no a tady jsou logy z OTL:
OTL logfile created on: 7.3.2013 1:06:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\sadra\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 62,92% Memory free
3,85 Gb Paging File | 3,31 Gb Available in Paging File | 85,92% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146,48 Gb Total Space | 6,08 Gb Free Space | 4,15% Space Free | Partition Type: NTFS
Drive D: | 151,60 Gb Total Space | 46,63 Gb Free Space | 30,76% Space Free | Partition Type: NTFS
Drive F: | 3,61 Gb Total Space | 3,39 Gb Free Space | 94,00% Space Free | Partition Type: FAT32
Computer Name: PC1 | User Name: sadra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2013.03.07 01:03:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sadra\Plocha\OTL.exe
PRC - [2013.02.28 09:36:01 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013.02.28 09:36:01 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2011.12.12 13:07:00 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2011.01.14 12:35:56 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
PRC - [2008.10.05 14:01:26 | 007,430,144 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008.10.05 14:01:24 | 007,434,240 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008.07.11 19:00:06 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.02.26 02:23:34 | 000,443,968 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
PRC - [2006.11.15 10:40:10 | 000,258,560 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
========== Modules (No Company Name) ==========
MOD - [2013.03.06 10:35:30 | 002,065,920 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13030600\algo.dll
MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008.10.04 15:27:20 | 000,963,072 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2008.07.11 19:00:06 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
MOD - [2007.12.07 14:24:56 | 000,117,256 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\ycc.dll
MOD - [2007.04.19 06:26:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
MOD - [2007.02.28 18:34:04 | 000,643,142 | ---- | M] () -- C:\WINDOWS\aticlocklib.dll
========== Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013.03.06 16:08:02 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.28 09:36:01 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2011.12.12 13:07:00 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2011.01.14 12:35:56 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe -- (NitroReaderDriverReadSpool)
SRV - [2008.07.11 19:00:06 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2006.11.15 10:40:10 | 000,258,560 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\sadra\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\asusgsb32.sys -- (asusgsb)
DRV - [2013.03.06 23:00:30 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2013.02.28 09:36:37 | 000,765,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013.02.28 09:36:37 | 000,368,248 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013.02.28 09:36:37 | 000,163,784 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013.02.28 09:36:37 | 000,062,448 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013.02.28 09:36:36 | 000,066,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013.02.28 09:36:36 | 000,049,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013.02.28 09:36:36 | 000,049,320 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013.02.28 09:36:35 | 000,029,880 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.06.19 09:54:20 | 006,141,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009.11.18 00:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 00:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.06.16 08:08:42 | 000,109,184 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007.02.14 15:09:08 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2006.09.29 10:06:26 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)
DRV - [2006.06.14 13:44:30 | 000,012,288 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.com/results.aspx?q={ ... rer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-73586283-299502267-1417001333-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com
IE - HKU\S-1-5-21-73586283-299502267-1417001333-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ie
IE - HKU\S-1-5-21-73586283-299502267-1417001333-1005\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-73586283-299502267-1417001333-1005\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-73586283-299502267-1417001333-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-73586283-299502267-1417001333-1005\..\SearchScopes\{240D7573-66D5-41A7-9FDD-5C7830053BB4}: "URL" =
http://websearch.ask.com/redirect?clien ... D73FDF1578
IE - HKU\S-1-5-21-73586283-299502267-1417001333-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.com/search?q={searchT ... 1I7SKPT_cs
IE - HKU\S-1-5-21-73586283-299502267-1417001333-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-73586283-299502267-1417001333-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\sadra\Local Settings\Data aplikací\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url =
http://www.google.com/search?q={searchT ... 1I7SKPT_cs
CHR - default_search_provider: suggest_url =
CHR - homepage:
http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = D:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: (Enabled) = C:\Program Files\Photosynth\npPhotosynthMozilla.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\sadra\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Documents and Settings\sadra\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: FlashPlayer Extension V11.2 = C:\Documents and Settings\sadra\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\dceiojpfddghojpmfheadkiilbnlimib\11.0_1\
CHR - Extension: avast! WebRep = C:\Documents and Settings\sadra\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1482_0\
CHR - Extension: Gmail = C:\Documents and Settings\sadra\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2013.03.05 21:42:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-73586283-299502267-1417001333-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF32032.3XE (Microsoft Corporation)
O4 - HKLM..\Run: [GEST] = File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKU\S-1-5-21-73586283-299502267-1417001333-1005..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\sadra\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-73586283-299502267-1417001333-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-73586283-299502267-1417001333-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-73586283-299502267-1417001333-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}
http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{443AF59E-B636-4D50-8A04-09081937BC4A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\sadra\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\sadra\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.03.02 13:47:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FMVC - C:\WINDOWS\System32\fmcodec.DLL (Fox Magic Software)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - xvidvfw.dll File not found
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2013.03.07 01:05:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sadra\Plocha\OTL.exe
[2013.03.06 23:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.03.06 22:56:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.03.06 22:26:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
[2013.03.06 21:28:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sadra\Dokumenty\My Received Files
[2013.03.06 21:28:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sadra\Local Settings\Data aplikací\iMesh
[2013.03.06 19:11:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Chrome
[2013.03.06 19:08:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\sadra\Recent
[2013.03.06 18:48:07 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2013.03.06 18:48:05 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2013.03.06 18:48:05 | 000,065,640 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstIIXP.dll
[2013.03.06 18:48:05 | 000,011,368 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoLDRXP.dll
[2013.03.06 18:48:03 | 001,395,800 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\Monfilt.sys
[2013.03.06 18:48:00 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2013.03.06 18:47:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.03.06 18:25:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Lavalys
[2013.03.06 18:25:34 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2013.03.06 16:08:02 | 000,691,568 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.03.06 16:08:02 | 000,071,024 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.03.05 21:42:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013.03.05 21:34:13 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013.03.04 23:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\avast! Free Antivirus
[2013.03.04 23:12:56 | 000,368,248 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013.03.04 23:12:56 | 000,029,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013.03.04 23:12:54 | 000,049,832 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013.03.04 23:12:53 | 000,765,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013.03.04 23:12:53 | 000,062,448 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013.03.04 23:12:51 | 000,228,600 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013.03.04 23:12:51 | 000,066,408 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013.03.04 23:12:30 | 000,041,664 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013.03.04 23:12:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.03.04 23:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2013.03.04 22:37:57 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\sadra\Plocha\rkill.com
[2013.03.04 22:04:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sadra\Plocha\mbar
[2013.03.04 21:44:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\CCleaner
[2013.03.04 21:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.03.04 19:37:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sadra\Data aplikací\Malwarebytes
[2013.03.04 19:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2013.03.04 19:37:38 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.03.04 19:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.04 19:37:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2013.03.04 19:37:01 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\sadra\Plocha\mbam-setup-1.70.0.1100.exe
[2013.03.03 22:02:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.03.03 21:57:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.03.03 21:57:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.03.03 21:57:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.03.03 21:57:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.03.03 21:52:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.03 21:52:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.03.03 21:46:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\sadra\Nabídka Start\Programy\Nástroje pro správu
[2013.03.03 21:46:19 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\sadra\Plocha\dds.exe
[2013.03.03 21:45:57 | 005,036,545 | R--- | C] (Swearware) -- C:\Documents and Settings\sadra\Plocha\ComboFix.exe
[2013.03.03 21:28:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sadra\Plocha\RK_Quarantine
[2013.03.03 21:12:19 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013.03.03 21:12:19 | 000,000,000 | ---D | C] -- C:\rsit
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2013.03.07 01:08:35 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.03.07 01:03:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sadra\Plocha\OTL.exe
[2013.03.07 00:54:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.07 00:40:02 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.03.06 23:12:00 | 000,000,314 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013.03.06 23:05:52 | 000,001,723 | ---- | M] () -- C:\Documents and Settings\sadra\Nabídka Start\Programy\Po spuštění\Sledovat výstrahy inkoustu - HP Deskjet 5520 series.lnk
[2013.03.06 23:05:50 | 000,088,723 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013.03.06 23:05:49 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.06 23:00:30 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2013.03.06 23:00:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.03.06 21:30:16 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013.03.06 20:40:01 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2013.03.06 19:11:07 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
[2013.03.06 18:35:37 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.03.06 18:28:02 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2013.03.06 18:25:37 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\sadra\Plocha\EVEREST Ultimate Edition.lnk
[2013.03.06 16:08:02 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.03.06 16:08:02 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.03.06 16:03:24 | 000,597,667 | ---- | M] () -- C:\Documents and Settings\sadra\Plocha\adwcleaner.exe
[2013.03.06 14:00:01 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2013.03.06 10:10:02 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013.03.05 21:42:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.03.05 20:34:54 | 005,036,545 | R--- | M] (Swearware) -- C:\Documents and Settings\sadra\Plocha\ComboFix.exe
[2013.03.04 23:12:57 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2013.03.04 23:12:51 | 000,002,504 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013.03.04 23:05:51 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013.03.04 22:40:34 | 000,000,396 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013.03.04 22:37:00 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\sadra\Plocha\rkill.com
[2013.03.04 21:44:42 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
[2013.03.04 19:37:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
[2013.03.04 19:31:32 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\sadra\Plocha\mbam-setup-1.70.0.1100.exe
[2013.03.03 22:02:10 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013.03.03 21:44:58 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\sadra\Plocha\dds.exe
[2013.03.03 21:22:36 | 000,816,640 | ---- | M] () -- C:\Documents and Settings\sadra\Plocha\RogueKiller.exe
[2013.03.03 21:22:18 | 000,881,950 | ---- | M] () -- C:\Documents and Settings\sadra\Plocha\SecurityCheck.exe
[2013.03.03 21:10:56 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\sadra\Plocha\RSIT.exe
[2013.03.02 14:25:19 | 000,034,309 | ---- | M] () -- C:\Documents and Settings\sadra\Plocha\tumblr_mad8j3SHr91qc0vi3o1_500_large.jpg
[2013.03.02 14:21:11 | 000,111,243 | ---- | M] () -- C:\Documents and Settings\sadra\Plocha\tumblr_mivj9i8OBo1rvjhi0o1_500_large.jpg
[2013.03.01 16:28:59 | 000,047,303 | ---- | M] () -- C:\Documents and Settings\sadra\Plocha\58455_523297647692662_1313561276_n.jpg
[2013.02.28 23:03:35 | 000,184,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.02.28 19:19:10 | 000,442,636 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.02.28 19:19:10 | 000,440,000 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2013.02.28 19:19:10 | 000,081,994 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2013.02.28 19:19:10 | 000,069,670 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.02.28 09:36:37 | 000,765,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013.02.28 09:36:37 | 000,368,248 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013.02.28 09:36:37 | 000,163,784 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013.02.28 09:36:37 | 000,062,448 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013.02.28 09:36:36 | 000,066,408 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013.02.28 09:36:36 | 000,049,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013.02.28 09:36:36 | 000,049,320 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013.02.28 09:36:35 | 000,029,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013.02.28 09:36:07 | 000,041,664 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013.02.28 09:35:59 | 000,228,600 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.03.07 01:08:35 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.03.06 19:11:07 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
[2013.03.06 18:48:03 | 000,025,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2013.03.06 18:25:37 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\sadra\Plocha\EVEREST Ultimate Edition.lnk
[2013.03.06 16:08:03 | 000,000,914 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.03.06 16:03:23 | 000,597,667 | ---- | C] () -- C:\Documents and Settings\sadra\Plocha\adwcleaner.exe
[2013.03.04 23:12:57 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2013.03.04 23:12:53 | 000,163,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013.03.04 23:12:52 | 000,049,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013.03.04 23:12:51 | 000,000,314 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013.03.04 21:44:42 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
[2013.03.04 19:37:39 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
[2013.03.03 22:02:10 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013.03.03 22:02:06 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2013.03.03 21:57:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.03.03 21:57:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.03.03 21:57:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.03.03 21:57:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.03.03 21:57:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.03.03 21:23:16 | 000,816,640 | ---- | C] () -- C:\Documents and Settings\sadra\Plocha\RogueKiller.exe
[2013.03.03 21:23:12 | 000,881,950 | ---- | C] () -- C:\Documents and Settings\sadra\Plocha\SecurityCheck.exe
[2013.03.03 21:12:11 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\sadra\Plocha\RSIT.exe
[2013.03.02 14:25:18 | 000,034,309 | ---- | C] () -- C:\Documents and Settings\sadra\Plocha\tumblr_mad8j3SHr91qc0vi3o1_500_large.jpg
[2013.03.02 14:21:10 | 000,111,243 | ---- | C] () -- C:\Documents and Settings\sadra\Plocha\tumblr_mivj9i8OBo1rvjhi0o1_500_large.jpg
[2013.03.01 16:28:59 | 000,047,303 | ---- | C] () -- C:\Documents and Settings\sadra\Plocha\58455_523297647692662_1313561276_n.jpg
[2013.02.14 18:40:38 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2013.01.20 18:28:17 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\Ament.ini
[2012.11.09 15:58:57 | 000,075,776 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe
[2012.11.06 06:49:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.09.28 17:29:51 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2012.09.28 16:25:42 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\sadra\Local Settings\Data aplikací\d3d9caps.dat
[2012.09.03 19:48:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.11.18 12:52:53 | 000,000,406 | ---- | C] () -- C:\WINDOWS\barcode.ini
[2011.11.18 12:46:21 | 000,000,394 | ---- | C] () -- C:\WINDOWS\capture.ini
[2011.07.24 11:21:11 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\sadra\.recently-used.xbel
[2011.07.09 19:42:36 | 000,018,980 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.06.14 19:15:06 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\.zreglib
[2011.06.02 14:28:45 | 000,001,136 | ---- | C] () -- C:\Documents and Settings\sadra\Local Settings\Data aplikací\SRDownloader.nast
[2011.04.11 16:22:08 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6e.DLL
[2011.03.28 19:06:41 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\sadra\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.28 19:04:35 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\sadra\default.pls
[2011.03.27 17:04:53 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.03.27 14:49:37 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
========== ZeroAccess Check ==========
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011.11.01 21:36:07 | 001,510,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.12.20 23:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.02.13 02:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\2E3D8
[2011.04.09 19:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\aliasworlds
[2013.03.04 23:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2012.11.29 16:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Big Fish Games
[2011.07.04 14:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Easybits GO
[2013.03.03 21:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2013.02.13 02:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\iMesh
[2011.03.29 08:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Nitro PDF
[2012.09.29 10:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2013.01.20 18:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Visan
[2013.02.13 02:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Wincert
[2013.02.13 12:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Zoner
[2011.07.09 19:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013.02.13 02:12:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\{EC76B119-3D47-4A2C-8BDC-5CCE7F3C15AB}
[2013.01.17 19:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dagmar\Data aplikací\searchresultstb
[2011.04.09 19:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\aliasworlds
[2012.11.09 15:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\CAD-KAS
[2011.03.11 17:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\GHISLER
[2012.11.29 16:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\go
[2011.04.17 17:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\ICQ
[2011.04.03 16:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\My Games
[2013.02.27 13:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\Nitro PDF
[2011.04.11 16:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\OpenOffice.org
[2013.03.04 22:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\Systweak
[2013.02.13 12:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\Zoner
========== Purity Check ==========
========== Custom Scans ==========
< >
[2011.03.02 13:46:19 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2011.03.02 13:50:52 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2011.03.27 17:04:50 | 000,000,934 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2011.03.27 17:04:51 | 000,000,938 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2011.07.09 19:14:04 | 000,000,284 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2013.01.20 18:28:59 | 000,000,452 | ---- | C] () -- C:\WINDOWS\Tasks\At1.job
[2013.01.20 18:28:59 | 000,000,452 | ---- | C] () -- C:\WINDOWS\Tasks\At2.job
[2013.01.20 18:28:59 | 000,000,452 | ---- | C] () -- C:\WINDOWS\Tasks\At3.job
[2013.01.20 18:28:59 | 000,000,452 | ---- | C] () -- C:\WINDOWS\Tasks\At4.job
[2013.02.27 15:14:10 | 000,000,396 | -H-- | C] () -- C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
[2013.03.04 23:12:51 | 000,000,314 | -H-- | C] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2013.03.06 16:08:03 | 000,000,914 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
< >
< MD5 for: ATAPI.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2008.04.14 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\dllcache\autochk.exe
< MD5 for: CDROM.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 13:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2011.05.09 23:48:16 | 000,062,592 | ---- | M] (Microsoft Corporation) MD5=7B53584D94E9D8716B2DE91D5F1CB42D -- C:\WINDOWS\system32\dllcache\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 13:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\hal.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\erdnt\cache\scecli.dll
[2008.04.14 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SERVICES.EXE >
[2009.02.09 12:18:56 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=3D107D45CCFDB266E91D84B52CD7F430 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009.02.09 12:18:56 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=3D107D45CCFDB266E91D84B52CD7F430 -- C:\WINDOWS\erdnt\cache\Services.exe
[2009.02.09 12:18:56 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=3D107D45CCFDB266E91D84B52CD7F430 -- C:\WINDOWS\system32\Services.exe
[2008.04.14 13:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
< MD5 for: SVCHOST.EXE >
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.14 13:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\erdnt\cache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008.04.14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008.04.14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< >
< %systemroot%*.* /U /s >
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\64977dd4b927f70f9354a02f691b30bb\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\64977dd4b927f70f9354a02f691b30bb\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\9eb79fa4503281df2278b3299cd9c4d6\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\9eb79fa4503281df2278b3299cd9c4d6\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.11.18 12:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\Adobe
[2011.07.08 10:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\Ahead
[2011.04.09 19:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\aliasworlds
[2012.01.03 17:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\Apple Computer
[2012.11.09 15:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\CAD-KAS
[2011.11.18 12:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\Corel
[2011.03.11 17:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\GHISLER
[2012.11.29 16:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\go
[2011.03.28 18:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\Google
[2013.02.20 09:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\HpUpdate
[2011.04.17 17:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\ICQ
[2011.03.11 17:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\Identities
[2011.03.28 18:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\Macromedia
[2013.03.04 19:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\Malwarebytes
[2011.11.18 12:43:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\sadra\Data aplikací\Microsoft
[2011.03.29 09:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\Mozilla
[2011.04.03 16:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\My Games
[2013.02.27 13:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\Nitro PDF
[2011.04.11 16:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\OpenOffice.org
[2013.03.04 21:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\Skype
[2011.05.28 16:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\skypePM
[2013.03.04 22:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\Systweak
[2011.11.18 12:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\WinRAR
[2013.02.13 12:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sadra\Data aplikací\Zoner
< %APPDATA%\*.exe /s >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job >
[2013.03.07 00:40:02 | 000,000,914 | ---- | M] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2013.02.14 18:57:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2013.03.06 10:10:02 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2013.03.06 20:40:01 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2013.03.06 18:28:02 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2013.03.06 14:00:01 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2013.03.06 23:12:00 | 000,000,314 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2013.03.06 23:05:49 | 000,000,934 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2013.03.07 00:54:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2013.03.04 22:40:34 | 000,000,396 | -H-- | M] () -- C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2011.03.02 14:38:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011.03.02 14:38:24 | 001,069,056 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011.03.02 14:38:23 | 000,499,712 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2013.03.04 23:12:51 | 000,002,504 | ---- | M] () -- C:\WINDOWS\system32\CONFIG.NT
[2013.03.06 16:08:02 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\FlashPlayerApp.exe
[2013.03.06 16:08:02 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
[2013.03.06 23:05:50 | 000,088,723 | ---- | M] () -- C:\WINDOWS\system32\nvapps.xml
[2013.03.06 18:35:37 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Picasa Media Detector" = C:\Program Files\Picasa2\PicasaMediaDetector.exe -- [2008.02.26 02:23:34 | 000,443,968 | ---- | M] (Google Inc.)
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 13:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009.03.08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2013.03.01 00:08:21 | 001,274,832 | ---- | M] (Google Inc.) MD5=1502417B401F5206ADE73995571AE8CB -- C:\Program Files\Google\Chrome\Application\chrome.exe
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013.03.07 01:08:35 | 000,000,512 | ---- | M] () MD5=F22376092F3AAFAFD525ED06C0A641C1 -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[2011.09.30 18:14:06 | 011,971,608 | ---- | M] () -- \Documents and Settings\sadra\Plocha\stare songy\Eminem Crack A Bottle Official Music Video HD.mp3
[2002.12.18 17:10:46 | 000,092,827 | ---- | M] () -- \Program Files\Corel\Corel Graphics 12\Custom Data\Bumpmap\Cracks.cpt
[2002.12.16 18:44:50 | 000,016,068 | ---- | M] () -- \Program Files\Corel\Corel Graphics 12\Custom Data\Canvas\cracks2c.pcx
[2002.12.16 18:44:30 | 000,010,560 | ---- | M] () -- \Program Files\Corel\Corel Graphics 12\Custom Data\Tiles\CRACKS2M.CPT
[2010.10.04 21:50:56 | 000,062,238 | ---- | M] () -- \Program Files\GIMP-2.0\share\gimp\2.0\patterns\cracked.pat
< *keygen* /s >
< *loader* /s >
[2012.12.04 17:00:50 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.gif
[2012.12.04 17:00:50 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.png
[2012.12.04 17:00:50 | 000,009,772 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\retina\
loader@2x.png
[2012.12.13 20:55:28 | 000,001,136 | ---- | M] () -- \Documents and Settings\sadra\Local Settings\Data aplikací\SRDownloader.nast
[2011.10.12 15:04:18 | 000,006,643 | ---- | M] () -- \Documents and Settings\sadra\Local Settings\Data aplikací\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.1.403\js\downloader.js
[2011.10.12 15:04:18 | 000,006,643 | ---- | M] () -- \Documents and Settings\sadra\Local Settings\Data aplikací\Microsoft\BingBar\Apps\FacebookLike_08e57417866d4faa981702780b0d36c4\7.1.391\js\downloader.js
[2011.10.12 15:04:18 | 000,006,643 | ---- | M] () -- \Documents and Settings\sadra\Local Settings\Data aplikací\Microsoft\BingBar\Apps\fbsharedservices_bb9c6e8b961d477e9ec95f9698bde610\7.1.391\js\downloader.js
[2011.10.12 15:04:18 | 000,006,643 | ---- | M] () -- \Documents and Settings\sadra\Local Settings\Data aplikací\Microsoft\BingBar\Apps\Featured_ce53daa069a4a3ad2e3d7d81081f340d\7.1.391\js\downloader.js
[2012.01.31 16:16:24 | 000,006,643 | ---- | M] () -- \Documents and Settings\sadra\Local Settings\Data aplikací\Microsoft\BingBar\Apps\Chat_cf57b0088a3b4f61a0bfaad0ba784240\7.1.361\js\downloader.js
[2013.03.06 21:29:29 | 000,003,208 | ---- | M] () -- \Documents and Settings\sadra\Local Settings\Temporary Internet Files\Content.IE5\D6HF0YGG\Loader[1].gif
[2013.03.06 21:29:38 | 000,003,208 | ---- | M] () -- \Documents and Settings\sadra\Local Settings\Temporary Internet Files\Content.IE5\GECJ66WQ\djContentLoader[1].gif
[2013.03.06 21:29:38 | 000,003,208 | ---- | M] () -- \Documents and Settings\sadra\Local Settings\Temporary Internet Files\Content.IE5\GECJ66WQ\djLoader[1].gif
[2007.06.27 19:03:00 | 000,177,448 | ---- | M] () -- \Program Files\Common Files\Ahead\Lib\NeGuideStoreLoader.dll
[2012.08.27 20:33:18 | 000,008,827 | ---- | M] () -- \Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\HeapSnapshotLoader.js
[2010.02.07 21:40:00 | 000,000,543 | ---- | M] () -- \Program Files\GIMP-2.0\etc\gtk-2.0\gdk-pixbuf.loaders
[2009.12.15 17:58:18 | 000,017,056 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-ani.dll
[2009.12.15 17:58:20 | 000,018,592 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-bmp.dll
[2009.12.15 17:58:24 | 000,026,272 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-gif.dll
[2009.12.15 17:58:26 | 000,012,960 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-icns.dll
[2009.12.15 17:58:28 | 000,017,568 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-ico.dll
[2009.12.15 17:58:56 | 000,019,616 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-jpeg.dll
[2009.12.15 17:59:04 | 000,015,008 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-pcx.dll
[2009.12.15 17:59:06 | 000,019,104 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-png.dll
[2009.12.15 17:59:10 | 000,017,056 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-pnm.dll
[2009.12.15 17:59:14 | 000,012,448 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-ras.dll
[2009.12.15 17:59:16 | 000,016,544 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-tga.dll
[2009.12.15 17:59:20 | 000,016,544 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-tiff.dll
[2009.12.15 17:59:22 | 000,011,936 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-wbmp.dll
[2009.12.15 17:59:24 | 000,013,984 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-xbm.dll
[2009.12.15 17:59:28 | 000,028,320 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-xpm.dll
[2009.05.01 19:42:00 | 000,009,880 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\svg_loader.dll
[2009.10.06 06:08:30 | 000,145,082 | ---- | M] () -- \Program Files\HP\HP Deskjet 5520 series\Bin\HelpViewer\Resources\Loader.gif
[2012.06.14 13:24:02 | 000,819,200 | ---- | M] () -- \Program Files\iMesh Applications\iMesh\BerkeleyLoader.dll
[2012.06.14 13:24:02 | 003,552,808 | ---- | M] () -- \Program Files\iMesh Applications\iMesh\ImageUploader5.ocx
[2011.10.12 15:04:18 | 000,006,643 | ---- | M] () -- \Program Files\Microsoft\BingBar\7.1.391.0\apps\facebook\7.1.391\js\downloader.js
[2011.10.12 15:04:18 | 000,006,643 | ---- | M] () -- \Program Files\Microsoft\BingBar\7.1.391.0\apps\facebooklike\7.1.391\js\downloader.js
[2011.10.12 15:04:18 | 000,006,643 | ---- | M] () -- \Program Files\Microsoft\BingBar\7.1.391.0\apps\fbsharedservices\7.1.391\js\downloader.js
[2011.10.12 15:04:18 | 000,006,643 | ---- | M] () -- \Program Files\Microsoft\BingBar\7.1.391.0\apps\featured\7.1.391\js\downloader.js
[2011.10.12 15:04:18 | 000,006,643 | ---- | M] () -- \Program Files\Microsoft\BingBar\7.1.391.0\apps\games\7.1.391\js\shared\downloader.js
[2011.10.12 15:04:18 | 000,006,643 | ---- | M] () -- \Program Files\Microsoft\BingBar\7.1.391.0\apps\chat\7.1.391\js\downloader.js
[2011.10.12 15:04:18 | 000,006,643 | ---- | M] () -- \Program Files\Microsoft\BingBar\7.1.391.0\scripts\io\downloader.js
[2008.10.05 13:17:34 | 000,006,308 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.py
[2013.01.14 14:01:51 | 000,006,687 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.pyc
[2008.10.04 22:00:58 | 000,015,872 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.dll
[2008.10.05 14:02:04 | 000,000,171 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.ini
[2008.10.04 15:50:10 | 000,021,504 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\bin\javaloader.uno.dll
[2008.10.04 21:22:34 | 000,003,871 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\java\unoloader.jar
[2012.11.16 10:52:36 | 000,432,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Facebook\ZPSFacebookUploader.exe
[2010.04.29 14:12:40 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Facebook\ZPSPluginLoader.exe
[2012.10.18 16:47:30 | 000,442,368 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Flickr\ZPSFlickrUploader.exe
[2010.04.29 14:12:42 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Flickr\ZPSPluginLoader.exe
[2012.11.16 12:39:34 | 000,193,024 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Picasa\ZPSPicasaUploader.exe
[2010.04.29 14:12:40 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Picasa\ZPSPluginLoader.exe
[2012.12.04 17:20:18 | 000,103,520 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Program32\8bfLoader.exe
[2012.12.04 17:20:32 | 000,017,504 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Program32\WICLoader.exe
[2008.04.14 13:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[1 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2008.04.14 13:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dllcache\dmloader.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:3C0887BF
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:373DF935
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D1B5B4F1
< End of report >
Grr, kde se nam mrcha ukryva 
