OTL logfile created on: 4.11.2013 19:23:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
255,23 Mb Total Physical Memory | 45,05 Mb Available Physical Memory | 17,65% Memory free
906,90 Mb Paging File | 527,76 Mb Available in Paging File | 58,19% Paging File free
Paging file location(s): c:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 30,39 Gb Free Space | 40,78% Space Free | Partition Type: NTFS
Computer Name: KOSTE-31AE06D37 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.11.04 19:20:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
PRC - [2010.01.14 16:00:04 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.04.14 12:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008.02.01 08:20:14 | 002,194,744 | ---- | M] (
www.BitComet.com) -- C:\Program Files\BitComet\BitComet.exe
PRC - [2007.12.13 18:10:56 | 001,688,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007.05.11 12:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2007.04.16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004.07.20 13:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2003.05.05 07:57:30 | 000,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
========== Modules (No Company Name) ==========
MOD - [2009.11.16 19:31:58 | 000,069,632 | ---- | M] () -- C:\PSPad editor\PSPadShell.dll
MOD - [2008.03.22 23:01:34 | 000,039,424 | ---- | M] () -- C:\Program Files\Alky for Applications\vshellext.dll
MOD - [2007.07.10 19:12:46 | 003,010,560 | ---- | M] () -- c:\Program Files\Adobe\Reader 8.0\Reader\RdLang32.CZE
MOD - [2007.07.10 18:57:22 | 000,049,152 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\WebLink.CZE
MOD - [2007.07.10 18:54:50 | 000,036,864 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Spelling.CZE
MOD - [2007.07.10 18:54:16 | 000,032,768 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\SendMail.CZE
MOD - [2007.07.10 18:53:22 | 000,053,248 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Search.CZE
MOD - [2007.07.10 18:51:16 | 000,019,968 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\SaveAsRTF.CZE
MOD - [2007.07.10 18:50:22 | 000,012,800 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\ReadOutLoud.CZE
MOD - [2007.07.10 18:48:56 | 000,933,888 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\PPKLite.CZE
MOD - [2007.07.10 18:47:02 | 000,155,648 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Multimedia.CZE
MOD - [2007.07.10 18:46:24 | 000,073,728 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\makeaccessible.CZE
MOD - [2007.07.10 18:43:08 | 000,006,144 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\EWH32.CZE
MOD - [2007.07.10 18:42:10 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\EScript.CZE
MOD - [2007.07.10 18:39:58 | 000,204,800 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\DigSig.CZE
MOD - [2007.07.10 18:38:58 | 000,184,320 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Checkers.CZE
MOD - [2007.07.10 18:37:24 | 001,196,032 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Annots.CZE
MOD - [2007.07.10 18:35:06 | 000,782,336 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Acroform.CZE
MOD - [2007.07.10 18:34:14 | 000,077,824 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\accessibility.CZE
MOD - [2007.01.13 11:01:28 | 000,475,136 | R--- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll
MOD - [2007.01.13 11:01:28 | 000,397,312 | R--- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll
MOD - [2006.12.14 00:32:46 | 000,005,120 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\updater.CZE
MOD - [2006.12.14 00:25:58 | 000,011,776 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Search5.CZE
MOD - [2006.12.14 00:22:00 | 000,008,192 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\reflow.CZE
MOD - [2006.12.14 00:09:48 | 000,010,752 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\pddom.CZE
MOD - [2006.12.13 23:56:08 | 000,013,312 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\HLS.CZE
MOD - [2006.12.13 23:49:06 | 000,028,672 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\eBook.CZE
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\jdvpqswf.dll -- (htpljgdf)
SRV - [2008.04.14 12:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008.04.14 12:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC)
SRV - [2008.04.14 12:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2006.11.03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2004.07.20 13:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\01.tmp -- (lmbvuzmo)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013.11.03 09:56:03 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.10.30 18:22:22 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2011.08.17 09:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.08.17 09:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.08.17 09:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.08.17 09:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.01.14 16:04:10 | 000,009,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\dumpdrv.sys -- (DumpDrv)
DRV - [2008.11.11 12:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008.11.11 12:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008.11.11 12:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006.06.19 04:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.12.14 16:55:22 | 000,009,472 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2004.07.20 13:19:16 | 000,020,096 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2003.07.02 03:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1757981266-1004336348-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.com
IE - HKU\S-1-5-21-1757981266-1004336348-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.mysearchresults.com/?c=3513&t=01
IE - HKU\S-1-5-21-1757981266-1004336348-725345543-500\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1757981266-1004336348-725345543-500\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1757981266-1004336348-725345543-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-1757981266-1004336348-725345543-500\..\SearchScopes\{263A1FB5-A94A-4B52-B043-E530675F85A2}: "URL" =
http://search.seznam.cz/?q={searchTerms ... arch_16194
IE - HKU\S-1-5-21-1757981266-1004336348-725345543-500\..\SearchScopes\{378B7B94-673C-4AAD-89E5-EE28195D3B62}: "URL" =
http://encyklopedie.seznam.cz/search?q= ... arch_16194
IE - HKU\S-1-5-21-1757981266-1004336348-725345543-500\..\SearchScopes\{480FB046-97BC-4083-8F65-8AFA3A99B1E7}: "URL" =
http://tv.seznam.cz/hledej?w={searchTer ... arch_16194
IE - HKU\S-1-5-21-1757981266-1004336348-725345543-500\..\SearchScopes\{553C1395-B55E-4E48-8DC5-49C1E151A8EB}: "URL" =
http://www.zbozi.cz/?q={searchTerms}&r= ... arch_16194
IE - HKU\S-1-5-21-1757981266-1004336348-725345543-500\..\SearchScopes\{627FA229-63E7-4AEE-BD82-6FF8E66FEAB2}: "URL" =
http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
IE - HKU\S-1-5-21-1757981266-1004336348-725345543-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.com/search?q={searchT ... FA_csCZ427
IE - HKU\S-1-5-21-1757981266-1004336348-725345543-500\..\SearchScopes\{7430DD05-F3A0-4044-94AE-BB0E47735B93}: "URL" =
http://www.novinky.cz/hledej?w={searchT ... arch_16194
IE - HKU\S-1-5-21-1757981266-1004336348-725345543-500\..\SearchScopes\{76B3D02A-C3E1-438C-B3B9-9302E6604234}: "URL" =
http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
IE - HKU\S-1-5-21-1757981266-1004336348-725345543-500\..\SearchScopes\{8995A7DE-F009-4D08-8D09-FA9326527EB0}: "URL" =
http://www.firmy.cz/?q={searchTerms}&so ... arch_16194
IE - HKU\S-1-5-21-1757981266-1004336348-725345543-500\..\SearchScopes\{994C8D35-3618-4394-A21E-413A3E09086D}: "URL" =
http://www.mysearchresults.com/search?c ... earchTerms}
IE - HKU\S-1-5-21-1757981266-1004336348-725345543-500\..\SearchScopes\{FA9BB362-28DD-45B0-BB1A-5F6DD921E2A4}: "URL" =
http://www.mapy.cz/?query={searchTerms} ... arch_16194
IE - HKU\S-1-5-21-1757981266-1004336348-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "
http://www.centrum.cz/#utm_source=icq&u ... um=generic"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.11.03 17:14:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.16 11:41:54 | 000,000,000 | ---D | M]
[2011.07.02 03:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Extensions
[2013.11.03 17:14:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\s3xvxbf7.default\extensions
[2011.04.22 06:29:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\s3xvxbf7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.07.09 07:30:47 | 000,000,000 | ---D | M] (Seznam lištiÄŤka) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\s3xvxbf7.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2011.04.17 10:18:47 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\s3xvxbf7.default\searchplugins\icqplugin.gif
[2011.04.17 10:18:47 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\s3xvxbf7.default\searchplugins\icqplugin.src
[2013.05.17 16:08:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.05.26 22:51:50 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.17 13:20:28 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.07.17 13:20:28 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2011.07.17 13:20:28 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2011.07.17 13:20:28 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011.07.17 13:20:28 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2013.11.03 18:03:14 | 000,000,741 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll (BitComet)
O3 - HKU\S-1-5-21-1757981266-1004336348-725345543-500\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Auto_Del_Temp] C:\WINDOWS\system32\TEMP.cmd ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [seznam-listicka-distribuce] C:\Program Files\Seznam.cz\distribution\szninstall.exe ()
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-1757981266-1004336348-725345543-500..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-1757981266-1004336348-725345543-500..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1757981266-1004336348-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1757981266-1004336348-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1757981266-1004336348-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - C:\Program Files\BitComet\BitComet.exe (
www.BitComet.com)
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - C:\Program Files\BitComet\BitComet.exe (
www.BitComet.com)
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - C:\Program Files\BitComet\BitComet.exe (
www.BitComet.com)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll (BitComet)
O15 - HKU\S-1-5-21-1757981266-1004336348-725345543-500\..Trusted Domains: localhost ([]http in Internet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA015A27-94A6-42D3-AD23-DE64277059EA}: DhcpNameServer = 192.168.0.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\RailNotification: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.04.13 15:23:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2088306a-8275-11e1-9e9e-0015f2161f9b}\Shell - "" = AutoRun
O33 - MountPoints2\{2088306a-8275-11e1-9e9e-0015f2161f9b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{4d1dba14-80db-11e1-9e9c-0015f2161f9b}\Shell - "" = AutoRun
O33 - MountPoints2\{4d1dba14-80db-11e1-9e9c-0015f2161f9b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{6eb6958e-0063-11e3-a125-0015f2161f9b}\Shell - "" = AutoRun
O33 - MountPoints2\{6eb6958e-0063-11e3-a125-0015f2161f9b}\Shell\AutoRun\command - "" = E:\KODAK_Software_Downloader.exe
O33 - MountPoints2\{e4eab81f-fb26-11e0-9ddf-0015f2161f9b}\Shell - "" = AutoRun
O33 - MountPoints2\{e4eab81f-fb26-11e0-9ddf-0015f2161f9b}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
O33 - MountPoints2\{fe28ecf3-67ff-11e0-9d03-0015f2161f9b}\Shell - "" = AutoRun
O33 - MountPoints2\{fe28ecf3-67ff-11e0-9d03-0015f2161f9b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: MIDI1 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (
http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (
www.helixcommunity.org)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2013.11.04 19:20:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2013.11.04 15:02:57 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013.11.04 15:01:42 | 005,143,677 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Plocha\ComboFix.exe
[2013.11.04 14:35:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2013.11.03 18:43:11 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.11.03 18:37:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.11.03 18:37:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.11.03 18:37:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.11.03 18:37:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.11.03 18:31:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.11.03 18:30:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Nabídka Start\Programy\Nástroje pro správu
[2013.11.03 18:30:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.11.03 17:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha\RK_Quarantine
[2013.11.03 16:42:47 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.11.03 09:56:03 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013.11.02 21:21:26 | 000,000,000 | ---D | C] -- C:\Avenger
[2013.11.02 16:34:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
[2013.11.02 16:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2013.11.02 16:33:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.11.02 14:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013.11.02 14:42:00 | 000,000,000 | ---D | C] -- C:\rsit
[2013.10.21 17:03:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\PSpad
[2013.10.21 16:53:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\PSPad editor
[2013.10.18 17:34:21 | 000,000,000 | ---D | C] -- C:\PSPad editor
[2013.10.16 18:16:30 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2013.10.16 18:16:30 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2013.10.16 18:16:30 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2013.10.16 18:16:30 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2013.10.16 18:16:30 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2013.10.15 15:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\PSPad editor
[2013.10.15 15:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\TopStyle 3
[2013.10.15 15:42:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bradbury
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.11.04 19:25:13 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.11.04 19:20:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2013.11.04 15:01:48 | 005,143,677 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Plocha\ComboFix.exe
[2013.11.04 14:52:10 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.11.04 14:51:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.11.04 14:48:25 | 000,493,864 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.11.04 14:48:25 | 000,493,094 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2013.11.04 14:48:25 | 000,104,340 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2013.11.04 14:48:25 | 000,091,032 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.11.04 13:41:13 | 000,244,224 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.11.03 18:43:18 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013.11.03 18:36:16 | 000,002,504 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013.11.03 17:43:53 | 003,538,944 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\RogueKiller.exe
[2013.11.03 17:38:06 | 001,496,172 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\CrystalDiskInfo5_0_0.zip
[2013.11.03 17:14:39 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\Internet Explorer.lnk
[2013.11.03 16:41:49 | 001,060,070 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\adwcleaner.exe
[2013.11.03 09:56:03 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013.11.02 14:40:11 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\RSIT.exe
[2013.11.01 16:04:40 | 000,000,896 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2013.10.30 02:00:02 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2013.10.28 12:03:50 | 003,638,366 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\the-dnc-swing-baby-swing.mp3
[2013.10.28 12:02:02 | 002,122,296 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\loosen-up-golden-ft-sophia-shorai-edit.mp3
[2013.10.21 17:39:18 | 000,012,554 | -HS- | M] () -- C:\Documents and Settings\Administrator\Plocha\AlbumArt_{7F3138CF-B773-4C93-AE6A-EA727D63DE30}_Large.jpg
[2013.10.21 17:38:58 | 000,003,277 | -HS- | M] () -- C:\Documents and Settings\Administrator\Plocha\AlbumArt_{7F3138CF-B773-4C93-AE6A-EA727D63DE30}_Small.jpg
[2013.10.21 16:48:42 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.11.04 19:25:13 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.11.03 18:43:18 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013.11.03 18:43:14 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2013.11.03 18:37:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.11.03 18:37:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.11.03 18:37:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.11.03 18:37:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.11.03 18:37:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.11.03 17:43:42 | 003,538,944 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\RogueKiller.exe
[2013.11.03 17:37:57 | 001,496,172 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\CrystalDiskInfo5_0_0.zip
[2013.11.03 16:41:39 | 001,060,070 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\adwcleaner.exe
[2013.11.02 14:39:46 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\RSIT.exe
[2013.10.28 12:03:09 | 003,638,366 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\the-dnc-swing-baby-swing.mp3
[2013.10.28 12:01:28 | 002,122,296 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\loosen-up-golden-ft-sophia-shorai-edit.mp3
[2013.10.21 17:39:44 | 000,012,554 | -HS- | C] () -- C:\Documents and Settings\Administrator\Plocha\AlbumArt_{7F3138CF-B773-4C93-AE6A-EA727D63DE30}_Large.jpg
[2013.10.21 17:39:44 | 000,003,277 | -HS- | C] () -- C:\Documents and Settings\Administrator\Plocha\AlbumArt_{7F3138CF-B773-4C93-AE6A-EA727D63DE30}_Small.jpg
[2013.10.15 15:42:28 | 000,072,192 | ---- | C] () -- C:\WINDOWS\unlite3.exe
[2013.10.05 16:57:32 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2013.10.05 16:57:26 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2013.10.05 16:56:20 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2013.07.21 12:31:07 | 006,294,528 | ---- | C] () -- C:\WINDOWS\System32\MediaIO1.dll
[2013.07.21 12:31:04 | 009,974,784 | ---- | C] () -- C:\WINDOWS\System32\MioPlayer2.dll
[2013.07.09 20:03:29 | 000,000,896 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2013.05.01 20:57:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EngineExe.INI
[2013.05.01 12:00:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2013.01.17 16:39:38 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\fusioncache.dat
[2012.10.29 19:19:12 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012.04.26 05:16:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.04.25 15:19:47 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2012.04.25 15:19:46 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2012.04.25 15:19:46 | 000,021,464 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2012.04.25 15:19:46 | 000,015,552 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2012.04.25 15:19:46 | 000,014,910 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2012.03.09 05:05:02 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Administrator\.rnd
[2011.04.16 11:06:14 | 000,000,190 | ---- | C] () -- C:\Documents and Settings\Administrator\default.pls
[2011.04.16 09:28:08 | 000,244,224 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.13 16:01:39 | 000,075,573 | ---- | C] () -- C:\Documents and Settings\Administrator\langs.model.xml
[2011.04.13 16:01:39 | 000,004,799 | ---- | C] () -- C:\Documents and Settings\Administrator\config.model.xml
[2011.04.13 16:01:39 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\Administrator\configModel.xml
[2011.04.13 16:01:39 | 000,000,191 | ---- | C] () -- C:\Documents and Settings\Administrator\langsModel.xml
[2011.04.13 16:01:37 | 000,100,247 | ---- | C] () -- C:\Documents and Settings\Administrator\xmlUpdater.exe
[2011.04.13 16:01:37 | 000,086,293 | ---- | C] () -- C:\Documents and Settings\Administrator\stylers.model.xml
[2011.04.13 16:01:37 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\Administrator\stylesGlobalModel.xml
[2011.04.13 16:01:37 | 000,000,188 | ---- | C] () -- C:\Documents and Settings\Administrator\stylesLexerModel.xml
========== ZeroAccess Check ==========
[2011.04.13 16:09:09 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 12:00:00 | 001,499,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.01.14 16:00:04 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 12:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2011.07.04 08:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\AlterLab
[2012.04.25 15:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\DAEMON Tools
[2011.06.10 19:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\DAEMON Tools Lite
[2011.07.14 17:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\DMCache
[2011.04.13 18:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\ESET
[2013.11.03 17:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\ICQ
[2011.07.15 09:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\IDM
[2011.04.16 08:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\IEPro
[2013.05.01 11:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mobile Action
[2012.04.25 16:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Notepad++
[2013.08.02 07:19:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Seznam.cz
[2012.04.24 19:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\TeamViewer
[2012.04.25 15:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Windows Desktop Search
[2012.04.25 16:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Windows Search
[2011.07.17 08:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Špidla Data Processing, s.r.o
[2013.11.04 14:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2011.06.10 18:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2011.04.13 15:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2011.07.17 08:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Friday's games
[2013.11.03 17:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2013.08.08 20:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{C585085B-79A8-423C-B04B-77DD30E9C195}
[2011.07.17 08:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Špidla Data Processing, s.r.o
[2011.04.13 15:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Data aplikací\Notepad++
========== Purity Check ==========
========== Custom Scans ==========
< >
[2011.04.13 15:20:29 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2011.04.13 16:01:20 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2011.04.13 16:16:46 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
< >
< MD5 for: ADP3132.SYS >
[2007.07.09 09:00:26 | 000,313,856 | ---- | M] (Adaptec, Inc.) MD5=103D0B6150D2ECD127122E359C2B4A0E -- C:\WINDOWS\DriverPacks\D\D\M\ADA\ADP3132.sys
< MD5 for: AGP440.SYS >
[2010.01.14 16:14:14 | 017,817,320 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\agp440.sys
[2010.01.14 16:14:14 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: AHCIX86.SYS >
[2007.03.07 11:47:30 | 000,119,808 | ---- | M] (ATI Technologies Inc.) MD5=F1B9E3A223CA684D98BB91FD82157601 -- C:\WINDOWS\DriverPacks\D\D\M\AT\ahcix86.sys
< MD5 for: ATAPI.SYS >
[2010.01.14 16:14:14 | 017,817,320 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\atapi.sys
[2008.04.14 12:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 12:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 04:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\autochk.exe
[2008.04.14 12:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2008.04.14 12:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\dllcache\autochk.exe
< MD5 for: CDROM.SYS >
[2010.01.14 16:14:14 | 017,817,320 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\cdrom.sys
[2008.05.02 09:49:40 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=4B0A100EAF5C49EF3CCA8C641431EACC -- C:\WINDOWS\system32\dllcache\cdrom.sys
[2010.01.14 15:59:53 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=4B0A100EAF5C49EF3CCA8C641431EACC -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2008.04.14 04:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\cryptsvc.dll
[2008.04.14 12:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 12:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 04:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\eventlog.dll
[2008.04.14 12:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 12:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\explorer.exe
[2010.01.14 16:00:04 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=8AB626E4E4B289646E11311E66FB0B88 -- C:\WINDOWS\explorer.exe
[2010.01.14 16:00:04 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=8AB626E4E4B289646E11311E66FB0B88 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2010.01.14 16:14:14 | 017,817,320 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2010.01.14 16:00:10 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=429B2A7E9569C19BFE58F71FC02DE220 -- C:\WINDOWS\system32\hal.dll
[2008.04.13 19:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\hal.dll
< MD5 for: CHANGER.SYS >
[2010.01.14 16:14:14 | 017,817,320 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.04.13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\changer.sys
< MD5 for: IASTOR.SYS >
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\DriverPacks\D\D\M\I3\IASTOR.sys
< MD5 for: ISAPNP.SYS >
[2010.01.14 16:14:14 | 017,817,320 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 03:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\isapnp.sys
[2008.04.14 12:00:00 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2008.04.14 04:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\lsass.exe
[2008.04.14 12:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 12:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: MV61XX.SYS >
[2007.10.18 21:22:02 | 000,143,360 | ---- | M] (Marvell Semiconductor, Inc.) MD5=72580605F36048262C674EE925031C3C -- C:\WINDOWS\DriverPacks\D\D\M\M\MV61XX.sys
< MD5 for: NDIS.SYS >
[2008.04.13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ndis.sys
[2010.01.14 16:01:13 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=B5B1080D35974C0E718D64280761BCD5 -- C:\WINDOWS\system32\dllcache\ndis.sys
[2010.01.14 16:01:13 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=B5B1080D35974C0E718D64280761BCD5 -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2009.02.06 19:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 19:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2010.01.14 16:01:14 | 000,407,552 | ---- | M] (Microsoft Corporation) MD5=6A5A974D868AE2F9AC96DC14F221A5EF -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2010.01.14 16:01:14 | 000,407,552 | ---- | M] (Microsoft Corporation) MD5=6A5A974D868AE2F9AC96DC14F221A5EF -- C:\WINDOWS\system32\netlogon.dll
[2008.04.14 04:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\netlogon.dll
< MD5 for: NVATABUS.SYS >
[2006.02.26 16:21:18 | 000,089,856 | ---- | M] (NVIDIA Corporation) MD5=83F0275A21D9772B51CEF57E35AFAE61 -- C:\WINDOWS\DriverPacks\D\D\M\N\123\NVATABUS.sys
[2006.04.24 16:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\DriverPacks\D\D\M\N\TM\NVATABUS.sys
< MD5 for: NVRAID.SYS >
[2006.04.24 16:52:36 | 000,082,944 | ---- | M] (NVIDIA Corporation) MD5=B65CE56C36F573113FF2F6D0F07B7563 -- C:\WINDOWS\DriverPacks\D\D\M\N\TM\NVRAID.sys
[2006.02.26 16:21:18 | 000,063,232 | ---- | M] (NVIDIA Corporation) MD5=B95B5FB53245D6C7AD5696CE71360EED -- C:\WINDOWS\DriverPacks\D\D\M\N\123\NVRAID.sys
< MD5 for: SCECLI.DLL >
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\scecli.dll
[2008.04.14 12:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 12:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 04:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\smss.exe
[2008.04.14 12:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 12:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2010.01.14 16:01:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=67E38B4A549833E02D4D1617B5DBC318 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2010.01.14 16:01:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=67E38B4A549833E02D4D1617B5DBC318 -- C:\WINDOWS\system32\svchost.exe
[2008.04.14 04:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\svchost.exe
< MD5 for: SYMMPI.SYS >
[2006.01.27 09:26:58 | 000,093,056 | ---- | M] (LSI Logic) MD5=164FCA8F1489278A6D5A41F8CF99D295 -- C:\WINDOWS\DriverPacks\D\D\M\L4\SYMMPI.sys
[2007.02.10 00:05:00 | 000,104,496 | ---- | M] (LSI Logic) MD5=4CCED1D8EC90FC7008EA8C742F1278F2 -- C:\WINDOWS\DriverPacks\D\D\M\D2\SYMMPI.SYS
[2007.02.10 00:06:00 | 000,100,096 | ---- | M] (LSI Logic) MD5=A42F863305943869BA00A613C8EE8C7E -- C:\WINDOWS\DriverPacks\D\D\M\D1\symmpi.sys
< MD5 for: TCPIP.SYS >
[2010.01.14 16:01:53 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=367DE8E5F638C091F49273144274F629 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2010.01.14 16:01:53 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=367DE8E5F638C091F49273144274F629 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 11:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 04:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\userinit.exe
[2008.04.14 12:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 12:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: VIAMRAID.SYS >
[2007.07.17 13:35:20 | 000,114,944 | ---- | M] (VIA Technologies inc,.ltd) MD5=1B7B0954AF54E716F697C511D68C150E -- C:\WINDOWS\DriverPacks\D\D\M\V\VIAMRAID.sys
[2007.07.17 13:35:20 | 000,114,944 | ---- | M] (VIA Technologies inc,.ltd) MD5=1B7B0954AF54E716F697C511D68C150E -- C:\WINDOWS\system32\drivers\viamraid.sys
< MD5 for: VIPRT.SYS >
[2007.12.07 17:10:10 | 000,052,736 | ---- | M] (VIA Technologies, Inc.) MD5=884D400F106C5206602185D9B8E34FE4 -- C:\WINDOWS\DriverPacks\D\D\M\V4\VIPRT.SYS
< MD5 for: WINLOGON.EXE >
[2010.01.14 16:02:09 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=4212BABCC4408B052193DABAD9A691AB -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2010.01.14 16:02:09 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=4212BABCC4408B052193DABAD9A691AB -- C:\WINDOWS\system32\winlogon.exe
[2008.04.14 04:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\winlogon.exe
< MD5 for: WS2_32.DLL >
[2008.04.14 04:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ws2_32.dll
[2008.04.14 12:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 12:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
< >
< %systemroot%*.* /U /s >
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[23 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\18f5cfc0b30410c494ee8d2e846eec81\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\18f5cfc0b30410c494ee8d2e846eec81\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[1 C:\WINDOWS\system32\config\systemprofile\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.04.17 12:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Adobe
[2011.07.08 04:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Ahead
[2011.07.04 08:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\AlterLab
[2012.04.25 15:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\DAEMON Tools
[2011.06.10 19:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\DAEMON Tools Lite
[2011.07.14 17:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\DMCache
[2011.04.13 18:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\ESET
[2011.04.17 12:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Google
[2013.11.03 17:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\ICQ
[2011.04.13 18:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Identities
[2011.07.15 09:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\IDM
[2011.04.16 08:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\IEPro
[2011.10.20 15:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\InstallShield
[2011.04.17 09:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Macromedia
[2013.11.02 16:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
[2011.07.01 12:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Media Player Classic
[2013.11.02 22:38:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
[2013.05.01 11:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mobile Action
[2011.07.02 03:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
[2011.04.13 21:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Nero
[2012.04.25 16:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Notepad++
[2013.10.21 18:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\PSpad
[2011.04.17 08:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Real
[2013.08.02 07:19:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Seznam.cz
[2013.11.04 14:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Skype
[2011.04.13 15:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Sun
[2012.04.24 19:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\TeamViewer
[2012.04.25 15:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Windows Desktop Search
[2012.04.25 16:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Windows Search
[2011.04.17 09:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\WinRAR
[2011.07.17 08:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Špidla Data Processing, s.r.o
< %APPDATA%\*.exe /s >
[2003.07.02 14:43:30 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\IDM\Realtek\ALCCHKID.EXE
[2003.07.17 14:09:52 | 000,139,264 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Administrator\Data aplikací\IDM\Realtek\ALCRMV.EXE
[2003.07.02 15:30:48 | 000,126,976 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Administrator\Data aplikací\IDM\Realtek\ALCRMV9X.EXE
[2003.07.03 11:54:12 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Administrator\Data aplikací\IDM\Realtek\ALCUPD.EXE
[2003.07.02 17:24:20 | 000,031,356 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\IDM\Realtek\ALCXDEV.EXE
[2003.08.08 14:41:52 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\IDM\Realtek\GETDXVER.EXE
[2001.12.03 00:27:30 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\IDM\Realtek\SetCDfmt.exe
[2000.01.10 13:52:00 | 000,139,264 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\Administrator\Data aplikací\IDM\Realtek\Setup.exe
[2003.04.04 14:08:58 | 000,794,624 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Administrator\Data aplikací\IDM\Realtek\Ap\AvRack2.exe
[1998.09.29 23:32:38 | 001,602,328 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Data aplikací\IDM\Realtek\Ap\MPIE4STD.EXE
[1998.09.29 23:32:58 | 003,812,120 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Data aplikací\IDM\Realtek\Ap\Mpstd.exe
[2003.07.19 00:43:24 | 003,645,440 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Administrator\Data aplikací\IDM\Realtek\Ap\RtlRack.exe
[2003.06.26 10:03:30 | 000,055,296 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Administrator\Data aplikací\IDM\Realtek\patch\win98\SoundMan.exe
[2003.08.15 14:34:50 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Administrator\Data aplikací\IDM\Realtek\wdm\SoundMan.exe
[2003.04.04 16:13:56 | 000,155,136 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Administrator\Data aplikací\IDM\Realtek\WinNT4\SoundMan.exe
[2013.05.16 14:25:04 | 001,062,472 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Seznam.cz\szninstall.exe
[2013.04.16 12:52:34 | 000,055,808 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Seznam.cz\bin\ffkill.exe
[2013.04.29 11:53:34 | 000,045,560 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Seznam.cz\bin\listicka-x64.exe
[2013.04.12 09:13:24 | 000,457,208 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Seznam.cz\bin\szndesktop.exe
[2013.04.12 09:10:22 | 000,092,664 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Seznam.cz\bin\wszndesktop.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2012.04.25 17:01:27 | 000,524,288 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2012.04.24 20:45:35 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav
[2012.04.25 17:01:27 | 030,932,992 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2012.04.25 17:01:27 | 005,767,168 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\drivers\*.sys /3 >
[2013.11.03 09:56:03 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
< %systemroot%\system32\*.* /3 >
[2013.11.03 18:36:16 | 000,002,504 | ---- | M] () -- C:\WINDOWS\system32\CONFIG.NT
[2013.11.04 14:48:25 | 000,104,340 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2013.11.04 14:48:25 | 000,091,032 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2013.11.04 14:48:25 | 000,493,094 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2013.11.04 14:48:25 | 000,493,864 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2013.11.04 14:48:25 | 001,201,148 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2013.11.04 14:52:10 | 000,002,228 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 -- [2007.12.13 18:10:56 | 001,688,872 | ---- | M] (Nero AG)
"ICQ" = "C:\Program Files\ICQ7.5\ICQ.exe" silent loginmode=4 -- [2011.08.01 09:28:16 | 000,124,480 | ---- | M] (ICQ, LLC.)
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 12:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< >
< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013.11.04 19:25:13 | 000,000,512 | ---- | M] () MD5=B8E05A84D5AB36CB305AF0B8171B024D -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[2012.11.03 18:39:15 | 004,724,856 | ---- | M] () -- \Downloads\the-sims-2-crack.rar
[2011.07.05 17:28:28 | 000,000,832 | ---- | M] () -- \Program Files\BitComet\torrents\the-sims-3-po-setmeni-crack-na-verzi-6-5-1.rar.xml
< *keygen* /s >
< *AntiWPA* /s >
< *loader* /s >
[2013.08.22 13:18:30 | 000,151,720 | ---- | M] () -- \AdwCleaner\Quarantine\C\Program Files\WinZipper\TrayDownloader.exe.vir
[2013.03.29 12:37:34 | 000,059,384 | ---- | M] () -- \Documents and Settings\Administrator\Data aplikací\Seznam.cz\bin\28490libfoxloader.dll
[2013.04.15 12:32:10 | 000,060,416 | ---- | M] () -- \Documents and Settings\Administrator\Data aplikací\Seznam.cz\bin\28494libfoxloader-x64.dll
[2013.07.09 07:31:03 | 000,000,165 | ---- | M] () -- \Documents and Settings\Administrator\Data aplikací\Seznam.cz\conf\szndesktop.d\libfoxloader.conf
[2013.01.09 11:41:56 | 000,030,608 | ---- | M] () -- \Documents and Settings\Administrator\Data aplikací\Seznam.cz\install\cz.seznam.software.libfoxloader-3.0.0-win32.zip
[2013.03.25 15:27:20 | 000,000,665 | ---- | M] () -- \Documents and Settings\Administrator\Data aplikací\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_1_2.install.bat
[2013.03.25 15:27:26 | 000,000,117 | ---- | M] () -- \Documents and Settings\Administrator\Data aplikací\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_1_2.uninstall.bat
[2011.07.03 03:32:14 | 000,057,856 | ---- | M] () -- \Documents and Settings\Administrator\Plocha\Vše ..tady
\Gabiša\Gábí\Gabiša\hry\Razor\Loader.dll
[2007.12.11 15:33:20 | 000,000,232 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Nero\Nero8\OnlineServices\NOSWebConfig\MySpace\uploadError.xml
[2011.04.17 12:05:01 | 000,001,479 | ---- | M] () -- \Documents and Settings\All Users\Nabídka Start\Programy\SoundMAX\DLS Loader.lnk
[2003.06.26 17:10:12 | 000,106,496 | ---- | M] () -- \Program Files\Analog Devices\SoundMAX\DLSLoader.exe
[2002.08.30 14:09:00 | 000,000,595 | ---- | M] () -- \Program Files\Analog Devices\SoundMAX\DLSLoader.exe.manifest
[2006.10.26 12:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\coloader.dll
[2006.10.26 12:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\coloader.tlb
[2007.12.13 21:25:38 | 000,111,912 | ---- | M] () -- \Program Files\Common Files\Nero\Shared\NSCLoader.dll
[2012.11.08 17:40:09 | 000,005,795 | ---- | M] () -- \Program Files\ICQ7.5\imApp\theme\IMAGES\XtraPreloader\loader.jpg
[2012.11.08 17:40:10 | 000,004,180 | ---- | M] () -- \Program Files\ICQ7.5\imApp\theme\IMAGES\XtraPreloader\zlango-preloader.png
[2012.11.08 17:40:08 | 000,005,520 | ---- | M] () -- \Program Files\ICQ7.5\imApp\theme\MUICoreLib\xtraLoader.swf
[2012.11.08 18:43:04 | 000,002,886 | ---- | M] () -- \Program Files\ICQ7.5\Xtraz\icq\content\babylon_feed\preloader01_b.swf
[2012.11.08 17:40:39 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.5\Xtraz\icq\content\profile_lightboxs\preloader.html
[2008.06.19 03:19:24 | 000,049,152 | ---- | M] () -- \Program Files\Razor\Loader.dll
[2013.01.09 11:41:56 | 000,030,608 | ---- | M] () -- \Program Files\Seznam.cz\distribution\install\cz.seznam.software.libfoxloader-3.0.0-win32.zip
[2008.02.25 07:05:22 | 000,856,064 | ---- | M] () -- \Program Files\The KMPlayer\ImLoader.dll
[2006.12.23 16:37:56 | 000,044,032 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2011.04.13 16:23:05 | 000,082,784 | ---- | M] () -- \WINDOWS\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2008.04.14 04:21:39 | 000,035,840 | ---- | M] () -- \WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\dmloader.dll
[2008.04.13 19:31:47 | 000,230,912 | ---- | M] () -- \WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\osloader.exe
[2008.04.13 19:31:48 | 000,278,528 | ---- | M] () -- \WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\osloader.ntd
[2008.04.14 12:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[1 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2008.04.14 12:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dllcache\dmloader.dll
[2003.06.26 17:10:12 | 000,106,496 | ---- | M] () -- \zaloha\Ovladač na Audio\SoundMAX Synthesizer\DLSLoader.exe
< *minodlogin* /s >
< *tnod* /s >
[2013.11.03 17:29:55 | 000,040,320 | ---- | M] () -- \Program Files\BitComet\rules\dhtnodes.dat
< *AutoKMS* /s >
< *activator* /s >
< *serial* /s >
[2004.08.17 15:44:16 | 000,030,301 | ---- | M] () -- \cmdcons\SERIAL.SY_
[2010.01.14 16:06:45 | 000,415,592 | ---- | M] () -- \Program Files\Microsoft Silverlight\3.0.40818.0\System.Runtime.Serialization.dll
[2010.04.07 22:48:30 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2012.04.25 15:21:42 | 000,011,776 | ---- | M] () -- \WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.5000.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2012.04.25 15:21:41 | 000,135,168 | ---- | M] () -- \WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2012.04.25 15:31:57 | 000,011,776 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012.11.15 18:10:04 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2012.04.25 15:32:35 | 000,090,112 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2011.04.21 17:05:49 | 000,970,752 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2012.11.15 19:19:57 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\709bb78b419d5d5e30f2acfd722abb29\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2012.11.15 19:21:19 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\7efd419147611323505605be3ecee5d5\System.Runtime.Serialization.ni.dll
[2011.04.19 04:22:15 | 000,966,656 | ---- | M] () -- \WINDOWS\assembly\tmp\JQVZ48DI\System.Runtime.Serialization.dll
[2007.02.17 05:24:42 | 000,135,168 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
[2003.04.07 18:24:52 | 000,011,776 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v1.1.4322\cs\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2008.07.25 10:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2008.09.10 17:46:28 | 000,011,776 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.04.07 22:48:30 | 000,970,752 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2008.04.14 03:17:25 | 000,028,416 | ---- | M] () -- \WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\grserial.sys
[2008.04.14 03:21:08 | 000,064,256 | ---- | M] () -- \WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\serial.sys
[2007.06.27 13:59:02 | 000,131,072 | ---- | M] () -- \WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\system.runtime.serialization.formatters.soap.dll
[2008.04.14 12:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2008.04.14 12:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[1 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2008.04.14 12:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dllcache\dpserial.dll
[2008.04.14 12:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\dllcache\serialui.dll
[2008.04.14 12:00:00 | 000,064,256 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys
< *w7lxe* /s >
< >
< >
========== Files - Unicode (All) ==========
[2011.04.16 11:05:01 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\data aplikac??) -- C:\Documents and Settings\All Users\data aplikacᅢᆳ
[2011.04.16 11:05:01 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\data aplikac??) -- C:\Documents and Settings\Administrator\data aplikacᅢᆳ
[2011.04.16 11:05:01 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\data aplikac??) -- C:\Documents and Settings\All Users\data aplikacᅢᆳ
[2011.04.16 11:05:01 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\data aplikac??) -- C:\Documents and Settings\Administrator\data aplikacᅢᆳ
(C:\Documents and Settings\All Users\data aplikac??) -- C:\Documents and Settings\All Users\data aplikacᅢᆳ
(C:\Documents and Settings\Administrator\data aplikac??) -- C:\Documents and Settings\Administrator\data aplikacᅢᆳ
========== Alternate Data Streams ==========
@Alternate Data Stream - 6144 bytes -> C:\WINDOWS\Cursors\arrow_n.cur:NEDTA.DAT
< End of report >
Znovu spustte RogueKiller (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.) 
Muzu se zeptat, co jste provadeli s Avengerem?