps
[2010.05.09 15:38:31 | 000,216,064 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\ceske stesti.doc
[2010.05.08 09:23:28 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\Recka krize.doc
[2010.05.07 19:42:39 | 000,195,524 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\IMG_2150.JPG
[2010.05.07 19:41:36 | 000,259,008 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\IMG_0415.JPG
[2010.05.07 19:01:04 | 000,996,058 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\stene.jpg
[2010.05.07 18:43:52 | 000,793,462 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\kyticka.jpg
[2010.05.07 16:57:10 | 004,178,944 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\materskalaska.doc
[2010.05.07 16:45:33 | 001,944,135 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\materskalaska.odt
[2010.05.07 08:22:57 | 000,036,472 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.05.06 16:26:09 | 004,346,880 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\Panovnici_Ceskych_zemi.pps
[2010.05.06 12:35:35 | 001,209,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010.05.06 12:35:35 | 000,916,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010.05.06 12:35:34 | 005,950,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010.05.06 12:35:34 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2010.05.06 12:35:34 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010.05.06 12:35:34 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010.05.06 12:35:31 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2010.05.06 12:35:31 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010.05.06 12:35:31 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010.05.06 12:35:31 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010.05.06 12:35:31 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010.05.06 12:35:31 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010.05.06 12:35:31 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010.05.06 12:35:31 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010.05.06 12:35:30 | 001,985,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010.05.06 12:35:29 | 011,076,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010.05.06 12:35:29 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010.05.06 12:35:29 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010.05.06 12:35:27 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010.05.06 12:35:26 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2010.05.06 12:35:26 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010.05.05 15:36:33 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\kocky.jpg
[2010.05.05 15:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2010.05.05 15:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2010.05.02 10:09:42 | 001,851,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2010.05.02 10:09:42 | 001,851,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2010.04.30 12:52:40 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010.04.30 12:52:40 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010.04.30 12:52:37 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2010.04.30 12:52:37 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010.04.30 12:45:36 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.04.30 12:45:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.04.30 12:45:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.04.30 12:45:36 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.04.30 12:45:35 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.04.30 10:19:48 | 000,304,156 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\overeni_certifikacni_autority.pdf
[2010.04.29 17:57:31 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\Kopie - Vzhuru na Malmac - Sudoku.xls
[2010.04.29 17:48:14 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\Vzhuru na Malmac - Sudoku.xls
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010.04.23 19:56:49 | 003,645,968 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\123freesolitaire.exe
[2010.04.20 07:32:05 | 000,285,696 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2010.04.20 07:32:05 | 000,285,696 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2010.04.19 21:09:03 | 000,063,636 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\IMG_0075.JPG
[2010.04.18 13:44:33 | 000,018,175 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\AlbanskyVirus.jpg
[2010.04.18 12:50:43 | 009,253,887 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\windows.flv
[2010.04.14 06:41:39 | 001,355,041 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\Datum narozeni a jeho vliv na nas charakter - Jitka KADLECOVA.pdf
[2010.04.06 04:52:46 | 002,462,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WMVCore.dll
[2010.04.06 04:52:46 | 002,462,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WMVCore.dll
[2010.04.05 20:20:20 | 000,013,127 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\RODINNE STARIvse.ods
[2010.04.05 09:21:00 | 000,750,252 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\avc_report25.pdf
[2010.04.04 09:29:56 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\Znate sva chodila.doc
[2010.03.31 00:16:34 | 000,099,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\PresentationHostProxy.dll
[2010.03.31 00:10:40 | 000,295,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\PresentationHost.exe
[2010.03.29 10:54:55 | 000,158,208 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\E_mail_zpravodaj_duben_2010_VI.B.doc
[2010.03.28 10:51:46 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\Dulezite upozorneni vydan e Cervenym krizem a z achrannymi.doc
[2010.03.28 09:57:43 | 000,620,032 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\Prezentace2.pps
[2010.03.24 09:10:54 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\Diagnoza Mrtvice.doc
[2010.03.22 20:38:00 | 003,600,384 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2010.03.20 18:27:17 | 003,717,120 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\tak uz konecne zpivej.pps
[2010.03.16 22:26:58 | 000,170,496 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\Recept (na sloh).doc
[2010.03.15 09:11:27 | 000,410,646 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\5100214.pdf
[2010.03.10 08:17:40 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll
[2010.03.10 08:17:40 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2010.03.07 15:01:24 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\rajče.lnk
[2010.03.05 16:42:09 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asycfilt.dll
[2010.03.05 16:42:09 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\asycfilt.dll
[2010.03.01 10:06:44 | 000,124,784 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.02.26 20:02:43 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\Domaci ukoly - skupinky.doc
[2010.02.24 15:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010.02.23 12:04:03 | 000,201,781 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\09.zari.jpg
[2010.02.23 12:02:44 | 000,168,041 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\11.listopad.jpg
[2010.02.20 18:13:30 | 000,213,112 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\test potravin.pdf
[2010.02.17 14:09:02 | 002,192,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2010.02.17 14:09:02 | 002,192,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010.02.16 21:09:02 | 002,068,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2010.02.16 21:09:02 | 002,068,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010.02.16 21:08:57 | 002,148,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010.02.16 21:08:57 | 002,026,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.02.14 16:34:08 | 000,000,544 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\3G internet.lnk
[2010.02.14 13:17:06 | 000,000,280 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010.02.12 12:03:03 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.02.12 06:35:01 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys
[2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip6.sys
[2010.02.10 20:03:51 | 000,532,992 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\olejicky.doc
[2010.02.10 16:42:07 | 006,021,408 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\extraordinaire_instrument_de_musique.wmv
[2010.02.09 13:32:46 | 000,715,000 | ---- | M] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\SandBox.sys
[2010.02.07 19:00:19 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\lvi.jpg
[2010.02.05 20:27:40 | 001,294,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\quartz.dll
[2010.02.05 20:27:40 | 001,294,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quartz.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

OTL log 2. část (je moc veliký)
========== Files Created - No Company Name ==========

[2010.07.30 19:04:21 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.07.29 07:20:23 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.07.29 07:20:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.07.29 07:20:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.07.29 07:20:23 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.07.29 07:20:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.07.29 00:08:27 | 003,746,488 | R--- | C] () -- C:\Documents and Settings\Administrator\Plocha\ComboFix.exe
[2010.07.13 21:07:00 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\RSIT.exe
[2010.07.11 09:57:19 | 000,000,286 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\cc_20100711_095718.reg
[2010.07.11 09:56:45 | 000,002,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\cc_20100711_095642.reg
[2010.07.10 23:41:48 | 000,001,627 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
[2010.07.10 23:19:09 | 000,309,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\pruser.conf
[2010.07.10 21:05:03 | 000,000,026 | ---- | C] () -- C:\WINDOWS\ATICIM.MIF
[2010.07.10 19:11:50 | 000,001,074 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\cc_20100710_191147.reg
[2010.07.10 17:56:06 | 000,001,852 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\cc_20100710_175603.reg
[2010.07.08 07:54:43 | 046,303,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\avira_antivir_premium_en.exe
[2010.07.08 07:23:27 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010.07.08 07:23:27 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2010.07.05 12:13:54 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT_TU_11970.LOG
[2010.07.04 07:25:40 | 000,000,568 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\cc_20100704_072538.reg
[2010.07.03 08:11:57 | 001,166,454 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\cojeto.jpg
[2010.06.30 07:39:12 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\PSYCHOTEST (1).doc
[2010.06.26 17:42:17 | 000,004,811 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\twin.jpg
[2010.06.26 05:00:25 | 000,023,639 | ---- | C] () -- C:\WINDOWS\System32\TuneUpDefragService_20100626-030025.dmp
[2010.06.25 08:02:15 | 000,003,448 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\cc_20100625_080117.reg
[2010.06.23 07:31:51 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\Zivotopis.doc
[2010.06.23 07:00:35 | 009,081,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\Zivotopisfoto.doc
[2010.06.17 07:18:22 | 001,992,192 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\URBAN8.pps
[2010.06.13 20:02:28 | 000,009,537 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\obiliMama.ods
[2010.06.13 07:06:16 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\motivacni-dopis.doc
[2010.06.12 19:04:55 | 000,001,522 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\cc_20100612_190453.reg
[2010.06.09 14:25:13 | 000,012,414 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\cc_20100609_142511.reg
[2010.06.06 09:52:29 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\Zivotopisvika.doc
[2010.06.03 17:04:39 | 000,046,202 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\sylva.jpg
[2010.06.01 12:46:44 | 000,007,334 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\Nový objekt - OpenDocument Text.odt
[2010.05.30 10:55:44 | 000,023,042 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\SMS.jpg
[2010.05.27 14:29:52 | 000,023,042 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\158.jpg
[2010.05.26 13:35:06 | 001,096,192 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\Paroubek.doc
[2010.05.26 13:30:56 | 000,254,012 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\Paroubek.odt
[2010.05.26 13:20:16 | 000,718,254 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\Paroubek.jpg
[2010.05.25 13:41:51 | 001,999,834 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\Datovy-trezor-manual.pdf
[2010.05.14 17:30:41 | 000,051,807 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\img0001.jpg
[2010.05.14 02:34:32 | 000,354,245 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\Untitled 1.odt
[2010.05.13 15:12:00 | 008,289,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\Konec praveho ceskeho piva.pps
[2010.05.10 19:08:48 | 001,839,616 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\SalvadorDali.pps
[2010.05.10 10:50:18 | 000,153,830 | ---- | C] () -- C:\WINDOWS\HPHins15.dat.temp
[2010.05.10 10:50:17 | 000,002,828 | ---- | C] () -- C:\WINDOWS\hphmdl15.dat.temp
[2010.05.09 15:38:18 | 000,216,064 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\ceske stesti.doc
[2010.05.09 14:28:53 | 001,082,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\VR_CzechPoint.pdf
[2010.05.08 09:23:28 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\Recka krize.doc
[2010.05.07 19:40:45 | 000,195,524 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\IMG_2150.JPG
[2010.05.07 19:40:35 | 000,259,008 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\IMG_0415.JPG
[2010.05.07 18:59:42 | 000,996,058 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\stene.jpg
[2010.05.07 18:42:58 | 000,793,462 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\kyticka.jpg
[2010.05.07 16:57:03 | 004,178,944 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\materskalaska.doc
[2010.05.07 16:27:20 | 001,944,135 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\materskalaska.odt
[2010.05.06 16:23:44 | 004,346,880 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\Panovnici_Ceskych_zemi.pps
[2010.05.05 15:36:33 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\kocky.jpg
[2010.05.02 16:22:42 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.05.01 11:50:11 | 000,856,385 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\women.gif
[2010.04.30 10:19:48 | 000,304,156 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\overeni_certifikacni_autority.pdf
[2010.04.29 17:49:35 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\Kopie - Vzhuru na Malmac - Sudoku.xls
[2010.04.29 17:48:10 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\Vzhuru na Malmac - Sudoku.xls
[2010.04.23 19:54:58 | 003,645,968 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\123freesolitaire.exe
[2010.04.19 21:05:04 | 000,063,636 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\IMG_0075.JPG
[2010.04.18 13:44:31 | 000,018,175 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\AlbanskyVirus.jpg
[2010.04.18 12:50:42 | 009,253,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\windows.flv
[2010.04.14 06:41:34 | 001,355,041 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\Datum narozeni a jeho vliv na nas charakter - Jitka KADLECOVA.pdf
[2010.04.05 09:21:00 | 000,750,252 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\avc_report25.pdf
[2010.04.04 09:29:55 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\Znate sva chodila.doc
[2010.03.29 10:54:55 | 000,158,208 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\E_mail_zpravodaj_duben_2010_VI.B.doc
[2010.03.28 10:51:46 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\Dulezite upozorneni vydan e Cervenym krizem a z achrannymi.doc
[2010.03.28 09:57:42 | 000,620,032 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\Prezentace2.pps
[2010.03.24 09:10:52 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\Diagnoza Mrtvice.doc
[2010.03.20 18:27:15 | 003,717,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\tak uz konecne zpivej.pps
[2010.03.16 22:26:46 | 000,170,496 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\Recept (na sloh).doc
[2010.03.15 09:11:09 | 000,410,646 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\5100214.pdf
[2010.02.26 20:02:43 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\Domaci ukoly - skupinky.doc
[2010.02.23 12:04:03 | 000,201,781 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\09.zari.jpg
[2010.02.23 12:02:44 | 000,168,041 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\11.listopad.jpg
[2010.02.20 18:13:26 | 000,213,112 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\test potravin.pdf
[2010.02.14 16:34:08 | 000,000,544 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\3G internet.lnk
[2010.02.10 20:01:56 | 000,532,992 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\olejicky.doc
[2010.02.10 16:37:33 | 006,021,408 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\extraordinaire_instrument_de_musique.wmv
[2010.02.07 19:00:19 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\lvi.jpg
[2009.11.02 17:27:54 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.08.18 17:55:20 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.07.24 23:47:12 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009.05.24 12:44:35 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.05.24 12:44:30 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.05.24 12:44:30 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.05.24 12:44:30 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.05.24 12:44:25 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.05.24 12:44:25 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.01.13 12:16:06 | 000,000,234 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2008.09.28 12:46:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008.06.10 18:12:12 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008.06.09 20:18:02 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\CMRMDRV3.DLL
[2008.06.09 20:16:32 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2008.06.09 20:16:31 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2008.06.09 20:10:18 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2008.06.09 20:01:38 | 000,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008.06.09 03:43:55 | 000,000,280 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.10.01 16:13:12 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HDX4MediaReveal.dll
[1999.04.11 22:54:20 | 000,282,112 | ---- | C] () -- C:\WINDOWS\System32\cncs232.dll

========== LOP Check ==========

[2008.06.10 13:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\123 Free Solitaire
[2009.01.26 22:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\7Wonders
[2009.08.18 17:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Ashampoo
[2009.04.29 09:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Avanquest
[2008.08.09 20:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\GameHouse
[2009.05.24 14:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\GrabPro
[2008.06.16 16:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\InterVideo
[2009.06.03 15:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\IObit
[2008.08.10 01:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\iWin
[2009.07.18 20:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\MOBILedit
[2009.02.02 12:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\OpenOffice.org
[2010.01.02 15:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Opera
[2009.07.17 15:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Orbit
[2009.09.20 15:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Sahmon Games
[2009.05.03 16:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Serif
[2010.07.27 15:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Simple Sudoku
[2008.12.09 21:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Spamihilator
[2009.03.31 17:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\SuperEasy
[2008.06.09 14:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Thunderbird
[2008.06.09 03:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\TuneUp Software
[2008.08.18 10:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Vso
[2009.05.09 11:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Windows Search
[2008.07.02 22:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Zoner
[2008.07.20 10:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\7Wonders2
[2009.04.09 07:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Agnitum
[2008.08.09 19:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alawar Stargaze
[2008.06.09 17:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ashampoo
[2009.04.28 15:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Avanquest
[2009.03.24 11:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\FireGlow
[2008.08.09 18:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\n7-89-o9-3r-4t-r9
[2008.09.14 18:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Seagate
[2009.10.17 19:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2008.06.09 03:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
[2010.07.15 08:50:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2010.07.02 17:23:07 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 08:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)

< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2008.11.27 19:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agnitum

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2008.06.10 13:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\123 Free Solitaire
[2009.01.26 22:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\7Wonders
[2008.06.28 21:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Adobe
[2009.08.18 17:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Ashampoo
[2009.11.02 18:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\ATI
[2009.04.29 09:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Avanquest
[2010.07.28 00:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Avira
[2009.02.28 17:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\DivX
[2008.08.09 20:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\GameHouse
[2009.05.24 14:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\GrabPro
[2008.12.01 20:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\HP
[2010.07.09 19:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\HpUpdate
[2008.06.09 01:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Identities
[2008.12.01 18:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\InstallShield
[2008.06.16 16:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\InterVideo
[2009.06.03 15:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\IObit
[2008.08.10 01:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\iWin
[2008.06.28 21:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Macromedia
[2010.07.30 19:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
[2008.06.09 18:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Media Player Classic
[2010.07.27 14:44:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
[2009.07.18 20:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\MOBILedit
[2010.07.10 23:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
[2009.02.02 12:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\OpenOffice.org
[2009.02.02 10:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\OpenOffice.org2
[2010.01.02 15:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Opera
[2009.07.17 15:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Orbit
[2010.04.30 14:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Real
[2009.09.20 15:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Sahmon Games
[2009.05.03 16:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Serif
[2010.07.27 15:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Simple Sudoku
[2010.07.05 20:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Skype
[2010.06.18 22:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\skypePM
[2008.12.09 21:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Spamihilator
[2009.02.08 17:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Sun
[2009.04.09 01:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\SUPERAntiSpyware.com
[2009.03.31 17:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\SuperEasy
[2008.06.09 14:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Talkback
[2008.06.09 14:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Thunderbird
[2008.06.09 03:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\TuneUp Software
[2008.08.18 10:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Vso
[2009.05.09 11:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Windows Search
[2008.07.02 22:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Zoner

< %APPDATA%\*.exe /s >
[2008.06.10 18:18:31 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\ezpinst.exe
[2010.07.27 14:44:00 | 000,009,158 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe


< MD5 for: AGP440.SYS >
[2007.10.29 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2007.10.29 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2007.10.29 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: CDROM.SYS >
[2007.10.29 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2009.12.22 20:39:20 | 000,062,592 | ---- | M] (Microsoft Corporation) MD5=7B53584D94E9D8716B2DE91D5F1CB42D -- C:\WINDOWS\system32\dllcache\cdrom.sys
[2007.10.29 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2007.10.29 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2007.10.29 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.10.29 14:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2007.10.29 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2007.10.29 14:00:00 | 000,081,280 | ---- | M] (Microsoft Corporation) MD5=4AF58CA3425F28FC5E3DB47DC122F722 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
[2008.04.14 00:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.14 00:01:28 | 000,081,152 | ---- | M] (Microsoft Corporation) MD5=C4BA879B581BE34536FE01F79AC28631 -- C:\WINDOWS\system32\HAL.DLL

< MD5 for: CHANGER.SYS >
[2007.10.29 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.14 00:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2007.10.29 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2007.10.29 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2007.10.29 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2007.10.29 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2007.10.29 14:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2007.10.29 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2007.10.29 14:00:00 | 000,481,792 | R--- | M] (Microsoft Corporation) MD5=0B7569ECA93964A39BEDCF763E78E22A -- C:\cmdcons\system32\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2007.10.29 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2007.10.29 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2007.10.29 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2007.10.29 14:00:00 | 000,506,880 | ---- | M] (Microsoft Corporation) MD5=A80F5FF04F7969D831843BC1017913F1 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2007.10.29 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2007.09.14 16:06:12 | 000,356,352 | R--- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.08.18 17:55:21 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2008.06.09 02:45:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.06.09 02:45:18 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.06.09 02:45:18 | 000,462,848 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2007.09.14 16:06:12 | 000,356,352 | R--- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.07.31 15:18:57 | 000,002,422 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl

========== Alternate Data Streams ==========

@Alternate Data Stream - 254 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:7204B89D
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:1CA73D29
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:FFDDB8FA
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2
< End of report >

EXTRAS log

OTL Extras logfile created on: 31.7.2010 15:37:51 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Administrator\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

639,00 Mb Total Physical Memory | 248,00 Mb Available Physical Memory | 39,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 9,64 Gb Free Space | 19,75% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 33,98 Gb Free Space | 69,60% Space Free | Partition Type: NTFS
Drive E: | 51,39 Gb Total Space | 18,45 Gb Free Space | 35,91% Space Free | Partition Type: NTFS
Drive F: | 24,41 Gb Total Space | 24,29 Gb Free Space | 99,50% Space Free | Partition Type: NTFS
Drive G: | 43,95 Gb Total Space | 43,88 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive H: | 43,42 Gb Total Space | 22,38 Gb Free Space | 51,55% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: SY-C944F64ABC43
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 180 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01155424-B450-348E-C60B-AEE30EC5BD95}" = ccc-core-preinstall
"{0251283C-41B5-556A-8C47-D842E76613EF}" = Catalyst Control Center Localization Thai
"{02952E4C-5109-A630-639E-06E65CA6BD31}" = CCC Help Polish
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{073E6BDE-3AED-6A71-54C6-6756103F1FB8}" = Catalyst Control Center Core Implementation
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{0C714BB7-4CAD-D173-F84C-554F380E285F}" = Catalyst Control Center Localization Norwegian
"{0D106685-166E-0D6D-29B8-E3E8EE9D8BE4}" = Catalyst Control Center Localization Finnish
"{0FE84B98-9821-A472-3E63-A5D7C72A5BEA}" = CCC Help Danish
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{144B4BF4-16CA-4FD3-A547-8A8107EF40D7}" = SA23xx Device Manager
"{15E56370-5490-9534-330A-202CC9CB1A17}" = CCC Help Finnish
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1F082EA8-0F22-40CA-9FA8-8F85458026AF}" = Windows Live Fotogalerie
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2018A250-C32D-2164-C988-937412C1AEED}" = CCC Help English
"{205403B5-6EBC-32AB-F1D5-4BBD635B8211}" = CCC Help Greek
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Nástroj pro odesílání služby Windows Live
"{20D0CDB1-5F03-4A5D-86EB-7C218053B157}" = Windows Live Messenger
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{247286E7-3966-8A6B-F962-9FB49B193B65}" = Catalyst Control Center Localization Dutch
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2D7FA997-376C-6870-A0B8-03C1928383DD}" = Catalyst Control Center Localization Swedish
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{354D2902-EBB4-A562-93E2-1CEECB35D1E0}" = Catalyst Control Center Graphics Light
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{379F9A64-4317-477A-BBC5-35466F8476B5}" = OpenOffice.org 3.2
"{3A1AB8E6-748E-4B95-AA2D-FE9952EB3106}" = OLYMPUS Master 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B7B9A55-BE2F-963B-1306-1C8AF4B6BEC5}" = CCC Help German
"{3D5FDC57-3D8C-3CA8-CEE1-64169C48E524}" = Catalyst Control Center Graphics Full Existing
"{3E62B27C-342F-4B44-9331-CA4BC59A586F}" = Asistent pro přihlášení ke službě Windows Live
"{3FA604E7-AE4E-08E9-CDB7-CD87A571641A}" = CCC Help Hungarian
"{4136A82D-6AAC-DDD0-AE14-7F26B4E5B5F1}" = CCC Help Norwegian
"{45C8D564-77BF-CBE5-BC3E-F731C536BC84}" = Skins
"{4855A5DA-B1AB-457F-0001-8901CB48A459}" = Codec Checker
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{49CC1A6A-3A1A-4EE7-913F-8106B51B59D1}" = Paragon Partition Manager 8.0 Personal
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{51356925-C6C8-5999-08D9-5A98C0645E80}" = CCC Help Chinese Traditional
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{54FEAF1A-8F2A-44C1-95CA-5C1C21F4F934}" = Windows Live Mail
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56DF30DD-CEC9-06B0-C572-AEA477BD245C}" = CCC Help Spanish
"{57252EEC-6E6E-917B-B02A-F125B7CF0C9E}" = Catalyst Control Center Localization Japanese
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5C49377D-699C-04F4-F26A-1583F0EB2525}" = CCC Help Italian
"{5D3541C3-0A67-2587-360B-67ADD2A35491}" = ccc-utility
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{627FCE23-DC14-2D59-5449-5AACDDA59CDD}" = CCC Help Korean
"{644EA08F-87D2-48C0-AE94-B327D1C85A97}" = Microsoft Private Folder 1.0
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69A78876-1C3E-6F0A-BDEC-C09D5F302BC0}" = CCC Help French
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DCEF478-2917-F4DF-3265-8447E3DBB5B3}" = Catalyst Control Center Localization French
"{6E257F26-57FA-4BC9-AE3B-D50AF937DA7F}" = Windows Live Toolbar
"{6E5EEE1B-3907-44C3-83BA-AD4B8CE40F76}" = Windows Live Writer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{714A15CA-8BA4-F6C9-D8FF-B28CE631BE8F}" = CCC Help Chinese Standard
"{7155CD53-9C57-4178-B7F3-77E18336DF14}" = Axesstel RF Status Monitor
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{7399656A-A683-41F9-8B81-B49A5138B76C}" = Serif PhotoPlus 9.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7707CB13-8F15-36E2-9579-93F34838CE24}" = Catalyst Control Center Localization Polish
"{7B35C1CE-695E-D663-3F1E-0AA176C0D4C5}" = Catalyst Control Center Localization Greek
"{7DA669BD-1642-AD33-7377-4535BFB1BCE4}" = CCC Help Swedish
"{7E32F9DB-A6FC-5091-5533-2A061C2A2FC2}" = ccc-core-static
"{81A60A13-224D-4637-8203-3EAC03B121A4}" = Seagate DiscWizard
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{84F994E5-1565-06BB-171A-71AB7626E63B}" = CCC Help Portuguese
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{93028F9A-1EC0-467A-981B-DE93D96897C6}" = Windows Live Essentials
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9601039B-E012-42DA-9EF1-42E914734E1A}" = Windows Live Zabezpečení rodiny
"{985F828E-0E98-429F-9C05-EF3BDE7568F7}" = Paragon Drive Backup™ 9.0 Express
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{992968F7-248A-1D5D-7FB5-BD6D5B953215}" = Catalyst Control Center Graphics Full New
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D9D12DF-3EDB-A01A-F843-C613681467F8}" = Catalyst Control Center Localization Hungarian
"{9E3AA735-670F-443D-9F54-634CC10E88E4}" = Web Easy Professional Express
"{9ED38F62-7A50-4145-8C5D-0FCFFBF10A7B}" = Visual C++ CRT 9.0
"{A161C3C9-BEA6-A806-D77F-81E018CA5D67}" = Catalyst Control Center Localization Italian
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3C177CE-97E1-6F90-D389-BD951A9FB81B}" = Catalyst Control Center Localization German
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A654CDEB-F7A7-3CAC-0D17-94B66CCCAE59}" = Catalyst Control Center Localization Chinese Standard
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1029-7B44-A81200000003}" = Adobe Reader 8 - Czech
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AEAAA92E-9A5D-DF42-5FDD-74D545DAA7BA}" = CCC Help Thai
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B5025AC2-F3AE-29F5-5A0E-CFC89B634958}" = Catalyst Control Center Localization Portuguese
"{B639110D-747F-40DC-9682-95D94EF73790}" = dj_sf_software
"{B66C315A-2D08-9FDB-F655-DC331E97141B}" = CCC Help Dutch
"{B838DCFC-3490-263C-0FFE-50C8B306FC8D}" = Catalyst Control Center Localization Russian
"{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}" = Motorola Driver Installation 3.7.0
"{BA040794-A600-8C78-D72F-1B4797C01472}" = CCC Help Japanese
"{BA05CD9C-59FF-B4FE-0544-855F0982D0A4}" = Catalyst Control Center Localization Danish
"{BA6BD9A0-2833-4C51-8CCB-46431EC5CD4E}" = Paragon Partition Manager™ 9.0 Express
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BCF8C22F-62EB-4F80-9EF9-1CD88254BCBD}" = Web Easy Professional Express 7
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C67A4B20-E47F-4CF1-5522-98899F9A529A}" = Catalyst Control Center Localization Turkish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE453374-9697-4043-D2B2-16C41D906641}" = CCC Help Czech
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D57FF9F2-E6A1-6E10-16F0-58B676F6DE3C}" = Catalyst Control Center Localization Korean
"{DC550B90-A58E-6964-298D-18CF7DF550CD}" = CCC Help Turkish
"{DC8B50E5-AE03-EF2A-044F-9C1A2ED92BD1}" = Catalyst Control Center Graphics Previews Common
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{E09F11E0-7E27-640C-ADB9-8B2F7CA19470}" = CCC Help Russian
"{E1352FB0-944D-68D4-1B08-35AB82CFD5CB}" = Catalyst Control Center Localization Czech
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E570CB6B-1CBC-4ADD-969F-7B3338A6BDB6}" = Windows Live Sync
"{F2981339-823E-4C62-9C6F-6733BAEE9EF5}" = Paragon Hard Disk Manager 9.5 Special Edition
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A7123B-E1CB-97DD-D4CC-31BF6936DC82}" = Catalyst Control Center Localization Chinese Traditional
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F8650CB3-89F1-4AE0-81AC-917423C58DB8}" = Serif PhotoPlus Association File Formats
"{F8F2008B-9CFC-B7A2-087C-26D7856D10C0}" = Catalyst Control Center Localization Spanish
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"123 Free Solitaire" = 123 Free Solitaire
"7 Wonders II_is1" = 7 Wonders II
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agnitum Outpost Firewall Pro_is1" = Outpost Firewall Pro 2009
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"Ashampoo Burning Studio 2009 Advanced_is1" = Ashampoo Burning Studio 2009 Advanced
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Premium
"Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe
"Big Money Deluxe 1.22" = Big Money Deluxe 1.22
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"C-Media PCI Audio Driver" = C-Media WDM Audio Driver
"C-Media PCI Sound" = C-Media PCI Audio
"Fishing Craze" = Fishing Craze
"Grey Olltwit's Marble Buster" = Grey Olltwit's Marble Buster
"Handy Recovery 1.0" = Handy Recovery 1.0
"HijackThis" = HijackThis 2.0.2
"Hyperballoid 2_is1" = Hyperballoid 2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Kájovy Vánoce - velké dobrodružství pračlověka Káji Hřibojeda" = Kájovy Vánoce - velké dobrodružství pračlověka Káji Hřibojeda
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.0.0
"Mah Jong Medley_is1" = Mah Jong Medley
"Mah Jong Quest II_is1" = Mah Jong Quest II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.6.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MOBILedit!" = MOBILedit! 3.2
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Numericon" = Numericon
"PCI Audio Driver" = PCI Audio Driver
"Picasa 3" = Picasa 3
"Plato DVD Copy_is1" = Plato DVD Copy 7.71
"Plato DVD Creator_is1" = Plato DVD Creator 3.82
"Plato Video Converter_is1" = Plato Video Converter 5.68
"rajče.net_is1" = rajče verze 56 sestavení 151
"Regino_is1" = Regino v4.5
"SeaTools Enterprise" = SeaTools Enterprise
"Simple Sudoku_is1" = Simple Sudoku 4.2
"Super Mah Jong" = Super Mah Jong
"UltraISO_is1" = UltraISO Magazine Edition V8.66
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
"ZonerPhotoStudio10_CZ_is1" = Zoner Photo Studio 10

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10.7.2010 5:20:24 | Computer Name = SY-C944F64ABC43 | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.


Error - 10.7.2010 6:20:06 | Computer Name = SY-C944F64ABC43 | Source = ESENT | ID = 490
Description = svchost (1644) Pokus o otevření souboru C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
pro čtení nebo zápis se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces
nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření
souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error - 10.7.2010 10:20:56 | Computer Name = SY-C944F64ABC43 | Source = MsiInstaller | ID = 11706
Description = Product: SolutionCenter -- Error 1706. An installation package for
the product SolutionCenter cannot be found. Try the installation again using a
valid copy of the installation package 'SolutionCenter.msi'.

Error - 12.7.2010 12:13:28 | Computer Name = SY-C944F64ABC43 | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil

Error - 23.7.2010 0:47:42 | Computer Name = SY-C944F64ABC43 | Source = EventSystem | ID = 4609
Description = Systém událostí modelu COM+ zjistil při vnitřním zpracovávání chybný
návratový kód. Hodnota HRESULT byla 80070005 z řádku 62 v d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.Obraťte
se na služby odborné pomoci společnosti Microsoft a informujte je o této chyb

Error - 25.7.2010 1:32:48 | Computer Name = SY-C944F64ABC43 | Source = PerfNet | ID = 2005
Description = Nelze číst data o výkonu ze služby serveru. V tomto vzorku nebudou
vrácena žádná data o výkonu serveru. Vrácený chybový kód je v datech DWORD 0, IOSB.Status
je DWORD 1 a IOSB.Information je DWORD 2.

Error - 25.7.2010 1:32:48 | Computer Name = SY-C944F64ABC43 | Source = PerfNet | ID = 2006
Description = Nelze číst data o výkonu fronty ze služby serveru. V tomto vzorku nebudou
vrácena žádná data o výkonu fronty serveru. Vrácený chybový kód je v datech DWORD
0, IOSB.Status je DWORD 1 a IOSB.Information je DWORD 2.

Error - 27.7.2010 8:42:09 | Computer Name = SY-C944F64ABC43 | Source = MsiInstaller | ID = 1013
Description = Produkt: Microsoft .NET Framework 2.0 - Setup cannot continue because
this version of the .NET Framework is incompatible with a previously installed
one. For more information, see http://support.microsoft.com/support/kb ... 2/5/00.asp

Error - 27.7.2010 18:12:57 | Computer Name = SY-C944F64ABC43 | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.


Error - 27.7.2010 18:12:57 | Computer Name = SY-C944F64ABC43 | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.


[ System Events ]
Error - 31.7.2010 8:13:23 | Computer Name = SY-C944F64ABC43 | Source = Service Control Manager | ID = 7001
Description = Služba Avira AntiVir WebGuard závisí na službě Avira AntiVir Guard,
která neuspěla při spuštění v důsledku následující chyby: %%1070

Error - 31.7.2010 8:13:23 | Computer Name = SY-C944F64ABC43 | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: Lbd

Error - 31.7.2010 9:09:48 | Computer Name = SY-C944F64ABC43 | Source = Service Control Manager | ID = 7022
Description = Služba Avira AntiVir Guard přestala během spouštění reagovat.

Error - 31.7.2010 9:09:48 | Computer Name = SY-C944F64ABC43 | Source = Service Control Manager | ID = 7001
Description = Služba Avira AntiVir MailGuard závisí na službě Avira AntiVir Guard,
která neuspěla při spuštění v důsledku následující chyby: %%1070

Error - 31.7.2010 9:09:48 | Computer Name = SY-C944F64ABC43 | Source = Service Control Manager | ID = 7001
Description = Služba Avira AntiVir WebGuard závisí na službě Avira AntiVir Guard,
která neuspěla při spuštění v důsledku následující chyby: %%1070

Error - 31.7.2010 9:09:48 | Computer Name = SY-C944F64ABC43 | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: Lbd

Error - 31.7.2010 9:20:29 | Computer Name = SY-C944F64ABC43 | Source = Service Control Manager | ID = 7022
Description = Služba Avira AntiVir Guard přestala během spouštění reagovat.

Error - 31.7.2010 9:20:29 | Computer Name = SY-C944F64ABC43 | Source = Service Control Manager | ID = 7001
Description = Služba Avira AntiVir MailGuard závisí na službě Avira AntiVir Guard,
která neuspěla při spuštění v důsledku následující chyby: %%1070

Error - 31.7.2010 9:20:29 | Computer Name = SY-C944F64ABC43 | Source = Service Control Manager | ID = 7001
Description = Služba Avira AntiVir WebGuard závisí na službě Avira AntiVir Guard,
která neuspěla při spuštění v důsledku následující chyby: %%1070

Error - 31.7.2010 9:20:29 | Computer Name = SY-C944F64ABC43 | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: Lbd


< End of report >

Spustte OTL
-do bílého okna dole skopírujte tento skript:
-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde



-klikněte na tlačítko Run fix.
-Následně se pc restartuje.
- Log vložte zde




Dejte soubor otestovat na http://www.virustotal.com

C:\WINDOWS\system32\ATIDEMGX.dll
C:\WINDOWS\system32\drivers\sptd.sys
C:\WINDOWS\System32\HDX4MediaReveal.dll
C:\WINDOWS\mixerdef.ini

-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky
-pokud se Vás zeptá, dejte soubor otestovat znovu, tak aby to byl soubor z Vašeho počítače



Můžete se podívat, co je v této složce?
C:\Documents and Settings\All Users\Data aplikací\n7-89-o9-3r-4t-r9



Program Wget používáte?

Log po OPRAVIT:
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:7204B89D deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:1CA73D29 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:FFDDB8FA deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2 deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\SET25.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP107.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP119.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1BF.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1C1.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1CC.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2A1.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2C7.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2D0.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DD.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3AF.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3D6.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3FB.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4DF.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP586.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP90.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE2.tmp folder moved successfully.
C:\WINDOWS\CSC\csc1.tmp moved successfully.
C:\WINDOWS\Installer\MSI2E.tmp moved successfully.
C:\WINDOWS\Installer\MSI35.tmp moved successfully.
C:\WINDOWS\Temp\sdbD.tmp moved successfully.
C:\WINDOWS\Temp\testtime.tmp moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 143258 bytes
->Temporary Internet Files folder emptied: 344358 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 40508026 bytes
->Opera cache emptied: 14032093 bytes
->Flash cache emptied: 1094 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: kluci
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 58119175 bytes
->Flash cache emptied: 568 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 3829870 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Sylva
->Temp folder emptied: 141547 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 59942633 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66019 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 169,00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: kluci
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Sylva

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08012010_074219

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Log po RUN FIX nemám, v OTL jsem to tlačítko nenašla, pokud to mělo být pokračování předchozí akce po restartu oprav, nedošlo k tomu.


Testy na na http://www.virustotal.com:

C:\WINDOWS\system32\ATIDEMGX.dll
MD5: 988bdd3c4bd403a0ea0c38c38661501f
Poprvé zaslán: 2009.05.29 18:18:15 UTC
Datum: 2009.05.29 18:18:15 UTC [>428D]
Výsledky: 0/40
Stálý odkaz: analisis/c3500eda85f6f75d5a51e9897939a256b1d7cabe317121824e87287ed288da28-1243621095

C:\WINDOWS\system32\drivers\sptd.sys se otestovat nepodařilo, soubor je používán

Bad Request

Your browser sent a request that this server could not understand.

http://www.virustotal.com/vt/cs/recepci ... f41fb76755

C:\WINDOWS\System32\HDX4MediaReveal.dll
MD5: 782b6788d8c561f1ad8159278a3df951
Poprvé zaslán: 2009.05.09 18:43:32 UTC
Datum: 2009.05.09 18:43:32 UTC [>448D]
Výsledky: 0/38
Stálý odkaz: analisis/92d45bf8aec5040f3fab2666f1668f3eacda1a8b4b102f447656c4f709b566e5-1241894612

C:\WINDOWS\mixerdef.ini
MD5: 2405e54ecda0c42d642cdb6bb28dabb2
Poprvé zaslán: 2009.08.31 09:30:43 UTC
Datum: 2009.08.31 09:30:43 UTC [>334D]
Výsledky: 0/41
Stálý odkaz: analisis/f38d53517288fd6011a6df9b351f33ba7b7d534f47dacc1706fb72c5c3704909-1251711043


Ve složce C:\Documents and Settings\All Users\Data aplikací\n7-89-o9-3r-4t-r9 je soubor profile.ini, jeho obsah je
[netsock]
netapi.dll-SHDFIKFQTT5JZB-ca9=8848169
netapi.dll-HELHT6K1SYN1U-c98=8848169


Program Wget mi nic neříká, nevím, k čemu by měl být dobrý (nebo špatný?).

Wget http://www.stahuj.centrum.cz/internet_a ... zery/wget/
O něm hlásil firewall.

Jak to ted vypadá s počítačem?

PC je sólo, pouze připojené k internetu. Domácí síť nemám.

A ted to s počítačem vypadá jak? Ale kvůli té Aviře ještě radši prověříme pc na rootkity.

odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC


Stahněte http://www.jpshortstuff.247fixes.com/Defogger.exe
- spustte,
- potvrdte disabled
-log vložte zde



Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu


start-spustit
do okénka zkopírujte
ok

vytvoří se log s názvem mbr.log, vložte ho zde