VIRY.CZ

Dobrý den,
asi tak před rokem jsem měl rozsáhlé problémy s Virutem, ale záhadně za pomoci mnoha antiviru a hlavně Kaperskeho se mi "podařilo" vir odstranit a můj notebook jakš takž funguje. Jako zabezpečení používám Kaspersky Anti-Virus 2010.
Včera se mi sem tam začaly projevovat podivné věci a protože Kaspersky nic nehlásil vypnul jsem noťas, odpojil disk a vzal ho k jinému počítači na otestování. Kaspersky zase nic nenašel a tak jsem vyzkoušel různé online scanery a podivil jsem se. Na disku mám podle ESETu cca 239 souborů, které se jeví divně. Vkládám sem příklad jednoho z nich a prosím o Váš názor. Je to aktivní vir, nebo jenom pozůstatek po předchozí nákaze. Děkuji předem všem kdo se nad
tím zamyslí.
Všechny tyto soubory označil ESET Online scanner jako napadené Win32/Virut.NBP
Po předchozích zkušenostech s virutem mám trošku obavy.

Toto jsou testy 3 souborů na virustotal:
====================================================================
Soubor agrsmdel.exe přijatý 2010.05.20 16:22:36 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO

Výsledek: 3/41 (7.32%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: ___.
Odhadovaný čas začátku mezi ___ a ___ .
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Vytisknout výsledky Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov. Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.20.01 2010.05.20 -
AntiVir 8.2.1.242 2010.05.20 -
Antiy-AVL 2.0.3.7 2010.05.19 -
Authentium 5.2.0.5 2010.05.20 -
Avast 4.8.1351.0 2010.05.20 -
Avast5 5.0.332.0 2010.05.20 -
AVG 9.0.0.787 2010.05.20 -
BitDefender 7.2 2010.05.20 -
CAT-QuickHeal 10.00 2010.05.20 W32.Virut.Cur1
ClamAV 0.96.0.3-git 2010.05.20 -
Comodo 4893 2010.05.20 -
DrWeb 5.0.2.03300 2010.05.20 -
eSafe 7.0.17.0 2010.05.20 -
eTrust-Vet 35.2.7500 2010.05.20 -
F-Prot 4.5.1.85 2010.05.20 -
F-Secure 9.0.15370.0 2010.05.20 -
Fortinet 4.1.133.0 2010.05.20 W32/Virut.CE
GData 21 2010.05.20 -
Ikarus T3.1.1.84.0 2010.05.20 -
Jiangmin 13.0.900 2010.05.20 -
Kaspersky 7.0.0.125 2010.05.20 -
McAfee 5.400.0.1158 2010.05.20 -
McAfee-GW-Edition 2010.1 2010.05.20 -
Microsoft 1.5802 2010.05.20 -
NOD32 5132 2010.05.20 Win32/Virut.NBP
Norman 6.04.12 2010.05.20 -
nProtect 2010-05-20.02 2010.05.20 -
Panda 10.0.2.7 2010.05.20 -
PCTools 7.0.3.5 2010.05.20 -
Prevx 3.0 2010.05.20 -
Rising 22.48.03.04 2010.05.20 -
Sophos 4.53.0 2010.05.20 -
Sunbelt 6328 2010.05.20 -
Symantec 20101.1.0.89 2010.05.20 -
TheHacker 6.5.2.0.283 2010.05.19 -
TrendMicro 9.120.0.1004 2010.05.20 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.20 -
VBA32 3.12.12.5 2010.05.20 -
ViRobot 2010.5.20.2326 2010.05.20 -
VirusBuster 5.0.27.0 2010.05.20 -
Rozšiřující informace
File size: 62464 bytes
MD5...: 3d9839253b7c06410b059a1ae73aa54c
SHA1..: ad199a5b0a9630794191424d9966ba110bdca19e
SHA256: c2fb279d9869da51c2f15793e152d45c60003e25a18090fdeb0e7a18f193cb80
ssdeep: 1536:+UvlFFjWKnaJahhGbdS74LK2dU7g0eKIFf9bu:d9FFjWKaohhGEcKGU7gZK
IFfo

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5ba0
timedatestamp.....: 0xc0d1dd00L (invalid)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x7040 0x7200 6.34 187156478ad58b7fd6c5b5a51005ffa4
.rdata 0x9000 0x33f 0x400 4.48 7059923dc33d1ff3cfd59f0c26b3a05c
.data 0xa000 0x5058 0x3800 2.68 0ba3fef51c00413b66280575c205d366
.idata 0x10000 0xb00 0xc00 5.11 4dfde7bbe12fa60c024abafb3a2828fc
.rsrc 0x11000 0x3600 0x3600 4.98 232ff6bdd7fb49caa9ac1175bc1fff88

( 4 imports )
> KERNEL32.dll: DeleteFileA, GlobalFree, GlobalAlloc, FindClose, FindFirstFileA, lstrcpynA, GetPrivateProfileStringA, Sleep, OutputDebugStringA, SetFileAttributesA, MoveFileExA, FindNextFileA, GetShortPathNameA, CreateFileA, GetFileSize, CreateFileMappingA, MapViewOfFile, UnmapViewOfFile, CloseHandle, SetFilePointer, SetEndOfFile, GetWindowsDirectoryA, GetSystemDirectoryA, CreateDirectoryA, lstrcpyA, lstrcatA, lstrlenA, RemoveDirectoryA, GetCurrentProcess, TerminateProcess, HeapFree, GetVersionExA, MultiByteToWideChar, GetStringTypeA, LoadLibraryA, GetStringTypeW, WriteFile, RtlUnwind, GetProcAddress, GetStdHandle, SetHandleCount, GetOEMCP, GetACP, GetCPInfo, GetEnvironmentStringsW, GetCurrentDirectoryA, GetFullPathNameA, GetDriveTypeA, GetLastError, GetFileAttributesA, HeapAlloc, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, GetFileType, VirtualFree, HeapCreate, WideCharToMultiByte, LCMapStringA, LCMapStringW, HeapDestroy, FreeEnvironmentStringsW, GetEnvironmentStrings, VirtualAlloc, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA
> USER32.dll: ExitWindowsEx, LoadIconA, MessageBoxA, LoadStringA, FindWindowA, wsprintfA, SendMessageA
> ADVAPI32.dll: FreeSid, ControlService, DeleteService, CloseServiceHandle, RegEnumKeyExA, RegQueryValueExA, RegDeleteKeyA, RegOpenKeyExA, RegDeleteValueA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, OpenServiceA, OpenSCManagerA, EqualSid, AllocateAndInitializeSid, GetTokenInformation, RegSetValueExA, RegOpenKeyA
> SETUPAPI.dll: SetupDiGetClassDevsA, SetupDiEnumDeviceInfo, SetupDiGetDeviceRegistryPropertyA, SetupDiOpenDevRegKey, SetupDiCallClassInstaller, SetupDiDeleteDeviceInfo

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ 4.x (69.2%)
Win32 Executable MS Visual C++ (generic) (19.3%)
Win32 Executable Generic (4.3%)
Win32 Dynamic Link Library (generic) (3.8%)
Win16/32 Executable Delphi generic (1.0%)
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_respon ... 23-0550-99
sigcheck:
publisher....: LT
copyright....: Copyright (c) LT 1998
product......: LTRemove
description..: LTRemove
original name: ltremove.exe
internal name: LTRemove
file version.: 1.57
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
====================================================================
Soubor ieuninst.exe přijatý 2010.05.20 16:41:03 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO

Výsledek: 2/41 (4.88%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: ___.
Odhadovaný čas začátku mezi ___ a ___ .
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Vytisknout výsledky Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov. Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.20.01 2010.05.20 -
AntiVir 8.2.1.242 2010.05.20 TR/Crypt.XPACK.Gen
Antiy-AVL 2.0.3.7 2010.05.19 -
Authentium 5.2.0.5 2010.05.20 -
Avast 4.8.1351.0 2010.05.20 -
Avast5 5.0.332.0 2010.05.20 -
AVG 9.0.0.787 2010.05.20 -
BitDefender 7.2 2010.05.20 -
CAT-QuickHeal 10.00 2010.05.20 -
ClamAV 0.96.0.3-git 2010.05.20 -
Comodo 4893 2010.05.20 -
DrWeb 5.0.2.03300 2010.05.20 -
eSafe 7.0.17.0 2010.05.20 -
eTrust-Vet 35.2.7500 2010.05.20 -
F-Prot 4.5.1.85 2010.05.20 -
F-Secure 9.0.15370.0 2010.05.20 -
Fortinet 4.1.133.0 2010.05.20 -
GData 21 2010.05.20 -
Ikarus T3.1.1.84.0 2010.05.20 -
Jiangmin 13.0.900 2010.05.20 -
Kaspersky 7.0.0.125 2010.05.20 -
McAfee 5.400.0.1158 2010.05.20 -
McAfee-GW-Edition 2010.1 2010.05.20 -
Microsoft 1.5802 2010.05.20 -
NOD32 5133 2010.05.20 Win32/Virut.NBP
Norman 6.04.12 2010.05.20 -
nProtect 2010-05-20.02 2010.05.20 -
Panda 10.0.2.7 2010.05.20 -
PCTools 7.0.3.5 2010.05.20 -
Prevx 3.0 2010.05.20 -
Rising 22.48.03.04 2010.05.20 -
Sophos 4.53.0 2010.05.20 -
Sunbelt 6328 2010.05.20 -
Symantec 20101.1.0.89 2010.05.20 -
TheHacker 6.5.2.0.283 2010.05.19 -
TrendMicro 9.120.0.1004 2010.05.20 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.20 -
VBA32 3.12.12.5 2010.05.20 -
ViRobot 2010.5.20.2326 2010.05.20 -
VirusBuster 5.0.27.0 2010.05.20 -
Rozšiřující informace
File size: 37376 bytes
MD5...: c69b7719ee6f20976fabe355fba21a7e
SHA1..: 5a3cc9f7fd16f5c94e45334eaaeb67a1343b70c9
SHA256: 7df56dfa44a557bb019f3422d487ec312962353a5ae5a03de8d093038fec77c6
ssdeep: 768:ybBeyIjX+JzqYt4ppCVOGI0jROvkIoumBfVkJMqz2U+Xcv/:/hr+JzqYt4Ck
f08v2jfMMqz2Ucc

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3704
timedatestamp.....: 0xc0d1dd00L (invalid)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6732 0x6800 6.49 735cf76e39a721815fc48ba67d5a9a88
.data 0x8000 0x12d8 0xa00 2.14 a8d3dab30303719987e1514f276a2c68
.rsrc 0xa000 0x1c00 0x1c00 6.02 7f870f692384758a9467f5c2027ef37d

( 4 imports )
> ADVAPI32.dll: RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, RegCloseKey
> KERNEL32.dll: MultiByteToWideChar, GetPrivateProfileStringA, GetProcAddress, LoadLibraryA, FreeLibrary, lstrcpyA, GetCommandLineA, LocalFree, lstrcatA, lstrlenA, LocalAlloc, GetSystemDirectoryA, lstrcmpiA, GetVersionExA, FormatMessageA, WriteFile, CreateFileA, MoveFileA, DeleteFileA, SetFileAttributesA, lstrcpynA, GetFileAttributesA, GetWindowsDirectoryA, GetCurrentProcess, GetModuleHandleA, GetStartupInfoA, ExitProcess, GetStdHandle, GetModuleFileNameA, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetLastError, GetEnvironmentStringsW, SetHandleCount, GetFileType, DeleteCriticalSection, TlsFree, SetLastError, GetCurrentThreadId, TlsSetValue, TlsGetValue, TlsAlloc, HeapDestroy, HeapCreate, VirtualFree, HeapFree, LeaveCriticalSection, EnterCriticalSection, GetACP, GetOEMCP, GetCPInfo, HeapAlloc, InitializeCriticalSection, VirtualAlloc, HeapReAlloc, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, RtlUnwind, VirtualProtect, GetSystemInfo, VirtualQuery
> USER32.dll: MessageBoxA, CharNextA, ExitWindowsEx, LoadStringA, wsprintfA
> SHLWAPI.dll: PathCombineA, StrStrIA, SHRegGetUSValueA

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. V_echna pr_va vyhrazena.
product......: Opera_n_ syst_m Microsoft_ Windows_
description..: IEUNINST
original name: IEUNINST.EXE
internal name: IEUNINST.EXE
file version.: 6.00.2800.1172
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_respon ... 23-0550-99
=====================================================================
Soubor UNNMP.exe přijatý 2010.05.20 16:44:09 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO

Výsledek: 1/40 (2.5%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 42 a 60 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Vytisknout výsledky Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov. Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.20.01 2010.05.20 -
AntiVir 8.2.1.242 2010.05.20 -
Antiy-AVL 2.0.3.7 2010.05.19 -
Authentium 5.2.0.5 2010.05.20 -
Avast 4.8.1351.0 2010.05.20 -
Avast5 5.0.332.0 2010.05.20 -
AVG 9.0.0.787 2010.05.20 -
BitDefender 7.2 2010.05.20 -
CAT-QuickHeal 10.00 2010.05.20 -
ClamAV 0.96.0.3-git 2010.05.20 -
Comodo 4893 2010.05.20 -
DrWeb 5.0.2.03300 2010.05.20 -
eSafe 7.0.17.0 2010.05.20 -
eTrust-Vet 35.2.7500 2010.05.20 -
F-Prot 4.5.1.85 2010.05.20 -
F-Secure 9.0.15370.0 2010.05.20 -
Fortinet 4.1.133.0 2010.05.20 -
GData 21 2010.05.20 -
Ikarus T3.1.1.84.0 2010.05.20 -
Jiangmin 13.0.900 2010.05.20 -
Kaspersky 7.0.0.125 2010.05.20 -
McAfee 5.400.0.1158 2010.05.20 -
McAfee-GW-Edition 2010.1 2010.05.20 -
Microsoft 1.5802 2010.05.20 -
NOD32 5133 2010.05.20 Win32/Virut.NBP
Norman 6.04.12 2010.05.20 -
nProtect 2010-05-20.02 2010.05.20 -
Panda 10.0.2.7 2010.05.20 -
PCTools 7.0.3.5 2010.05.20 -
Rising 22.48.03.04 2010.05.20 -
Sophos 4.53.0 2010.05.20 -
Sunbelt 6328 2010.05.20 -
Symantec 20101.1.0.89 2010.05.20 -
TheHacker 6.5.2.0.283 2010.05.19 -
TrendMicro 9.120.0.1004 2010.05.20 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.20 -
VBA32 3.12.12.5 2010.05.20 -
ViRobot 2010.5.20.2326 2010.05.20 -
VirusBuster 5.0.27.0 2010.05.20 -
Rozšiřující informace
File size: 1323008 bytes
MD5...: 797a05b943a53f1fbaa9199fe6fdef3d
SHA1..: 656ff1920ece683cad887c4beb628e2dc9ec4d7f
SHA256: c340a7b95be3648939a89dbd37e9eb7b99cf3ff1879142750cf192aae35e85fb
ssdeep: 24576:tivo6g132irgyP6yf0zkBw2XKGHmMbd5A/dFlVQhKxSFtt:hlNBw2J/50F
ghKxSFtt

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x7dcf7
timedatestamp.....: 0xc0d1dd00L (invalid)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xab555 0xac000 6.55 f8d4f4b6f299ed673ff24b84c8f24fba
.rdata 0xad000 0x18cfe 0x19000 4.42 f13a09957d9a713071de29b7ec55285b
.data 0xc6000 0x24a28 0x1e000 5.27 5318969021500eb24c984310a74e9872
.rsrc 0xeb000 0x5ec00 0x5e200 6.20 8449d6bff1ddf03937b2ad819d5b5a22

( 11 imports )
> VERSION.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
> KERNEL32.dll: Sleep, FindFirstFileA, lstrcmpA, lstrcatA, lstrlenW, LockResource, WideCharToMultiByte, GetLocaleInfoA, GetFileSize, IsBadWritePtr, InterlockedIncrement, VirtualAlloc, VirtualFree, ReadFile, SetFilePointer, SetEnvironmentVariableA, CreateMutexA, CreateThread, GetExitCodeThread, LocalAlloc, GetShortPathNameA, FormatMessageA, LocalFree, ExpandEnvironmentStringsA, GetCurrentProcess, OpenProcess, WaitForSingleObject, LoadLibraryExA, CreateFileA, GetFileTime, CompareFileTime, GetCurrentDirectoryA, MultiByteToWideChar, lstrcmpiA, GetModuleHandleA, GetDiskFreeSpaceA, GetVersionExA, GetProcAddress, CreateProcessA, GetExitCodeProcess, OpenMutexA, CloseHandle, ResumeThread, GetDateFormatA, SetCurrentDirectoryA, MoveFileExA, SetLastError, GetSystemDefaultLangID, GetTempPathA, CopyFileA, lstrlenA, WinExec, lstrcpyA, GetWindowsDirectoryA, LoadLibraryA, FindResourceA, SizeofResource, ExitProcess, CreateDirectoryA, GetLastError, MoveFileA, GetUserDefaultLangID, SetFileAttributesA, DeleteFileA, RemoveDirectoryA, FindNextFileA, FindClose, GetModuleFileNameA, GetSystemDirectoryA, GetFileAttributesA, GetVersion, lstrcpynA, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, LoadResource, GlobalAlloc, GlobalLock, GlobalUnlock, FreeLibrary, TerminateProcess, GetDriveTypeA, CreateEventA, UnhandledExceptionFilter, HeapCreate, FreeEnvironmentStringsA, GetEnvironmentVariableA, SetEnvironmentVariableW, GetProfileStringA, GetLocaleInfoW, CompareStringW, CompareStringA, GetUserDefaultLCID, EnumSystemLocalesA, IsValidCodePage, IsValidLocale, IsBadCodePtr, IsBadReadPtr, GetStringTypeW, GetStringTypeA, GetPrivateProfileStringA, LCMapStringA, SetUnhandledExceptionFilter, LCMapStringW, SetHandleCount, GetStdHandle, GetEnvironmentStringsW, GetEnvironmentStrings, InterlockedExchange, RaiseException, GlobalDeleteAtom, GlobalFindAtomA, GlobalAddAtomA, GlobalGetAtomNameA, GetCurrentThreadId, InterlockedDecrement, DuplicateHandle, WriteFile, FlushFileBuffers, LockFile, UnlockFile, SetEndOfFile, GetVolumeInformationA, GetFullPathNameA, MulDiv, GlobalFree, FileTimeToSystemTime, FileTimeToLocalFileTime, FreeEnvironmentStringsW, GetOEMCP, HeapDestroy, SetEvent, SetThreadPriority, SuspendThread, GetCurrentThread, SetErrorMode, WritePrivateProfileStringA, TlsAlloc, GlobalHandle, TlsFree, GlobalReAlloc, TlsSetValue, LocalReAlloc, TlsGetValue, GlobalFlags, GetProcessVersion, GetCPInfo, HeapAlloc, ExitThread, HeapSize, FindResourceExA, RtlUnwind, GetSystemTime, HeapFree, GetLocalTime, GetStartupInfoA, GetCommandLineA, GetTimeZoneInformation, SetStdHandle, GetACP, HeapReAlloc, GetFileType
> USER32.dll: GetDlgCtrlID, DefWindowProcA, GetMenuItemID, GetMenu, RegisterClassA, GetClassInfoA, wsprintfA, GetCapture, GetTopWindow, SetWindowsHookExA, CallNextHookEx, IsWindowVisible, EndDeferWindowPos, BeginDeferWindowPos, DeferWindowPos, EqualRect, AdjustWindowRectEx, SetActiveWindow, DispatchMessageA, PeekMessageA, MapWindowPoints, SendDlgItemMessageA, GetClassLongA, IsDialogMessageA, IsWindowEnabled, GetNextDlgTabItem, EnableMenuItem, CheckMenuItem, SetMenuItemBitmaps, ModifyMenuA, GetMenuState, LoadBitmapA, GetMenuCheckMarkDimensions, CharUpperA, ClientToScreen, GetWindowDC, BeginPaint, EndPaint, CreateDialogIndirectParamA, GetActiveWindow, WindowFromPoint, GetCursorPos, ValidateRect, TranslateMessage, GetMessageA, SetRectEmpty, LoadAcceleratorsA, TranslateAcceleratorA, DestroyMenu, LoadMenuA, SetMenu, DefDlgProcA, GetFocus, BringWindowToTop, PostQuitMessage, ShowOwnedPopups, GetAsyncKeyState, MapDialogRect, IsWindowUnicode, CharNextA, DestroyWindow, DrawFocusRect, ExcludeUpdateRgn, ShowCaret, HideCaret, IsChild, RedrawWindow, DestroyCursor, LoadStringA, ReleaseCapture, SystemParametersInfoA, SetRect, AdjustWindowRect, GetSystemMetrics, OffsetRect, SetCapture, GetSysColorBrush, GetWindowTextLengthA, EnumChildWindows, CopyRect, GrayStringA, DrawTextA, TabbedTextOutA, SetWindowPos, SetWindowTextA, ShowWindow, CreateWindowExA, GetDlgItem, GetWindowTextA, EndDialog, SetFocus, SetForegroundWindow, UpdateWindow, ExitWindowsEx, GetWindowThreadProcessId, GetForegroundWindow, PostMessageA, GetDesktopWindow, GetWindow, GetClassNameA, GetWindowLongA, MessageBoxA, FindWindowA, DrawIcon, LoadCursorA, CopyIcon, GetWindowRect, GetParent, InflateRect, IsWindow, SetCursor, GetMessagePos, ScreenToClient, PtInRect, InvalidateRect, SetTimer, MessageBeep, SetWindowLongA, KillTimer, BroadcastSystemMessage, LoadIconA, SendMessageA, RegisterWindowMessageA, EnableWindow, MessageBoxExA, GetDC, ReleaseDC, GetSysColor, FillRect, GetClientRect, SetPropA, UnhookWindowsHookEx, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetLastActivePopup, IntersectRect, IsIconic, GetWindowPlacement, GetMenuItemCount, GetSubMenu, WinHelpA, GetKeyState, ReuseDDElParam, UnpackDDElParam, IsDlgButtonChecked, UnregisterClassA
> GDI32.dll: CreateDIBitmap, EnumFontFamiliesExA, GetTextExtentPointA, CreateSolidBrush, GetTextFaceA, CreateFontA, Escape, ExtTextOutA, TextOutA, RectVisible, PtVisible, GetDeviceCaps, GetCurrentObject, GetTextExtentPoint32A, GetStockObject, GetObjectA, CreateFontIndirectA, BitBlt, CreateCompatibleDC, CreateCompatibleBitmap, DeleteDC, PatBlt, GetClipBox, SetTextColor, SetBkColor, CreateBitmap, SaveDC, RestoreDC, SetBkMode, SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowOrgEx, SetWindowExtEx, ScaleWindowExtEx, IntersectClipRect, MoveToEx, LineTo, DeleteObject, DPtoLP, SelectObject, CreatePen
> SHELL32.dll: SHGetPathFromIDListA, SHGetMalloc, SHBrowseForFolderA, SHChangeNotify, ShellExecuteA, DragFinish, DragQueryFileA
> ole32.dll: CreateStreamOnHGlobal, CoUninitialize, CoInitialize, CoCreateInstance
> OLEAUT32.dll: -, -, -
> COMCTL32.dll: -, PropertySheetA
> WSOCK32.dll: -, -, -, -, -, -, -
> WINSPOOL.DRV: ClosePrinter, DocumentPropertiesA, OpenPrinterA
> comdlg32.dll: GetFileTitleA

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_respon ... 23-0550-99
trid..: Win32 Executable MS Visual C++ (generic) (75.0%)
Win32 Executable Generic (16.9%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Ahead Software AG
copyright....: Copyright (C) 2003
product......: NeroWebEngine Application
description..: NeroWebEngine Application
original name: Setup.exe
internal name: Setup
file version.: 1, 2, 2, 125
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned
==================================================================

DÍKY

Zdravím

Virut je polymorfný súborový vírus. Vírus sa pripája k IRC sieti. Možno ho na diaľku ovládať.Vírus hľadá spustiteľné súbory exe,src,htm,html,.jpg, .pdf, .doc >.Spustiteľné súbory vírus infikuje pripojením svojho kódu k poslednej sekcii. Hostiteľský súbor modifikuje tak, že pred behom pôvodného kódu sa spustí vírus.Dokáže sa aktualizovať alebo spustiť ľubovoľný súbor.

Šance na vyléčení je velmi malá, ale můžeme se o to pokusit.

Obrázek

Vložte sem log z RSIT http://www.viry.cz/forum/viewtopic.php?f=13&t=82743

Děkuji,
ale log z RSITu Vám připojit nemohu, protože jak jsem již popsal výše, tak disk mám momentálně připojený jako externí disk k jinému počítači. Nebootuji z něho ani na něm nespouštím žádné programy. Jen na něm běží různé online testovací scannery a testují soubory na výskyt čehokoliv. Pouze ESET a Symantec Scanery něco našly. To co našly, tak označili ESET jako Win32/Virut.NBP (asi 230 souborů včetně archivů apod.) a Symantec (asi 57 souborů včetně archivů apod.) to označil jako W32.Virut.CF. Žádný jiný test tam zatím nic nenašel (až na pár Trojanů, které jsem odstranil) Jde o to, že chování Virutu jsem již zažil a destrukce Windows byla tehdy (asi před rokem) téměř okamžitá - nakaženo více jak 5,000 souborů za necelé 3 minuty. Nic takového se teď neděje. Jsem možná jen opatrný a sebemenší náznak návratu Virutu se snažím odvrátit. Monemtálně končí test disku F-Secure Online Scanner a vypadá to že taky nic nenašel. Na disku mám cca 547,000 souborů, takže testy trvají poměrně dlouho.

Máte zazálohovaná důležitá data

Udělejte kompletní scan pomocí AVPTool http://www.viry.cz/forum/viewtopic.php?f=29&t=58179,

Vše nechte léčit, obsah logu dle návodu vložte zde.

Data jsem zazálohoval a musel jse počkal až skončí F-secure online scanner. Běžel asi nejdéle ze všech skenerů, ale prohledal i nejvíce souborů a našel mi v 7-mi souborech W32/Malware!Gemini, jinak nic.

No a tady je výsledek AVPTools z dnešního dopoledne:

====================================================================
Autoscan: completed 1 hour ago (events: 2, objects: 320968, time: 01:38:35)
21.5.2010 8:59:23 Task started
21.5.2010 10:37:58 Task completed
====================================================================

Nenašel nic, tak nevím co si o tom myslet ????

Díky za odpověď

Jo ještě kvůli tomu "Gemini" zkusí sputit MBAM a uvidím co najde

MBAM nenašel vůvec nic. Takže nevím. Mám považovat to co hlásí ESET z afalešné hlášení ??
Asi ano, jinak nevím

Dejte disk do původního PC a vložte sem log z RSIT.

Tak tady je log z RSIT

Logfile of random's system information tool 1.07 (written by random/random)
Run by LEO at 2010-05-21 18:10:48
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (16%) free of 54 GB
Total RAM: 1535 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:10:52, on 21.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\QBU\QtZwLMng.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ICQ7.1\ICQ.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\rsit\RSIT.exe
C:\Program Files\trend micro\LEO.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neviditelnypes.zpravy.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [29378] C:\WINDOWS\system32\E.tmp.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [restorer32_a] C:\WINDOWS\system32\restorer32_a.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [QtZwLMng] C:\Program Files\QBU\QtZwLMng.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKUS\S-1-5-18\..\Run: [restorer32_a] .\C.tmp (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [restorer32_a] .\C.tmp (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://portal.ozp.cz/obj/Signer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2817006736
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... b?3,14,8,0
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6149382925
O16 - DPF: {CF2BD3ED-F1CE-11D4-9B98-005004CA7085} (crypto Class) - https://portalp.cpzp.cz/dll/SignForm.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Unknown owner - crypserv.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (file missing)
O23 - Service: fastnetsrv Service (fastnetsrv) - Unknown owner - C:\WINDOWS\system32\FastNetSrv.exe (file missing)
O23 - Service: Služba Google Update (gupdate1c9b86caad05c50) (gupdate1c9b86caad05c50) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: Windows Search (WSearch) - Unknown owner - C:\WINDOWS\system32\SearchIndexer.exe (file missing)

--
End of file - 14498 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56B38F40-4E70-11d4-A076-0080AD86BA2F}]
WebCGMHlprObj Class - C:\WINDOWS\system32\cgmopenbho.dll [2004-05-19 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll [2009-07-03 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-04 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll [2009-10-17 264720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{A057A204-BACC-4D26-9990-79A187E2698E}
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"29378"=C:\WINDOWS\system32\E.tmp.exe []
"Regedit32"=C:\WINDOWS\system32\regedit.exe []
"restorer32_a"=C:\WINDOWS\system32\restorer32_a.exe []
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-07-03 303376]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-03-16 47392]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2010-02-10 46592]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2003-03-20 28672]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2002-11-18 561152]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-02-28 315392]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2002-11-15 126976]
"QtZwLMng"=C:\Program Files\QBU\QtZwLMng.EXE [2003-04-03 196608]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-03-17 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-04-24 142120]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2009-06-10 1326080]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2009-06-10 904840]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2009-06-10 136472]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-12 68856]
"servises"=C:\WINDOWS\system32\servises.exe []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ICQ"=C:\Program Files\ICQ7.1\ICQ.exe [2010-03-26 133368]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2007-01-05 204288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"servises"=C:\WINDOWS\system32\servises.exe []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\LEO\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2009-07-03 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"=C:\Program Files\Symantec\WinFax\WfxSeh32.Dll [1998-07-27 38400]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoResolveTrack"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\ASUS\Wireless Router Utilities\DiscoveryR.exe"="C:\Program Files\ASUS\Wireless Router Utilities\DiscoveryR.exe:*:Enabled:ASUS Device Discovery Application"
"C:\WINDOWS\System32\dplaysvr.exe"="C:\WINDOWS\System32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Documents and Settings\MARTINKA\rc9\StrongDC.exe"="C:\Documents and Settings\MARTINKA\rc9\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\Program Files\TOTALCMD\TOTALCMD.EXE"="C:\Program Files\TOTALCMD\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\PSPad\PSPad.exe"="C:\Program Files\PSPad\PSPad.exe:*:Enabled:PSPad editor"
"C:\Program Files\ASUS\Wireless Router Utilities\PRNWizard.exe"="C:\Program Files\ASUS\Wireless Router Utilities\PRNWizard.exe:*:Enabled:ASUS Printer Wizard Application"
"C:\Program Files\LCS International\Helios IQ\Helios.EXE"="C:\Program Files\LCS International\Helios IQ\Helios.EXE:*:Enabled:LCS Helios IQ"
"C:\Program Files\Symantec\LiveUpdate\LUAll.exe"="C:\Program Files\Symantec\LiveUpdate\LUAll.exe:*:Enabled:LiveUpdate"
"C:\Program Files\Kodak Photo Voice\Kodak Photo Voice.exe"="C:\Program Files\Kodak Photo Voice\Kodak Photo Voice.exe:*:Enabled:Kodak Photo Voice"
"C:\Program Files\Huawei technologies\Huawei E620 Data Card\HUAWEI 3G Data Card.exe"="C:\Program Files\Huawei technologies\Huawei E620 Data Card\HUAWEI 3G Data Card.exe:*:Enabled:HUAWEI 3G Data Card"
"C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\SAGENT4.EXE"="C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\SAGENT4.EXE:*:Enabled:SAgent4"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"\\7f8b5e7a9bfa4c9\C\LCS International\Helios IQ\Helios.exe"="\\7f8b5e7a9bfa4c9\C\LCS International\Helios IQ\Helios.exe:*:Enabled:Helios"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MioNet\jvm\bin\MioNet.exe"="C:\Program Files\MioNet\jvm\bin\MioNet.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\MioNet\MioNetManager.exe"="C:\Program Files\MioNet\MioNetManager.exe:*:Enabled:MioNetManager"
"C:\Program Files\Fiat\ePER\j2sdk1.4.1\bin\javaw.exe"="C:\Program Files\Fiat\ePER\j2sdk1.4.1\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Virtual Volumes\vv_cmd.exe"="C:\Program Files\Virtual Volumes\vv_cmd.exe:*:Enabled:vv_cmd"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##7f8b5e7a9bfa4c9#FLASHDISK]
shell\AutoRun\command - Y:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37aed6d0-43fe-11df-b24d-0004236f14d2}]
shell\AutoRun\command - E:\WDSetup.exe

======File associations======

.inf - open -
.txt - open - %windir%\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2010-05-21 18:10:02 ----D---- C:\Program Files\trend micro
2010-05-19 19:10:28 ----A---- C:\WINDOWS\system32\OctaneARM.dll
2010-05-19 19:10:22 ----D---- C:\Program Files\eDATA Unerase
2010-05-19 16:23:05 ----D---- C:\Documents and Settings\LEO\Data aplikací\Toolbar4
2010-05-19 16:22:53 ----D---- C:\Program Files\HyperSnap 6
2010-05-17 14:56:09 ----SHD---- C:\RECYCLER
2010-05-17 10:37:05 ----D---- C:\Program Files\HDD Capacity Restore
2010-05-17 10:13:59 ----D---- C:\Program Files\Common Files\Acronis
2010-05-17 03:45:15 ----D---- C:\Program Files\HDDGURU LLF Tool
2010-05-17 02:58:48 ----D---- C:\Program Files\Western Digital Corporation
2010-05-17 02:03:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Acronis
2010-05-17 02:01:00 ----D---- C:\Program Files\Acronis
2010-05-16 18:42:36 ----A---- C:\WINDOWS\system32\AutoPartNt.exe
2010-05-16 14:24:54 ----D---- C:\Documents and Settings\LEO\Data aplikací\Acronis
2010-05-14 16:26:26 ----HD---- C:\$AVG
2010-05-13 00:56:33 ----HD---- C:\WINDOWS\$NtUninstallKB978542$
2010-05-10 19:49:44 ----D---- C:\Documents and Settings\LEO\Data aplikací\Saxo Bank
2010-05-10 19:12:47 ----D---- C:\Program Files\Saxo Bank
2010-05-08 13:00:15 ----D---- C:\Program Files\Microsoft Synchronization Services
2010-05-08 12:59:56 ----D---- C:\Program Files\Common Files\DESIGNER
2010-05-08 12:59:06 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2010-05-08 12:07:58 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-05-02 02:28:21 ----D---- C:\fc96e1c42e650b1f1d2f8a354e
2010-05-02 01:52:12 ----N---- C:\WINDOWS\system32\spmsg2.dll
2010-05-02 01:42:00 ----D---- C:\0a38966b82518c2c2db9c7
2010-05-01 23:34:42 ----D---- C:\Program Files\ViaVoiceTTS
2010-05-01 23:34:42 ----A---- C:\WINDOWS\system32\rotest.txt
2010-05-01 23:34:13 ----D---- C:\WINDOWS\lhsp
2010-05-01 23:33:55 ----D---- C:\WINDOWS\speech
2010-05-01 23:31:36 ----D---- C:\Program Files\Magnus
2010-04-29 09:58:59 ----A---- C:\WINDOWS\system32\acaptuser32.dll
2010-04-29 00:01:59 ----D---- C:\Program Files\MT4 at easy-forex
2010-04-28 22:00:57 ----D---- C:\Program Files\Easy-Forex
2010-04-28 22:00:56 ----D---- C:\Documents and Settings\LEO\Data aplikací\Easy Forex
2010-04-28 17:27:16 ----D---- C:\Program Files\Bonjour

======List of files/folders modified in the last 1 months======

2010-05-21 18:10:48 ----D---- C:\rsit
2010-05-21 18:10:42 ----A---- C:\WINDOWS\wincmd.ini
2010-05-21 18:10:16 ----D---- C:\WINDOWS\Prefetch
2010-05-21 18:10:03 ----D---- C:\WINDOWS\Temp
2010-05-21 18:10:02 ----RAD---- C:\Program Files
2010-05-21 17:55:29 ----D---- C:\Documents and Settings\LEO\Data aplikací\Skype
2010-05-21 17:53:44 ----A---- C:\WINDOWS\ModemLog_GPRS via IRDA #2.txt
2010-05-21 17:52:19 ----D---- C:\Documents and Settings\LEO\Data aplikací\skypePM
2010-05-21 17:51:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2010-05-21 17:50:15 ----A---- C:\WINDOWS\win.ini
2010-05-21 17:49:57 ----SD---- C:\WINDOWS\Tasks
2010-05-20 13:58:16 ----D---- C:\Program Files\CDVPlayer
2010-05-20 13:56:43 ----D---- C:\Program Files\Brother's Keeper 6
2010-05-20 13:50:19 ----D---- C:\Program Files\BDE5Setup
2010-05-20 13:49:12 ----D---- C:\Program Files\AvRack
2010-05-20 13:48:07 ----D---- C:\Program Files\ASUS
2010-05-20 13:46:47 ----D---- C:\Program Files\Allok MPEG4 Converter
2010-05-20 13:23:49 ----D---- C:\Garmin
2010-05-20 12:08:16 ----SHD---- C:\System Volume Information
2010-05-19 19:32:41 ----D---- C:\Documents and Settings
2010-05-19 19:10:28 ----D---- C:\WINDOWS\system32
2010-05-19 19:09:44 ----D---- C:\INSTALL
2010-05-19 18:45:02 ----D---- C:\Documents and Settings\LEO\Data aplikací\ICQ
2010-05-19 18:29:26 ----D---- C:\WINDOWS\system32\config
2010-05-19 18:28:23 ----D---- C:\WINDOWS\system32\wbem
2010-05-19 18:28:23 ----D---- C:\WINDOWS\Registration
2010-05-19 18:27:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-19 15:51:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google Updater
2010-05-17 21:01:07 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-17 18:26:32 ----D---- C:\WINDOWS
2010-05-17 18:21:51 ----D---- C:\WINDOWS\system32\drivers
2010-05-17 18:20:19 ----SHD---- C:\WINDOWS\Installer
2010-05-17 18:20:18 ----SHD---- C:\Config.Msi
2010-05-17 18:19:56 ----HD---- C:\WINDOWS\inf
2010-05-17 17:34:26 ----D---- C:\Documents and Settings\LEO\Data aplikací\uTorrent
2010-05-17 10:14:12 ----D---- C:\WINDOWS\WinSxS
2010-05-17 10:13:59 ----D---- C:\Program Files\Common Files
2010-05-17 02:51:48 ----D---- C:\Program Files\Google
2010-05-06 14:40:26 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-02 02:27:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-30 20:51:06 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CbFs;CbFs; \??\C:\WINDOWS\system32\drivers\cbfs_x32.sys []
R1 Ext2fs;Ext2fs; C:\WINDOWS\system32\DRIVERS\ext2fs.sys [2008-09-25 181120]
R1 IfsMount;IfsMount; C:\WINDOWS\system32\DRIVERS\ifsmount.sys [2008-08-28 51072]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-10-17 296976]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2000-02-03 24608]
R2 CommSBEP;CommSBEP; C:\WINDOWS\system32\drivers\CommSBEP.sys [1999-09-27 36864]
R2 irda;Protokol IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-14 88192]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2002-09-23 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2002-09-23 55936]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2010-05-17 44384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-02-27 701676]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-03-20 576512]
R3 AVMWAN;AVM NDIS WAN CAPI Driver; C:\WINDOWS\System32\DRIVERS\avmwan.sys [2001-08-17 37568]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-02-17 170880]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2003-01-16 16256]
R3 FXPCBASE;ISDN@2lines (WinXP/2000); C:\WINDOWS\System32\DRIVERS\fxpcbase.sys [2003-02-27 523248]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-05-13 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-09-23 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2008-04-14 28672]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-09-23 5888]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2002-11-18 263536]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w70n51;Intel(R) PRO/Wireless 7100 Adapter Driver; C:\WINDOWS\System32\DRIVERS\w70n51.sys [2003-02-06 2370688]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
S3 actser;actser; C:\WINDOWS\system32\drivers\actser.sys [2004-08-23 29440]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2003-02-15 1169792]
S3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-04 38016]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\System32\DRIVERS\ENTECH.SYS []
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2008-03-13 57536]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2008-03-13 72000]
S3 grmnusb;Garmin USB Driver; C:\WINDOWS\system32\drivers\grmnusb.sys [2009-04-17 9344]
S3 gtcdcmdm;GTRAN USB CDC Driver (PID 3196); C:\WINDOWS\system32\DRIVERS\gtusbmdm_gpc6400.sys []
S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2005-07-26 65152]
S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface; C:\WINDOWS\system32\DRIVERS\ewusbapp.sys [2005-07-26 65152]
S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface; C:\WINDOWS\system32\DRIVERS\ewusbser.sys [2005-07-26 65152]
S3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys [2003-06-30 25214]
S3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys [2003-06-30 72894]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\System32\DRIVERS\MSIRCOMM.sys [2008-04-14 22016]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 siusbmod;siusbmod; C:\WINDOWS\system32\DRIVERS\siusbmod.sys []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-10-16 41472]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-11-03 611664]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2009-06-10 431384]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2003-03-20 184405]
R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-07-03 303376]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 BtwSrv;BtwSrv; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2006-10-26 335872]
R2 MSSQL$BANKKLIENT;SQL Server (BANKKLIENT); c:\Program Files\bkwin\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 MSSQLSERVER;MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2002-12-17 7520337]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 wfxsvc;WinFax PRO; C:\WINDOWS\system32\WFXSVC.EXE [2000-02-14 129536]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-04-24 545576]
S2 Crypkey License;Crypkey License; crypserv.exe []
S2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe []
S2 fastnetsrv;fastnetsrv Service; C:\WINDOWS\system32\FastNetSrv.exe []
S2 gupdate1c9b86caad05c50;Služba Google Update (gupdate1c9b86caad05c50); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-08 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-08 183280]
S2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe /Embedding []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-10-14 75776]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2009-10-14 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Tak tady je log z RSIT

Logfile of random's system information tool 1.07 (written by random/random)
Run by LEO at 2010-05-21 18:10:48
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (16%) free of 54 GB
Total RAM: 1535 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:10:52, on 21.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\QBU\QtZwLMng.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ICQ7.1\ICQ.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\rsit\RSIT.exe
C:\Program Files\trend micro\LEO.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neviditelnypes.zpravy.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [29378] C:\WINDOWS\system32\E.tmp.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [restorer32_a] C:\WINDOWS\system32\restorer32_a.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [QtZwLMng] C:\Program Files\QBU\QtZwLMng.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKUS\S-1-5-18\..\Run: [restorer32_a] .\C.tmp (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [restorer32_a] .\C.tmp (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://portal.ozp.cz/obj/Signer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2817006736
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... b?3,14,8,0
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6149382925
O16 - DPF: {CF2BD3ED-F1CE-11D4-9B98-005004CA7085} (crypto Class) - https://portalp.cpzp.cz/dll/SignForm.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Unknown owner - crypserv.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (file missing)
O23 - Service: fastnetsrv Service (fastnetsrv) - Unknown owner - C:\WINDOWS\system32\FastNetSrv.exe (file missing)
O23 - Service: Služba Google Update (gupdate1c9b86caad05c50) (gupdate1c9b86caad05c50) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: Windows Search (WSearch) - Unknown owner - C:\WINDOWS\system32\SearchIndexer.exe (file missing)

--
End of file - 14498 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56B38F40-4E70-11d4-A076-0080AD86BA2F}]
WebCGMHlprObj Class - C:\WINDOWS\system32\cgmopenbho.dll [2004-05-19 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll [2009-07-03 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-04 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll [2009-10-17 264720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{A057A204-BACC-4D26-9990-79A187E2698E}
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"29378"=C:\WINDOWS\system32\E.tmp.exe []
"Regedit32"=C:\WINDOWS\system32\regedit.exe []
"restorer32_a"=C:\WINDOWS\system32\restorer32_a.exe []
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-07-03 303376]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-03-16 47392]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2010-02-10 46592]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2003-03-20 28672]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2002-11-18 561152]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-02-28 315392]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2002-11-15 126976]
"QtZwLMng"=C:\Program Files\QBU\QtZwLMng.EXE [2003-04-03 196608]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-03-17 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-04-24 142120]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2009-06-10 1326080]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2009-06-10 904840]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2009-06-10 136472]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-12 68856]
"servises"=C:\WINDOWS\system32\servises.exe []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ICQ"=C:\Program Files\ICQ7.1\ICQ.exe [2010-03-26 133368]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2007-01-05 204288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"servises"=C:\WINDOWS\system32\servises.exe []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\LEO\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2009-07-03 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"=C:\Program Files\Symantec\WinFax\WfxSeh32.Dll [1998-07-27 38400]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoResolveTrack"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\ASUS\Wireless Router Utilities\DiscoveryR.exe"="C:\Program Files\ASUS\Wireless Router Utilities\DiscoveryR.exe:*:Enabled:ASUS Device Discovery Application"
"C:\WINDOWS\System32\dplaysvr.exe"="C:\WINDOWS\System32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Documents and Settings\MARTINKA\rc9\StrongDC.exe"="C:\Documents and Settings\MARTINKA\rc9\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\Program Files\TOTALCMD\TOTALCMD.EXE"="C:\Program Files\TOTALCMD\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\PSPad\PSPad.exe"="C:\Program Files\PSPad\PSPad.exe:*:Enabled:PSPad editor"
"C:\Program Files\ASUS\Wireless Router Utilities\PRNWizard.exe"="C:\Program Files\ASUS\Wireless Router Utilities\PRNWizard.exe:*:Enabled:ASUS Printer Wizard Application"
"C:\Program Files\LCS International\Helios IQ\Helios.EXE"="C:\Program Files\LCS International\Helios IQ\Helios.EXE:*:Enabled:LCS Helios IQ"
"C:\Program Files\Symantec\LiveUpdate\LUAll.exe"="C:\Program Files\Symantec\LiveUpdate\LUAll.exe:*:Enabled:LiveUpdate"
"C:\Program Files\Kodak Photo Voice\Kodak Photo Voice.exe"="C:\Program Files\Kodak Photo Voice\Kodak Photo Voice.exe:*:Enabled:Kodak Photo Voice"
"C:\Program Files\Huawei technologies\Huawei E620 Data Card\HUAWEI 3G Data Card.exe"="C:\Program Files\Huawei technologies\Huawei E620 Data Card\HUAWEI 3G Data Card.exe:*:Enabled:HUAWEI 3G Data Card"
"C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\SAGENT4.EXE"="C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\SAGENT4.EXE:*:Enabled:SAgent4"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"\\7f8b5e7a9bfa4c9\C\LCS International\Helios IQ\Helios.exe"="\\7f8b5e7a9bfa4c9\C\LCS International\Helios IQ\Helios.exe:*:Enabled:Helios"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MioNet\jvm\bin\MioNet.exe"="C:\Program Files\MioNet\jvm\bin\MioNet.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\MioNet\MioNetManager.exe"="C:\Program Files\MioNet\MioNetManager.exe:*:Enabled:MioNetManager"
"C:\Program Files\Fiat\ePER\j2sdk1.4.1\bin\javaw.exe"="C:\Program Files\Fiat\ePER\j2sdk1.4.1\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Virtual Volumes\vv_cmd.exe"="C:\Program Files\Virtual Volumes\vv_cmd.exe:*:Enabled:vv_cmd"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##7f8b5e7a9bfa4c9#FLASHDISK]
shell\AutoRun\command - Y:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37aed6d0-43fe-11df-b24d-0004236f14d2}]
shell\AutoRun\command - E:\WDSetup.exe

======File associations======

.inf - open -
.txt - open - %windir%\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2010-05-21 18:10:02 ----D---- C:\Program Files\trend micro
2010-05-19 19:10:28 ----A---- C:\WINDOWS\system32\OctaneARM.dll
2010-05-19 19:10:22 ----D---- C:\Program Files\eDATA Unerase
2010-05-19 16:23:05 ----D---- C:\Documents and Settings\LEO\Data aplikací\Toolbar4
2010-05-19 16:22:53 ----D---- C:\Program Files\HyperSnap 6
2010-05-17 14:56:09 ----SHD---- C:\RECYCLER
2010-05-17 10:37:05 ----D---- C:\Program Files\HDD Capacity Restore
2010-05-17 10:13:59 ----D---- C:\Program Files\Common Files\Acronis
2010-05-17 03:45:15 ----D---- C:\Program Files\HDDGURU LLF Tool
2010-05-17 02:58:48 ----D---- C:\Program Files\Western Digital Corporation
2010-05-17 02:03:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Acronis
2010-05-17 02:01:00 ----D---- C:\Program Files\Acronis
2010-05-16 18:42:36 ----A---- C:\WINDOWS\system32\AutoPartNt.exe
2010-05-16 14:24:54 ----D---- C:\Documents and Settings\LEO\Data aplikací\Acronis
2010-05-14 16:26:26 ----HD---- C:\$AVG
2010-05-13 00:56:33 ----HD---- C:\WINDOWS\$NtUninstallKB978542$
2010-05-10 19:49:44 ----D---- C:\Documents and Settings\LEO\Data aplikací\Saxo Bank
2010-05-10 19:12:47 ----D---- C:\Program Files\Saxo Bank
2010-05-08 13:00:15 ----D---- C:\Program Files\Microsoft Synchronization Services
2010-05-08 12:59:56 ----D---- C:\Program Files\Common Files\DESIGNER
2010-05-08 12:59:06 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2010-05-08 12:07:58 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-05-02 02:28:21 ----D---- C:\fc96e1c42e650b1f1d2f8a354e
2010-05-02 01:52:12 ----N---- C:\WINDOWS\system32\spmsg2.dll
2010-05-02 01:42:00 ----D---- C:\0a38966b82518c2c2db9c7
2010-05-01 23:34:42 ----D---- C:\Program Files\ViaVoiceTTS
2010-05-01 23:34:42 ----A---- C:\WINDOWS\system32\rotest.txt
2010-05-01 23:34:13 ----D---- C:\WINDOWS\lhsp
2010-05-01 23:33:55 ----D---- C:\WINDOWS\speech
2010-05-01 23:31:36 ----D---- C:\Program Files\Magnus
2010-04-29 09:58:59 ----A---- C:\WINDOWS\system32\acaptuser32.dll
2010-04-29 00:01:59 ----D---- C:\Program Files\MT4 at easy-forex
2010-04-28 22:00:57 ----D---- C:\Program Files\Easy-Forex
2010-04-28 22:00:56 ----D---- C:\Documents and Settings\LEO\Data aplikací\Easy Forex
2010-04-28 17:27:16 ----D---- C:\Program Files\Bonjour

======List of files/folders modified in the last 1 months======

2010-05-21 18:10:48 ----D---- C:\rsit
2010-05-21 18:10:42 ----A---- C:\WINDOWS\wincmd.ini
2010-05-21 18:10:16 ----D---- C:\WINDOWS\Prefetch
2010-05-21 18:10:03 ----D---- C:\WINDOWS\Temp
2010-05-21 18:10:02 ----RAD---- C:\Program Files
2010-05-21 17:55:29 ----D---- C:\Documents and Settings\LEO\Data aplikací\Skype
2010-05-21 17:53:44 ----A---- C:\WINDOWS\ModemLog_GPRS via IRDA #2.txt
2010-05-21 17:52:19 ----D---- C:\Documents and Settings\LEO\Data aplikací\skypePM
2010-05-21 17:51:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2010-05-21 17:50:15 ----A---- C:\WINDOWS\win.ini
2010-05-21 17:49:57 ----SD---- C:\WINDOWS\Tasks
2010-05-20 13:58:16 ----D---- C:\Program Files\CDVPlayer
2010-05-20 13:56:43 ----D---- C:\Program Files\Brother's Keeper 6
2010-05-20 13:50:19 ----D---- C:\Program Files\BDE5Setup
2010-05-20 13:49:12 ----D---- C:\Program Files\AvRack
2010-05-20 13:48:07 ----D---- C:\Program Files\ASUS
2010-05-20 13:46:47 ----D---- C:\Program Files\Allok MPEG4 Converter
2010-05-20 13:23:49 ----D---- C:\Garmin
2010-05-20 12:08:16 ----SHD---- C:\System Volume Information
2010-05-19 19:32:41 ----D---- C:\Documents and Settings
2010-05-19 19:10:28 ----D---- C:\WINDOWS\system32
2010-05-19 19:09:44 ----D---- C:\INSTALL
2010-05-19 18:45:02 ----D---- C:\Documents and Settings\LEO\Data aplikací\ICQ
2010-05-19 18:29:26 ----D---- C:\WINDOWS\system32\config
2010-05-19 18:28:23 ----D---- C:\WINDOWS\system32\wbem
2010-05-19 18:28:23 ----D---- C:\WINDOWS\Registration
2010-05-19 18:27:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-19 15:51:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google Updater
2010-05-17 21:01:07 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-17 18:26:32 ----D---- C:\WINDOWS
2010-05-17 18:21:51 ----D---- C:\WINDOWS\system32\drivers
2010-05-17 18:20:19 ----SHD---- C:\WINDOWS\Installer
2010-05-17 18:20:18 ----SHD---- C:\Config.Msi
2010-05-17 18:19:56 ----HD---- C:\WINDOWS\inf
2010-05-17 17:34:26 ----D---- C:\Documents and Settings\LEO\Data aplikací\uTorrent
2010-05-17 10:14:12 ----D---- C:\WINDOWS\WinSxS
2010-05-17 10:13:59 ----D---- C:\Program Files\Common Files
2010-05-17 02:51:48 ----D---- C:\Program Files\Google
2010-05-06 14:40:26 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-02 02:27:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-30 20:51:06 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CbFs;CbFs; \??\C:\WINDOWS\system32\drivers\cbfs_x32.sys []
R1 Ext2fs;Ext2fs; C:\WINDOWS\system32\DRIVERS\ext2fs.sys [2008-09-25 181120]
R1 IfsMount;IfsMount; C:\WINDOWS\system32\DRIVERS\ifsmount.sys [2008-08-28 51072]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-10-17 296976]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2000-02-03 24608]
R2 CommSBEP;CommSBEP; C:\WINDOWS\system32\drivers\CommSBEP.sys [1999-09-27 36864]
R2 irda;Protokol IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-14 88192]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2002-09-23 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2002-09-23 55936]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2010-05-17 44384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-02-27 701676]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-03-20 576512]
R3 AVMWAN;AVM NDIS WAN CAPI Driver; C:\WINDOWS\System32\DRIVERS\avmwan.sys [2001-08-17 37568]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-02-17 170880]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2003-01-16 16256]
R3 FXPCBASE;ISDN@2lines (WinXP/2000); C:\WINDOWS\System32\DRIVERS\fxpcbase.sys [2003-02-27 523248]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-05-13 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-09-23 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2008-04-14 28672]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-09-23 5888]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2002-11-18 263536]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w70n51;Intel(R) PRO/Wireless 7100 Adapter Driver; C:\WINDOWS\System32\DRIVERS\w70n51.sys [2003-02-06 2370688]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
S3 actser;actser; C:\WINDOWS\system32\drivers\actser.sys [2004-08-23 29440]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2003-02-15 1169792]
S3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-04 38016]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\System32\DRIVERS\ENTECH.SYS []
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2008-03-13 57536]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2008-03-13 72000]
S3 grmnusb;Garmin USB Driver; C:\WINDOWS\system32\drivers\grmnusb.sys [2009-04-17 9344]
S3 gtcdcmdm;GTRAN USB CDC Driver (PID 3196); C:\WINDOWS\system32\DRIVERS\gtusbmdm_gpc6400.sys []
S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2005-07-26 65152]
S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface; C:\WINDOWS\system32\DRIVERS\ewusbapp.sys [2005-07-26 65152]
S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface; C:\WINDOWS\system32\DRIVERS\ewusbser.sys [2005-07-26 65152]
S3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys [2003-06-30 25214]
S3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys [2003-06-30 72894]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\System32\DRIVERS\MSIRCOMM.sys [2008-04-14 22016]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 siusbmod;siusbmod; C:\WINDOWS\system32\DRIVERS\siusbmod.sys []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-10-16 41472]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-11-03 611664]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2009-06-10 431384]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2003-03-20 184405]
R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-07-03 303376]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 BtwSrv;BtwSrv; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2006-10-26 335872]
R2 MSSQL$BANKKLIENT;SQL Server (BANKKLIENT); c:\Program Files\bkwin\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 MSSQLSERVER;MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2002-12-17 7520337]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 wfxsvc;WinFax PRO; C:\WINDOWS\system32\WFXSVC.EXE [2000-02-14 129536]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-04-24 545576]
S2 Crypkey License;Crypkey License; crypserv.exe []
S2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe []
S2 fastnetsrv;fastnetsrv Service; C:\WINDOWS\system32\FastNetSrv.exe []
S2 gupdate1c9b86caad05c50;Služba Google Update (gupdate1c9b86caad05c50); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-08 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-08 183280]
S2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe /Embedding []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-10-14 75776]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2009-10-14 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu

Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys 
cdrom.sys 
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Označte položku Pro všechny uživatele.
Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Klikněte na tlačítko Prohledat
Po dokončení, sem vložte logy OTL.Txt a Extras.txt

Tak tady je Extras txt z OTL

OTL Extras logfile created on: 21.5.2010 18:27:45 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\LEO\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52,90 Gb Total Space | 8,22 Gb Free Space | 15,54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 3,73 Gb Total Space | 3,21 Gb Free Space | 86,08% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NOTEBOOK_LEO
Current User Name: LEO
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.inf [@ = inffile] -- Reg Error: Value error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access 0
"1701:TCP" = 1701:TCP:*:Enabled:MioNet Remote Drive Access 1
"1702:TCP" = 1702:TCP:*:Enabled:MioNet Remote Drive Access 2
"1703:TCP" = 1703:TCP:*:Enabled:MioNet Remote Drive Access 3
"1704:TCP" = 1704:TCP:*:Enabled:MioNet Remote Drive Access 4
"1705:TCP" = 1705:TCP:*:Enabled:MioNet Remote Drive Access 5
"1706:TCP" = 1706:TCP:*:Enabled:MioNet Remote Drive Access 6
"1707:TCP" = 1707:TCP:*:Enabled:MioNet Remote Drive Access 7
"1708:TCP" = 1708:TCP:*:Enabled:MioNet Remote Drive Access 8
"1709:TCP" = 1709:TCP:*:Enabled:MioNet Remote Drive Access 9
"1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification
"1647:TCP" = 1647:TCP:*:Enabled:MioNet Storage Device Configuration
"5432:UDP" = 5432:UDP:*:Enabled:MioNet Storage Device Discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ7.1\ICQ.exe" = C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.1\aolload.exe" = C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ASUS\Wireless Router Utilities\DiscoveryR.exe" = C:\Program Files\ASUS\Wireless Router Utilities\DiscoveryR.exe:*:Enabled:ASUS Device Discovery Application -- File not found
"C:\WINDOWS\System32\dplaysvr.exe" = C:\WINDOWS\System32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Documents and Settings\MARTINKA\rc9\StrongDC.exe" = C:\Documents and Settings\MARTINKA\rc9\StrongDC.exe:*:Enabled:StrongDC++ -- File not found
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player -- (Microsoft Corporation)
"C:\Program Files\TOTALCMD\TOTALCMD.EXE" = C:\Program Files\TOTALCMD\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.)
"C:\Program Files\PSPad\PSPad.exe" = C:\Program Files\PSPad\PSPad.exe:*:Enabled:PSPad editor -- (Prog-Soft s.r.o.)
"C:\Program Files\ASUS\Wireless Router Utilities\PRNWizard.exe" = C:\Program Files\ASUS\Wireless Router Utilities\PRNWizard.exe:*:Enabled:ASUS Printer Wizard Application -- File not found
"C:\Program Files\LCS International\Helios IQ\Helios.EXE" = C:\Program Files\LCS International\Helios IQ\Helios.EXE:*:Enabled:LCS Helios IQ -- (Asseco Solutions, a.s. http://www.AssecoSolutions.eu)
"C:\Program Files\Symantec\LiveUpdate\LUAll.exe" = C:\Program Files\Symantec\LiveUpdate\LUAll.exe:*:Enabled:LiveUpdate -- File not found
"C:\Program Files\Kodak Photo Voice\Kodak Photo Voice.exe" = C:\Program Files\Kodak Photo Voice\Kodak Photo Voice.exe:*:Enabled:Kodak Photo Voice -- (Kodak)
"C:\Program Files\Huawei technologies\Huawei E620 Data Card\HUAWEI 3G Data Card.exe" = C:\Program Files\Huawei technologies\Huawei E620 Data Card\HUAWEI 3G Data Card.exe:*:Enabled:HUAWEI 3G Data Card -- (Huawei Technologies)
"C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\SAGENT4.EXE" = C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\SAGENT4.EXE:*:Enabled:SAgent4 -- File not found
"\\7f8b5e7a9bfa4c9\C\LCS International\Helios IQ\Helios.exe" = \\7f8b5e7a9bfa4c9\C\LCS International\Helios IQ\Helios.exe:*:Enabled:Helios
"C:\Program Files\MioNet\jvm\bin\MioNet.exe" = C:\Program Files\MioNet\jvm\bin\MioNet.exe:*:Enabled:Java(TM) Platform SE binary -- File not found
"C:\Program Files\MioNet\MioNetManager.exe" = C:\Program Files\MioNet\MioNetManager.exe:*:Enabled:MioNetManager -- File not found
"C:\Program Files\Fiat\ePER\j2sdk1.4.1\bin\javaw.exe" = C:\Program Files\Fiat\ePER\j2sdk1.4.1\bin\javaw.exe:*:Enabled:javaw -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\Virtual Volumes\vv_cmd.exe" = C:\Program Files\Virtual Volumes\vv_cmd.exe:*:Enabled:vv_cmd -- ()
"C:\Program Files\ICQ7.1\ICQ.exe" = C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.1\aolload.exe" = C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024D66E9-D50C-44A7-92B4-2DFDDD95D228}" = SaxoTrader 2
"{062DAE57-6A6D-4364-B16F-A43C83282177}" = O2Micro MultiMediaBay Windows Driver Installer
"{0BB08CE7-53AE-4447-9ACA-6A47A76C94DF}" = TradeDesk
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0FAE9D75-C11B-402E-B7A6-C06607F8CD72}" = ASUS Wireless Router Utilities
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Pomocník pro přihlášení ke službě Windows Live ID
"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
"{17528AC4-E6C2-43CD-8D8D-A62BA476ADC7}" = Zoner Photo Studio 7 Professional
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1BBD9C84-4FDE-4318-8A32-B31CF4CF4CF8}" = TOPO Czech 3.1
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{25A13826-8E4A-4FBF-AD2B-776447FE9646}" = WMI Tools
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 15
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (BANKKLIENT)
"{2BC3CCC0-1149-424F-AF73-4D0C5C053033}" = TurboCAD Professional 15
"{2FD94FBC-07AE-475C-B522-BFE899B9048E}" = Garmin WebUpdater
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3862105D-1AD3-470D-9CE5-94A2DB91D6CC}" = Slovakia_Topo_v3_Beta2
"{3F340FE0-E93E-4A53-B5E4-19ED2648FCAE}" = PIMS & File Manager
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{4FB120F8-622C-4260-AB49-0F43A59CCF2A}" = iTunes
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.21
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5414086B-AE06-4332-8A59-26FF0F630D1B}" = Garmin Trip and Waypoint Manager v3
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.78
"{58FA5D40-E35A-47ED-8AFA-68CCC758559E}" = Garmin MapSource
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{689404D2-1C94-44B3-9203-BEC5594FDA7A}" = Microsoft SQL Server Desktop Engine
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CA074A5-EF5D-4F9C-A49A-45944DF6D429}" = Microsoft SQL Server 2005 Books Online (English) (November2008)
"{6EF72FC6-842E-4FE6-BF88-BFBF03C9DA74}" = Windows Workflow Foundation CS Language Pack
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{75AECBC5-B17D-424B-B847-D7B72B6CB97C}" = Internet Access
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BA1FB62-A363-4D24-8870-45131F0D0137}" = EPSON PRINT Image Framer Tool2.0
"{7F947BFE-C2DF-4779-9909-5BEE746BD0C4}" = Microsoft .NET Framework 2.0 Language Pack - CSY
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A793FC6-6DF5-11DD-BB6A-00018021113F}" = EPSON PhotoQuicker3.4
"{8D097E67-184B-4D08-8E19-036B49877368}" = EasyStudio Sample
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{946822A3-F5D6-43B6-8335-9113A03773DC}" = EasyStudio Image Editor
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A1E15B5F-E414-4595-A1B5-94A2F07EF9CB}" = Slovakia TOPO v2
"{A1EFAC47-885A-4E74-AAA4-8B56B71B706A}" = Garmin City Navigator North America NT 2010.40
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A4512736-8D63-4298-9271-5329931FA46B}" = Microsoft SQL Server Management Studio Express
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAB6D0F8-02B3-4E89-B24C-0BB153C21445}" = Windows Presentation Foundation Language Pack (CSY)
"{AC76BA86-7AD7-1029-7B44-A93000000001}" = Adobe Reader 9.3.2 - Czech
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AFAFF85E-CD29-49A9-9774-019F459B3E81}" = LCS Helios IQ
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B48F9C44-C904-4FA3-984D-F65AE4C49745}" = Zoner Media Explorer 5
"{B67C01B3-8502-4BE7-AEAB-BBDE910AD3EE}" = Microsoft Web Platform Installer 2.0
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BB224962-A37E-4E24-87E2-BD0F47B6A8F5}" = ePER
"{BCB873D5-94BD-4ADC-B80A-A3B381D7E8FA}" = ITEDO IsoView ActiveX Control 5.0
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C420C50E-C182-42DF-B15E-4426EE347863}" = Instalátor RazDva
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Acronis True Image WD Edition
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0403C9C-0640-4C4B-89B5-57E2A0B36D1D}" = Atlas Czech 8.1NT
"{D22F5242-773E-4270-AB1F-492021BCABBE}" = Garmin City Navigator Europe NT 2010.30 Update
"{D8979435-753B-40AE-9318-5E712C160A71}" = Windows Communication Foundation Language Pack - CSY
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E239F8B2-AE00-467D-9F05-47C8E1FAAFA7}" = WD Align - Powered by Acronis
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4C6A629-7D55-4AF9-BED0-B3800C2B3952}" = Magnus™ 2009
"{E61CAE2E-6D6E-43C1-941B-17A69BC144C5}" = 602XML Filler
"{E8FB4BF9-4C95-4F39-B26D-33C31A2CEE09}" = PIF DESIGNER2.0
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB09515C-8E3E-4E0F-A1F2-032F38DEC185}" = Microsoft .NET Framework 3.0 Czech Language Pack
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = Rozšíření HighMAT průvodce zápisem na disk CD systému Microsoft Windows XP
"{FD0C9330-E89A-4520-9A47-FE01366D5633}" = IBM ViaVoice TTS Runtime v6.405 - Deutsch
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"602XMLFiller_CAB" = 602XML Filler rozšíření pro Internet Explorer
"A106663FD3361BDFACB045D83EBA03858EB1E411" = Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Illustrator CS2" = Adobe Illustrator CS2
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Allok MPEG4 Converter_is1" = Allok MPEG4 Converter 4.7.1101
"A-PDF Restrictions Remover_is1" = A-PDF Restrictions Remover 1.6
"Ashampoo WinOptimizer 2009_is1" = Ashampoo WinOptimizer 2009
"ATI Display Driver" = ATI Display Driver
"Bink and Smacker" = Bink and Smacker
"BKWin" = BankKlient
"Borland Database Engine Setup" = Borland Database Engine Setup
"Brother's Keeper 6.3" = Brother's Keeper 6.3
"BSPlayer1" = BSPlayer
"CCleaner" = CCleaner (remove only)
"CleanUp!" = CleanUp!
"CodeSite 3.0.1 Client Tools" = CodeSite 3.0.1 Client Tools
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.2.2
"Corel Applications" = Corel Applications
"CoreVorbis Audio Decoder" = CoreVorbis Audio Decoder (remove only)
"DivX Content Uploader" = DivX Content Uploader
"DriverAgent.exe" = DriverAgent by eSupport.com
"Ease Audio Converter_is1" = Ease Audio Converter 4.80
"eDATA Unerase" = eDATA Unerase
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = Software tiskárny EPSON
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.60
"Exif Farm" = Exif Farm
"Ext2Ifs_for_NT501" = Ext2 IFS 1.11a for Windows XP
"F2F24872454C7CAEAABD8BB063F70FBEFF01989D" = Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
"File Scavenger V3_is1" = File Scavenger 3.0
"GEOXCodec" = Geovision Codec
"Google Updater" = Google Updater
"Hard Disk Low Level Format Tool_is1" = Hard Disk Low Level Format Tool 2.36 build 1181
"HDD Capacity Restore_is1" = HDD Capacity Restore 1.2
"HijackThis" = HijackThis 2.0.2
"HUAWEI 3G Data Card Management" = HUAWEI 3G Data Card Management
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{AFAFF85E-CD29-49A9-9774-019F459B3E81}" = LCS Helios IQ
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"InterActual Player" = InterActual Player
"LiveAdvisor" = LiveAdvisor (Symantec Corporation)
"LiveUpdate" = LiveUpdate
"MediaCoder" = MediaCoder 0.7.3.4606
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Memor32 Savegame Manager" = Memor32 Savegame Manager 1.2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - CSY" = Microsoft .NET Framework 2.0 Language Pack - CSY
"Microsoft .NET Framework 3.0 Czech Language Pack" = Microsoft .NET Framework 3.0 Czech Language Pack
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MiraplacidPublisher4" = Miraplacid Publisher 4.1
"Mp3 Codec" = Mpeg Layer3 Codec FHG-Radium v1.263
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition
"NeroVision!UninstallKey" = NeroVision Express 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Nero Media Player
"Office14.OUTLOOK" = Microsoft Outlook 2010
"PacketVideo pvAuthor SDK" = PacketVideo pvAuthor SDK
"PacketVideo Recorder" = PacketVideo Recorder
"PartyPoker" = PartyPoker
"Picasa 3" = Picasa 3
"Professional GP300/GM300_CPS (D03.02.01_EN)" = Professional GP300/GM300 Series CPS (D03.02.01_EN)
"PSPad editor_is1" = PSPad editor
"QtZwLMng" = Quick Button ( WinXP )
"Rainbow Client Activator 2.2 English" = Client Activator 2.2 - English
"Recuva" = Recuva (remove only)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TopStyle (Version 3)" = TopStyle (Version 3)
"Total Video Converter 3.10_is1" = Total Video Converter 3.10
"Totalcmd" = Total Commander (Remove or Repair)
"TuneUpMedia" = TuneUp Companion 1.6.4
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual Volumes" = Virtual Volumes
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU
"Winamp" = Winamp (remove only)
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WinZip" = WinZip
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XviD" = XviD MPEG-4 Codec
"XviDDec" = Nic's XviD Decoder
"ZonerPhotoStudio11_CZ_is1" = Zoner Photo Studio 11

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1065543706-3179742922-2167395947-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"036104F22A628105B38BEDB867A390A6EE546B4B" = Outlook2007DataExport
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19.5.2010 9:52:29 | Computer Name = NOTEBOOK_LEO | Source = MSSQL$BANKKLIENT | ID = 17207
Description = FCB::RemoveAlternateStreams: Operating system error 6(Neplatný popisovač.)
occurred while creating or opening file 'c:\Program Files\bkwin\MSSQL.1\MSSQL\DATA\model.mdf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 19.5.2010 9:52:29 | Computer Name = NOTEBOOK_LEO | Source = MSSQL$BANKKLIENT | ID = 17207
Description = FCB::RemoveAlternateStreams: Operating system error 6(Neplatný popisovač.)
occurred while creating or opening file 'c:\Program Files\bkwin\MSSQL.1\MSSQL\DATA\MSDBData.mdf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 19.5.2010 9:52:40 | Computer Name = NOTEBOOK_LEO | Source = MSSQL$BANKKLIENT | ID = 17207
Description = FCB::RemoveAlternateStreams: Operating system error 6(Neplatný popisovač.)
occurred while creating or opening file 'c:\Program Files\bkwin\MSSQL.1\MSSQL\DATA\tempdb.mdf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 19.5.2010 9:52:46 | Computer Name = NOTEBOOK_LEO | Source = MSSQL$BANKKLIENT | ID = 17207
Description = FCB::RemoveAlternateStreams: Operating system error 6(Neplatný popisovač.)
occurred while creating or opening file 'c:\Program Files\bkwin\MSSQL.1\MSSQL\DATA\tempdb.mdf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 21.5.2010 11:49:31 | Computer Name = NOTEBOOK_LEO | Source = Google Update | ID = 20
Description =

Error - 21.5.2010 11:50:16 | Computer Name = NOTEBOOK_LEO | Source = MSSQL$BANKKLIENT | ID = 17207
Description = FCB::RemoveAlternateStreams: Operating system error 6(Neplatný popisovač.)
occurred while creating or opening file 'c:\Program Files\bkwin\MSSQL.1\MSSQL\DATA\master.mdf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 21.5.2010 11:50:32 | Computer Name = NOTEBOOK_LEO | Source = MSSQL$BANKKLIENT | ID = 17207
Description = FCB::RemoveAlternateStreams: Operating system error 6(Neplatný popisovač.)
occurred while creating or opening file 'c:\Program Files\bkwin\MSSQL.1\MSSQL\DATA\MSDBData.mdf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 21.5.2010 11:50:32 | Computer Name = NOTEBOOK_LEO | Source = MSSQL$BANKKLIENT | ID = 17207
Description = FCB::RemoveAlternateStreams: Operating system error 6(Neplatný popisovač.)
occurred while creating or opening file 'c:\Program Files\bkwin\MSSQL.1\MSSQL\DATA\model.mdf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 21.5.2010 11:50:40 | Computer Name = NOTEBOOK_LEO | Source = MSSQL$BANKKLIENT | ID = 17207
Description = FCB::RemoveAlternateStreams: Operating system error 6(Neplatný popisovač.)
occurred while creating or opening file 'c:\Program Files\bkwin\MSSQL.1\MSSQL\DATA\tempdb.mdf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 21.5.2010 11:50:46 | Computer Name = NOTEBOOK_LEO | Source = MSSQL$BANKKLIENT | ID = 17207
Description = FCB::RemoveAlternateStreams: Operating system error 6(Neplatný popisovač.)
occurred while creating or opening file 'c:\Program Files\bkwin\MSSQL.1\MSSQL\DATA\tempdb.mdf'.
Diagnose and correct the operating system error, and retry the operation.

[ OSession Events ]
Error - 21.10.2008 11:22:28 | Computer Name = NOTEBOOK_LEO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2010
seconds with 1380 seconds of active time. This session ended with a crash.

Error - 21.10.2008 11:23:26 | Computer Name = NOTEBOOK_LEO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.

Error - 21.10.2008 17:33:17 | Computer Name = NOTEBOOK_LEO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 30
seconds with 0 seconds of active time. This session ended with a crash.

Error - 22.10.2008 16:53:54 | Computer Name = NOTEBOOK_LEO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 31
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3.11.2008 7:21:11 | Computer Name = NOTEBOOK_LEO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 43
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18.11.2008 10:54:10 | Computer Name = NOTEBOOK_LEO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8557
seconds with 1680 seconds of active time. This session ended with a crash.

Error - 16.1.2009 7:55:52 | Computer Name = NOTEBOOK_LEO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2754
seconds with 420 seconds of active time. This session ended with a crash.

Error - 16.4.2009 10:50:07 | Computer Name = NOTEBOOK_LEO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7262
seconds with 1080 seconds of active time. This session ended with a crash.

Error - 8.12.2009 15:54:48 | Computer Name = NOTEBOOK_LEO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 133
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 21.5.2010 11:50:44 | Computer Name = NOTEBOOK_LEO | Source = Service Control Manager | ID = 7000
Description = Služba EPSON Printer Status Agent2 neuspěla při spuštění v důsledku
následující chyby: %%2

Error - 21.5.2010 11:50:44 | Computer Name = NOTEBOOK_LEO | Source = Service Control Manager | ID = 7000
Description = Služba fastnetsrv Service neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 21.5.2010 11:50:44 | Computer Name = NOTEBOOK_LEO | Source = Service Control Manager | ID = 7000
Description = Služba Windows Search neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 21.5.2010 11:53:26 | Computer Name = NOTEBOOK_LEO | Source = Service Control Manager | ID = 7022
Description = Služba BtwSrv přestala během spouštění reagovat.

Error - 21.5.2010 11:53:32 | Computer Name = NOTEBOOK_LEO | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %2 při pokusu o spuštění služby WSearch
s argumenty za účelem spuštění serveru: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 21.5.2010 11:53:32 | Computer Name = NOTEBOOK_LEO | Source = Service Control Manager | ID = 7000
Description = Služba Windows Search neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 21.5.2010 11:53:37 | Computer Name = NOTEBOOK_LEO | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %2 při pokusu o spuštění služby WSearch
s argumenty za účelem spuštění serveru: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 21.5.2010 11:53:37 | Computer Name = NOTEBOOK_LEO | Source = Service Control Manager | ID = 7000
Description = Služba Windows Search neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 21.5.2010 11:58:37 | Computer Name = NOTEBOOK_LEO | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %2 při pokusu o spuštění služby WSearch
s argumenty za účelem spuštění serveru: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 21.5.2010 11:58:38 | Computer Name = NOTEBOOK_LEO | Source = Service Control Manager | ID = 7000
Description = Služba Windows Search neuspěla při spuštění v důsledku následující
chyby: %%2

< End of report >

OTL.txt musím rozdělit na dvě zprávy - je moc dlouhý

Takže 1.část

OTL logfile created on: 21.5.2010 18:27:45 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\LEO\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52,90 Gb Total Space | 8,22 Gb Free Space | 15,54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 3,73 Gb Total Space | 3,21 Gb Free Space | 86,08% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NOTEBOOK_LEO
Current User Name: LEO
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.05.21 18:26:27 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LEO\Plocha\OTL.exe
PRC - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.03.26 09:28:56 | 000,133,368 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ7.1\ICQ.exe
PRC - [2010.02.10 13:18:34 | 000,046,592 | ---- | M] (Avance Logic, Inc.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2009.10.14 03:54:56 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2009.10.14 03:16:52 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
PRC - [2009.10.14 02:24:22 | 000,110,592 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009.07.03 15:45:24 | 000,207,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
PRC - [2009.06.10 04:02:50 | 000,904,840 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009.06.10 03:57:40 | 000,136,472 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009.06.10 03:57:36 | 000,431,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009.06.10 03:55:30 | 001,326,080 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009.05.27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\bkwin\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009.03.30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009.03.30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008.11.24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.11.24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008.11.03 20:04:44 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008.10.19 14:30:02 | 000,222,456 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2008.10.12 11:16:56 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003.11.17 06:00:00 | 000,753,700 | ---- | M] (C. Ghisler & Co.) -- C:\Program Files\totalcmd\TOTALCMD.EXE
PRC - [2003.04.03 07:14:28 | 000,196,608 | ---- | M] (Dritek System Inc.) -- C:\Program Files\QBU\QtZwLMng.EXE
PRC - [2002.12.17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
PRC - [2002.11.15 10:40:26 | 000,126,976 | R--- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2000.02.14 17:36:22 | 000,541,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
PRC - [2000.02.14 17:36:22 | 000,129,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\WFXSVC.EXE

========== Modules (SafeList) ==========

MOD - [2010.05.21 18:26:27 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LEO\Plocha\OTL.exe
MOD - [2008.04.14 08:49:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2002.11.18 02:34:34 | 000,065,536 | R--- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WSearch)
SRV - File not found [Auto | Stopped] -- -- (fastnetsrv)
SRV - File not found [Auto | Stopped] -- -- (EPSONStatusAgent2)
SRV - File not found [Auto | Stopped] -- -- (Crypkey License)
SRV - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.07.03 15:56:14 | 000,303,376 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2009.06.10 03:57:36 | 000,431,384 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.05.27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\bkwin\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$BANKKLIENT) SQL Server (BANKKLIENT)
SRV - [2009.03.30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008.11.24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.11.24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008.11.24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008.11.03 20:04:44 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008.10.19 14:30:02 | 000,222,456 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2002.12.17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER)
SRV - [2002.12.17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT)
SRV - [2000.02.14 17:36:22 | 000,129,536 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\WINDOWS\system32\WFXSVC.EXE -- (wfxsvc)

========== Driver Services (SafeList) ==========

DRV - [2010.05.17 18:20:01 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010.05.17 18:20:01 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010.05.17 18:19:52 | 000,132,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010.05.17 18:19:39 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2009.10.17 17:39:44 | 000,296,976 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009.08.19 12:26:06 | 000,146,904 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cbfs_x32.sys -- (CbFs)
DRV - [2009.06.15 14:01:00 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009.05.16 20:59:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.05.13 17:46:52 | 000,031,760 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2008.12.15 20:41:32 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2008.09.25 17:35:24 | 000,181,120 | ---- | M] (Stephan Schreiber) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ext2fs.sys -- (Ext2fs)
DRV - [2008.08.28 22:45:58 | 000,051,072 | ---- | M] (Stephan Schreiber) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ifsmount.sys -- (IfsMount)
DRV - [2008.04.14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.14 00:24:38 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008.03.13 14:51:52 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2008.03.13 14:50:02 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2007.09.25 16:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2005.07.26 10:46:54 | 000,065,152 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbser.sys -- (hwusbser)
DRV - [2005.07.26 10:46:54 | 000,065,152 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbapp.sys -- (hwusbapp)
DRV - [2005.07.26 10:46:54 | 000,065,152 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwcdcmdm0)
DRV - [2004.08.23 13:55:54 | 000,029,440 | ---- | M] (Siemens AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\actser.sys -- (actser)
DRV - [2003.06.30 09:50:00 | 000,072,894 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003.06.30 09:50:00 | 000,025,214 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2003.03.20 13:25:00 | 000,576,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003.02.27 09:03:52 | 000,701,676 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003.02.27 01:00:00 | 000,523,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fxpcbase.sys -- (FXPCBASE) ISDN@2lines (WinXP/2000)
DRV - [2003.02.17 06:22:24 | 000,170,880 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003.02.15 05:59:14 | 001,169,792 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003.02.06 08:15:48 | 002,370,688 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel(R)
DRV - [2003.01.16 05:26:52 | 000,016,256 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2002.11.18 02:30:58 | 000,263,536 | R--- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2002.09.23 12:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2002.09.23 12:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001.08.17 20:13:48 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN)
DRV - [2000.02.03 21:53:12 | 000,024,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [1999.09.27 11:06:10 | 000,036,864 | ---- | M] (Motorola) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\COMMSBEP.sys -- (CommSBEP)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.atcomp.cz
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.atcomp.cz
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1065543706-3179742922-2167395947-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1065543706-3179742922-2167395947-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://neviditelnypes.zpravy.cz/
IE - HKU\S-1-5-21-1065543706-3179742922-2167395947-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1065543706-3179742922-2167395947-1004\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1065543706-3179742922-2167395947-1004\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1065543706-3179742922-2167395947-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1065543706-3179742922-2167395947-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: ([2009.08.25 17:05:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll (IE Toolbar)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (WebCGMHlprObj Class) - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll (CGM Open Consortium, Inc.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1065543706-3179742922-2167395947-1004\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-1065543706-3179742922-2167395947-1004\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [29378] C:\WINDOWS\System32\E.tmp.exe File not found
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QtZwLMng] C:\Program Files\QBU\QtZwLMng.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O4 - HKLM..\Run: [restorer32_a] C:\WINDOWS\System32\restorer32_a.exe File not found
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Avance Logic, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\.DEFAULT..\Run: [restorer32_a] File not found
O4 - HKU\S-1-5-18..\Run: [restorer32_a] File not found
O4 - HKU\S-1-5-21-1065543706-3179742922-2167395947-1004..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-1065543706-3179742922-2167395947-1004..\Run: [servises] C:\WINDOWS\System32\servises.exe File not found
O4 - HKU\S-1-5-21-1065543706-3179742922-2167395947-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O4 - Startup: C:\Documents and Settings\LEO\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe File not found
F3 - HKU\.DEFAULT WinNT: Load - (C:\WINDOWS\fonts\services.exe) - C:\WINDOWS\fonts\services.exe File not found
F3 - HKU\.DEFAULT WinNT: Run - (C:\WINDOWS\fonts\services.exe) - C:\WINDOWS\fonts\services.exe File not found
F3 - HKU\S-1-5-18 WinNT: Load - (C:\WINDOWS\fonts\services.exe) - C:\WINDOWS\fonts\services.exe File not found
F3 - HKU\S-1-5-18 WinNT: Run - (C:\WINDOWS\fonts\services.exe) - C:\WINDOWS\fonts\services.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: servises = C:\WINDOWS\system32\servises.exe File not found
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: servises = C:\WINDOWS\system32\servises.exe File not found
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1065543706-3179742922-2167395947-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1065543706-3179742922-2167395947-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1065543706-3179742922-2167395947-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1065543706-3179742922-2167395947-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1065543706-3179742922-2167395947-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: servises = C:\WINDOWS\system32\servises.exe File not found
O8 - Extra context menu item: &ICQ Toolbar Search - C:\Program Files\ICQToolbar\toolbaru.dll (IE Toolbar)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} https://portal.ozp.cz/obj/Signer.cab (SigVer Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 2817006736 (WUWebControl Class)
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} https://www.mojedatovaschranka.cz/stati ... b?3,14,8,0 (Active602XMLFiller Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 6149382925 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} http://www.microsoft.com/security/contr ... GDIChk.CAB (GDIChk Object)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CF2BD3ED-F1CE-11D4-9B98-005004CA7085} https://portalp.cpzp.cz/dll/SignForm.dll (crypto Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files\Symantec\WinFax\WFXSEH32.DLL (Symantec Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.02.10 13:41:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\##7f8b5e7a9bfa4c9#FLASHDISK\Shell - "" = AutoRun
O33 - MountPoints2\##7f8b5e7a9bfa4c9#FLASHDISK\Shell\AutoRun\command - "" = Y:\setupSNK.exe -- File not found
O33 - MountPoints2\{37aed6d0-43fe-11df-b24d-0004236f14d2}\Shell\AutoRun\command - "" = E:\WDSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2003.06.19 08:03:12 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Hacked With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIV3 - C:\WINDOWS\System32\DivXc32.dll (Hacked with Joy !)
Drivers32: vidc.DIV4 - C:\WINDOWS\System32\DivXc32f.dll (Hacked with Joy !)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.GEOV - C:\WINDOWS\System32\GeoCodec.dll (GeoVision)
Drivers32: vidc.GEOX - C:\WINDOWS\System32\GeoCodec.dll (GeoVision)
Drivers32: vidc.I263 - C:\WINDOWS\System32\i263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvid.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (32946183026507776)

========== Files/Folders - Created Within 30 Days ==========

[2010.05.21 18:26:16 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\LEO\Plocha\OTL.exe
[2010.05.21 18:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.05.19 19:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\eDATA Unerase
[2010.05.19 16:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LEO\Data aplikací\Toolbar4
[2010.05.19 16:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\HyperSnap 6
[2010.05.17 14:56:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.05.17 10:37:05 | 000,005,248 | ---- | C] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\System32\affhdd.sys
[2010.05.17 10:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\HDD Capacity Restore
[2010.05.17 10:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2010.05.17 03:45:15 | 000,000,000 | ---D | C] -- C:\Program Files\HDDGURU LLF Tool
[2010.05.17 02:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital Corporation
[2010.05.17 02:42:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Temp
[2010.05.17 02:07:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Data aplikací\Acronis
[2010.05.17 02:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Acronis
[2010.05.17 02:02:24 | 000,441,760 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\timntr.sys
[2010.05.17 02:02:24 | 000,044,384 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\tifsfilt.sys
[2010.05.17 02:02:16 | 000,132,480 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys
[2010.05.17 02:01:59 | 000,368,480 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\tdrpman.sys
[2010.05.17 02:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Acronis
[2010.05.16 18:42:36 | 001,885,464 | ---- | C] (Acronis) -- C:\WINDOWS\System32\AutoPartNt.exe
[2010.05.16 14:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LEO\Data aplikací\Acronis
[2010.05.16 14:13:14 | 000,911,680 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\tdrpm258.sys
[2010.05.14 16:26:26 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010.05.10 19:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LEO\Data aplikací\Saxo Bank
[2010.05.10 19:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LEO\Local Settings\Data aplikací\Saxo Bank
[2010.05.10 19:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\Saxo Bank
[2010.05.08 13:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010.05.08 12:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010.05.08 12:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010.05.08 12:59:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2010.05.08 12:07:58 | 000,018,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010.05.02 02:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LEO\Local Settings\Data aplikací\assembly
[2010.05.02 02:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LEO\Local Settings\Data aplikací\Deployment
[2010.05.02 02:28:21 | 000,000,000 | ---D | C] -- C:\fc96e1c42e650b1f1d2f8a354e
[2010.05.02 01:52:12 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2010.05.02 01:42:01 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010.05.02 01:42:01 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010.05.02 01:42:01 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010.05.02 01:42:01 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010.05.02 01:42:00 | 000,000,000 | ---D | C] -- C:\0a38966b82518c2c2db9c7
[2010.05.01 23:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\ViaVoiceTTS
[2010.05.01 23:34:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\lhsp
[2010.05.01 23:33:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\speech
[2010.05.01 23:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Magnus
[2010.04.29 09:58:59 | 000,112,056 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\acaptuser32.dll
[2010.04.29 00:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\MT4 at easy-forex
[2010.04.28 22:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\Easy-Forex
[2010.04.28 22:00:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LEO\Dokumenty\Easy Forex Apps
[2010.04.28 22:00:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LEO\Data aplikací\Easy Forex
[2010.04.28 17:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\LEO\Dokumenty\*.tmp files -> C:\Documents and Settings\LEO\Dokumenty\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.21 18:26:27 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LEO\Plocha\OTL.exe
[2010.05.21 18:25:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.21 18:22:21 | 000,003,206 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.05.21 17:53:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.21 17:50:15 | 000,001,136 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.05.21 17:49:58 | 000,000,960 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.05.21 17:49:38 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.21 17:49:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.21 17:48:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.21 17:48:10 | 1609,617,408 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.19 19:10:34 | 000,001,497 | ---- | M] () -- C:\eDATA Unerase.lnk
[2010.05.19 18:27:36 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010.05.19 18:27:34 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\LEO\ntuser.ini
[2010.05.19 17:47:26 | 010,006,528 | ---- | M] () -- C:\Documents and Settings\LEO\ntuser.dat
[2010.05.19 17:35:04 | 000,158,720 | ---- | M] () -- C:\Documents and Settings\LEO\Dokumenty\Postup klonovani.doc
[2010.05.19 17:20:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.05.19 13:30:13 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System32\AutoPartNt.let
[2010.05.19 13:29:10 | 001,885,464 | ---- | M] (Acronis) -- C:\WINDOWS\System32\AutoPartNt.exe
[2010.05.18 14:00:54 | 000,065,841 | -H-- | M] () -- C:\TREEINFO.WC
[2010.05.17 18:20:01 | 000,441,760 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\timntr.sys
[2010.05.17 18:20:01 | 000,044,384 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\tifsfilt.sys
[2010.05.17 18:19:52 | 000,132,480 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys
[2010.05.17 18:19:39 | 000,368,480 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\tdrpman.sys
[2010.05.17 10:37:05 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\LEO\Plocha\HDD Capacity Restore.lnk
[2010.05.17 03:45:21 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\LEO\Plocha\Hard Disk Low Level Format Tool.lnk
[2010.05.16 23:54:28 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.05.16 14:13:16 | 000,911,680 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\tdrpm258.sys
[2010.05.12 23:43:26 | 000,017,841 | ---- | M] () -- C:\Documents and Settings\LEO\Dokumenty\FREEInvestment.xlsx
[2010.05.10 00:29:02 | 000,114,688 | ---- | M] () -- C:\Documents and Settings\LEO\Dokumenty\Forex4Free.xls
[2010.05.08 15:05:28 | 000,079,712 | ---- | M] () -- C:\Documents and Settings\LEO\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.05.08 13:11:44 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010.05.08 13:11:44 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010.05.08 13:08:54 | 000,295,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.05.06 14:54:26 | 001,932,410 | ---- | M] () -- C:\ACCOUNTSTATEMENT_LEON659 copy.jpg
[2010.05.06 14:40:26 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.05.06 14:36:42 | 003,291,176 | ---- | M] () -- C:\ACCOUNTSTATEMENT_LEON659.jpg
[2010.05.05 14:45:56 | 000,011,894 | ---- | M] () -- C:\Documents and Settings\LEO\Dokumenty\FOREX.xlsx
[2010.05.05 09:31:46 | 000,113,933 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010.05.05 09:31:46 | 000,097,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010.05.03 00:22:58 | 1609,646,080 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010.05.02 02:27:52 | 001,287,418 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.05.02 02:27:52 | 000,547,106 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.05.02 02:27:52 | 000,529,592 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.05.02 02:27:52 | 000,126,070 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.05.02 02:27:52 | 000,106,166 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.05.01 21:45:06 | 001,102,241 | ---- | M] () -- C:\Documents and Settings\LEO\Dokumenty\NEPARKUJTE.docx
[2010.05.01 20:29:52 | 000,164,352 | ---- | M] () -- C:\Documents and Settings\LEO\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.01 20:21:58 | 000,142,001 | ---- | M] () -- C:\Documents and Settings\LEO\Dokumenty\Neparkuj.ai
[2010.05.01 18:56:50 | 000,423,585 | ---- | M] () -- C:\Documents and Settings\LEO\Dokumenty\neparkovatvjezd0001.JPG
[2010.04.28 22:01:02 | 000,001,913 | ---- | M] () -- C:\Documents and Settings\LEO\Plocha\Easy Forex TradeDesk.lnk
[2010.04.28 00:15:08 | 000,008,380 | ---- | M] () -- C:\Documents and Settings\LEO\Dokumenty\zajimave texty.xlsx
[2010.04.26 10:21:12 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\LEO\Dokumenty\AMERIKY.xls
[2010.04.24 00:12:04 | 000,016,538 | ---- | M] () -- C:\Documents and Settings\LEO\Dokumenty\INAU.xlsx
[2010.04.23 16:55:22 | 000,015,087 | ---- | M] () -- C:\Documents and Settings\LEO\Dokumenty\KodiaQ.xlsx
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\LEO\Dokumenty\*.tmp files -> C:\Documents and Settings\LEO\Dokumenty\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.19 19:10:33 | 000,001,497 | ---- | C] () -- C:\eDATA Unerase.lnk
[2010.05.19 19:10:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\OctaneARM.dll
[2010.05.19 17:47:25 | 010,006,528 | ---- | C] () -- C:\Documents and Settings\LEO\ntuser.dat
[2010.05.19 17:35:04 | 000,158,720 | ---- | C] () -- C:\Documents and Settings\LEO\Dokumenty\Postup klonovani.doc
[2010.05.17 10:37:05 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\LEO\Plocha\HDD Capacity Restore.lnk
[2010.05.17 03:45:20 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\LEO\Plocha\Hard Disk Low Level Format Tool.lnk
[2010.05.16 18:42:36 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\AutoPartNt.let
[2010.05.09 19:20:29 | 000,114,688 | ---- | C] () -- C:\Documents and Settings\LEO\Dokumenty\Forex4Free.xls
[2010.05.08 19:54:15 | 000,017,841 | ---- | C] () -- C:\Documents and Settings\LEO\Dokumenty\FREEInvestment.xlsx
[2010.05.06 14:54:16 | 001,932,410 | ---- | C] () -- C:\ACCOUNTSTATEMENT_LEON659 copy.jpg
[2010.05.06 14:32:35 | 003,291,176 | ---- | C] () -- C:\ACCOUNTSTATEMENT_LEON659.jpg
[2010.05.03 10:15:25 | 000,011,894 | ---- | C] () -- C:\Documents and Settings\LEO\Dokumenty\FOREX.xlsx
[2010.05.01 21:39:09 | 001,102,241 | ---- | C] () -- C:\Documents and Settings\LEO\Dokumenty\NEPARKUJTE.docx
[2010.05.01 20:21:56 | 000,142,001 | ---- | C] () -- C:\Documents and Settings\LEO\Dokumenty\Neparkuj.ai
[2010.05.01 19:33:27 | 000,423,585 | ---- | C] () -- C:\Documents and Settings\LEO\Dokumenty\neparkovatvjezd0001.JPG
[2010.04.28 23:24:19 | 000,173,136 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2010.04.28 22:01:00 | 000,001,913 | ---- | C] () -- C:\Documents and Settings\LEO\Plocha\Easy Forex TradeDesk.lnk
[2010.04.28 00:15:05 | 000,008,380 | ---- | C] () -- C:\Documents and Settings\LEO\Dokumenty\zajimave texty.xlsx
[2010.04.24 00:12:01 | 000,016,538 | ---- | C] () -- C:\Documents and Settings\LEO\Dokumenty\INAU.xlsx
[2010.04.23 15:03:38 | 000,015,087 | ---- | C] () -- C:\Documents and Settings\LEO\Dokumenty\KodiaQ.xlsx
[2010.02.10 15:05:22 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2009.09.09 21:30:17 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\DZ_EZ32.DLL
[2009.09.09 21:30:17 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\DZPIPE32.DLL
[2009.07.09 12:20:03 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\LSQUARE.DLL
[2009.07.09 12:20:02 | 002,960,896 | ---- | C] () -- C:\WINDOWS\System32\CMATH.DLL
[2008.11.03 19:52:25 | 000,000,336 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008.09.05 12:01:51 | 000,000,398 | ---- | C] () -- C:\WINDOWS\AudioConverter.INI
[2008.07.07 11:16:26 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\w32mkrc.dll
[2008.05.26 22:22:14 | 000,015,552 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 22:22:10 | 000,021,464 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 22:22:04 | 000,014,910 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.05.12 22:40:21 | 000,000,166 | ---- | C] () -- C:\WINDOWS\LuminancesDlg.ini
[2008.05.12 22:40:21 | 000,000,166 | ---- | C] () -- C:\WINDOWS\EnvironmentsDlg.ini
[2008.05.12 22:40:21 | 000,000,160 | ---- | C] () -- C:\WINDOWS\MaterialsDlg.ini
[2007.11.24 22:20:52 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2007.11.24 22:20:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2007.09.05 15:33:13 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007.09.05 15:33:09 | 000,078,336 | ---- | C] () -- C:\WINDOWS\System32\dbjavio6.dll
[2007.09.05 15:33:07 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\dbauth6.dll
[2007.09.05 15:32:54 | 000,000,055 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2007.09.05 15:32:51 | 000,024,608 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2007.09.05 15:32:51 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2007.03.27 09:55:48 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007.01.30 19:31:46 | 000,002,373 | ---- | C] () -- C:\WINDOWS\EaseAudioConverter.ini
[2006.12.12 18:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006.09.11 22:06:06 | 000,000,108 | ---- | C] () -- C:\WINDOWS\Peanuts Baseball Game.ini
[2006.09.11 22:06:06 | 000,000,079 | ---- | C] () -- C:\WINDOWS\FSaver.ini
[2006.08.05 15:04:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI
[2006.08.05 14:26:04 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
[2006.08.05 14:26:04 | 000,000,250 | ---- | C] () -- C:\WINDOWS\WINFAX.INI
[2006.08.05 14:26:03 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2006.06.08 20:22:12 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006.04.14 10:37:26 | 000,000,032 | ---- | C] () -- C:\WINDOWS\aceg.ini
[2006.01.24 00:18:08 | 000,002,232 | ---- | C] () -- C:\WINDOWS\RBuilder.ini
[2005.02.03 22:46:58 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2005.02.03 22:46:58 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2005.02.03 22:46:58 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2005.02.03 22:46:58 | 000,000,342 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2005.02.03 22:46:58 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2005.02.03 22:45:23 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\AuthorStreamingEng.dll
[2005.02.03 22:45:23 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\libisomedia.dll
[2005.02.03 22:45:23 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\logger.dll
[2005.02.03 22:45:22 | 000,778,240 | --S- | C] () -- C:\WINDOWS\pvpeng.dll
[2005.02.03 22:45:22 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\pvmediacom_lic.dll
[2005.02.03 22:45:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\osclpthread.dll
[2005.01.08 20:14:35 | 000,000,091 | ---- | C] () -- C:\WINDOWS\telephon.ini
[2004.11.21 22:38:27 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004.10.03 19:55:52 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2004.09.19 19:41:12 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004.09.04 15:47:23 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004.08.09 22:49:00 | 000,000,456 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2004.04.25 00:18:26 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2004.04.24 23:47:37 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5m.DLL
[2004.04.18 19:55:46 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2004.03.21 20:27:42 | 000,000,694 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004.03.08 21:08:07 | 000,000,429 | ---- | C] () -- C:\WINDOWS\Marias.ini
[2004.03.01 09:43:09 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2004.03.01 07:53:21 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004.01.10 17:03:53 | 000,000,977 | ---- | C] () -- C:\WINDOWS\level.ini
[2003.12.07 13:11:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003.10.05 16:27:22 | 000,000,234 | ---- | C] () -- C:\WINDOWS\FE.INI
[2003.10.05 16:15:36 | 000,000,030 | ---- | C] () -- C:\WINDOWS\TextSpy.ini
[2003.10.05 14:16:50 | 000,003,206 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2003.10.05 11:24:00 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2003.09.30 11:47:47 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2003.09.30 11:47:47 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2003.09.30 11:47:47 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003.09.30 11:47:47 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2003.09.30 11:47:46 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2003.09.30 11:47:46 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003.09.29 08:26:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003.06.19 09:27:28 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2002.11.14 13:03:54 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2002.11.14 13:03:52 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2002.11.14 13:03:52 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2002.11.14 13:03:50 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2002.11.14 13:03:48 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2002.09.23 14:00:00 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\FInstall.sys
[1999.08.06 16:01:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\dbextf50.dll
[1999.08.06 15:17:44 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\dbodtr6.dll
[1997.06.14 01:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[1980.01.01 00:00:00 | 000,000,330 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

========== LOP Check ==========

[2010.05.17 02:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Acronis
[2010.01.26 22:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DriverScanner
[2009.04.19 21:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Fine
[2010.04.15 20:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\GARMIN
[2009.03.16 11:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2008.05.12 21:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IMSIDesign
[2009.07.09 12:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Raize
[2009.09.28 23:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.04.07 19:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TuneUpMedia
[2006.06.08 20:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Viewpoint
[2007.09.05 15:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\WorkshopCD
[2009.03.29 18:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010.03.31 17:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.10.31 21:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.04.15 18:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006.06.08 20:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\acccore
[2010.05.16 14:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Acronis
[2006.12.19 13:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\CD-LabelPrint
[2009.06.08 10:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Chrysler Pardubice
[2010.04.28 22:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Easy Forex
[2007.06.13 22:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\GARMIN
[2010.05.19 18:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\ICQ
[2008.02.28 10:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\ICQ Toolbar
[2006.12.14 14:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\ICQLite
[2006.12.14 14:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\ICQLite(2)
[2009.02.14 23:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\ImgBurn
[2008.05.12 16:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\IMSIDesign
[2003.10.05 12:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\InterVideo
[2008.08.06 11:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\ITEDO
[2010.04.07 18:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\OpenCandy
[2006.08.12 21:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Opera
[2006.12.13 21:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\PKWARE
[2010.05.10 19:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Saxo Bank
[2009.08.07 13:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Snappy Fax
[2009.08.07 13:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Snappy Fax Archives
[2006.10.24 18:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Teleca
[2010.05.19 16:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Toolbar4
[2010.04.07 19:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\TuneUpMedia
[2010.01.26 22:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Uniblue
[2010.05.17 17:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\uTorrent
[2006.05.02 09:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\warez
[2006.04.25 23:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\WarezClient
[2006.08.17 17:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\WarezGhost
[2008.10.15 23:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Windows Desktop Search
[2008.10.22 21:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Windows Search
[2004.12.27 23:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\XCPCSync.OEM
[2003.10.05 20:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Zoner
[2010.05.17 02:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Acronis

========== Purity Check ==========

Tady je zbytek:

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2008.11.07 14:31:38 | 021,633,320 | R--- | M] (Skype Technologies S.A.)
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -- [2008.10.12 11:16:56 | 000,068,856 | ---- | M] (Google Inc.)
"servises" = C:\WINDOWS\system32\servises.exe -- File not found
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 08:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
"ICQ" = "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4 -- [2010.03.26 09:28:56 | 000,133,368 | ---- | M] (ICQ, LLC.)
"WMPNSCFG" = C:\Program Files\Windows Media Player\WMPNSCFG.exe -- [2007.01.05 20:57:50 | 000,204,288 | ---- | M] (Microsoft Corporation)

< c:\windows\*.* /U >
[6 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2006.06.08 20:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\acccore
[2010.05.16 14:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Acronis
[2004.04.18 19:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Adobe
[2004.04.18 19:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\AdobeUM
[2003.12.27 21:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Ahead
[2006.12.14 20:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Apple Computer
[2006.12.19 13:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\CD-LabelPrint
[2009.06.08 10:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Chrysler Pardubice
[2004.04.25 00:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Corel
[2008.03.23 19:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\CyberLink
[2007.01.13 11:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\DivX
[2010.04.28 22:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Easy Forex
[2007.06.13 22:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\GARMIN
[2008.08.28 10:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Google
[2003.06.19 09:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Help
[2010.05.19 18:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\ICQ
[2008.02.28 10:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\ICQ Toolbar
[2006.12.14 14:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\ICQLite
[2006.12.14 14:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\ICQLite(2)
[2003.06.19 08:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Identities
[2009.02.14 23:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\ImgBurn
[2008.05.12 16:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\IMSIDesign
[2003.10.05 12:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\InterVideo
[2008.08.06 11:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\ITEDO
[2004.09.19 11:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Lavasoft
[2003.10.19 15:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Macromedia
[2003.06.19 08:06:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LEO\Data aplikací\Microsoft
[2009.03.16 11:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Mozilla
[2003.10.05 11:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\MSN6
[2010.04.07 18:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\OpenCandy
[2006.08.12 21:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Opera
[2006.12.13 21:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\PKWARE
[2010.05.10 19:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Saxo Bank
[2010.05.21 18:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Skype
[2010.05.21 17:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\skypePM
[2009.08.07 13:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Snappy Fax
[2009.08.07 13:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Snappy Fax Archives
[2006.03.06 00:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Sun
[2006.08.05 14:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Symantec
[2006.10.24 18:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Teleca
[2010.05.19 16:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Toolbar4
[2010.04.07 19:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\TuneUpMedia
[2010.01.26 22:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Uniblue
[2010.05.17 17:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\uTorrent
[2006.05.02 09:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\warez
[2006.04.25 23:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\WarezClient
[2006.08.17 17:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\WarezGhost
[2008.10.15 23:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Windows Desktop Search
[2008.10.22 21:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Windows Search
[2004.12.27 23:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\XCPCSync.OEM
[2003.10.05 20:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEO\Data aplikací\Zoner

< %APPDATA%\*.exe /s >
[2009.06.08 10:56:50 | 005,995,533 | ---- | M] () -- C:\Documents and Settings\LEO\Data aplikací\Chrysler Pardubice\SetupBDE5.exe
[2010.04.28 22:01:20 | 000,003,902 | R--- | M] () -- C:\Documents and Settings\LEO\Data aplikací\Microsoft\Installer\{0BB08CE7-53AE-4447-9ACA-6A47A76C94DF}\_21F3885A18D238E15AAE81.exe
[2010.04.28 22:01:20 | 000,003,902 | R--- | M] () -- C:\Documents and Settings\LEO\Data aplikací\Microsoft\Installer\{0BB08CE7-53AE-4447-9ACA-6A47A76C94DF}\_6FEFF9B68218417F98F549.exe
[2010.04.28 22:01:20 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\LEO\Data aplikací\Microsoft\Installer\{0BB08CE7-53AE-4447-9ACA-6A47A76C94DF}\_8AD9B14C2F9AD2CCCA3220.exe
[2010.04.28 22:01:20 | 000,004,286 | R--- | M] () -- C:\Documents and Settings\LEO\Data aplikací\Microsoft\Installer\{0BB08CE7-53AE-4447-9ACA-6A47A76C94DF}\_8BA5CBCEE06E96870DDABC.exe
[2010.04.28 22:01:20 | 000,004,286 | R--- | M] () -- C:\Documents and Settings\LEO\Data aplikací\Microsoft\Installer\{0BB08CE7-53AE-4447-9ACA-6A47A76C94DF}\_CA2F9CB70E3D0FC1251D42.exe
[2010.04.28 22:01:20 | 000,004,286 | R--- | M] () -- C:\Documents and Settings\LEO\Data aplikací\Microsoft\Installer\{0BB08CE7-53AE-4447-9ACA-6A47A76C94DF}\_D707CE1C009F1381803C2C.exe
[2010.05.01 23:36:04 | 000,045,056 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\LEO\Data aplikací\Microsoft\Installer\{E4C6A629-7D55-4AF9-BED0-B3800C2B3952}\ARPPRODUCTICON.exe
[2010.05.01 23:36:04 | 000,045,056 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\LEO\Data aplikací\Microsoft\Installer\{E4C6A629-7D55-4AF9-BED0-B3800C2B3952}\control711_48F4211F9E554440B05B06095A831C0E.exe
[2010.05.01 23:36:04 | 000,045,056 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\LEO\Data aplikací\Microsoft\Installer\{E4C6A629-7D55-4AF9-BED0-B3800C2B3952}\EC111_AA3A22F8E7544F6FAD918B9B63C337A0.exe
[2010.05.01 23:36:04 | 000,045,056 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\LEO\Data aplikací\Microsoft\Installer\{E4C6A629-7D55-4AF9-BED0-B3800C2B3952}\EC112_70A92A4E510F46D493E8CC2C417F701A.exe
[2010.05.01 23:36:04 | 000,045,056 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\LEO\Data aplikací\Microsoft\Installer\{E4C6A629-7D55-4AF9-BED0-B3800C2B3952}\EC11_F308E9E4D2CC484A9EDC18D90DFD4B61.exe
[2010.05.01 23:36:04 | 000,045,056 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\LEO\Data aplikací\Microsoft\Installer\{E4C6A629-7D55-4AF9-BED0-B3800C2B3952}\EC1_5BBC82EB80A4441584D82AFE3E9A466F.exe
[2010.05.01 23:36:04 | 000,045,056 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\LEO\Data aplikací\Microsoft\Installer\{E4C6A629-7D55-4AF9-BED0-B3800C2B3952}\NC_20DBAFE4C9624D5392E377CE18CEE872.exe
[2010.05.01 23:36:04 | 000,045,056 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\LEO\Data aplikací\Microsoft\Installer\{E4C6A629-7D55-4AF9-BED0-B3800C2B3952}\NewShortcut6_B794D369B2624859AEF7E3A2CABB3DFF.exe
[2010.04.07 18:57:32 | 000,256,899 | ---- | M] () -- C:\Documents and Settings\LEO\Data aplikací\OpenCandy\ACCBA629FE3348A7A483F5C7EE467671\DlMgr3Wrapper.exe
[2010.01.25 21:56:32 | 020,199,790 | ---- | M] (TuneUp Media, Inc.) -- C:\Documents and Settings\LEO\Data aplikací\OpenCandy\ACCBA629FE3348A7A483F5C7EE467671\TuneUpInst-1.6.1-cmp55.exe

< MD5 for: AGP440.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\ReinstallBackups\0043\DriverFiles\i386\AGP440.SYS
[2002.09.23 12:00:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002.09.23 14:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002.09.23 12:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002.09.23 12:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0040\DriverFiles\i386\atapi.sys

< MD5 for: CDROM.SYS >
[2002.09.23 14:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\I386\sp1.cab:cdrom.sys
[2002.09.23 12:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2002.09.23 12:00:00 | 000,047,488 | ---- | M] (Microsoft Corporation) MD5=6506E033AD04CFEC9EE56DBEFD1083DD -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
[2009.12.22 19:39:20 | 000,062,592 | ---- | M] (Microsoft Corporation) MD5=7B53584D94E9D8716B2DE91D5F1CB42D -- C:\WINDOWS\system32\dllcache\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2002.09.23 12:00:00 | 000,053,248 | ---- | M] (Microsoft Corporation) MD5=031E7FF41B13B658CAE7D6C98086F76A -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2002.09.23 14:00:00 | 000,053,248 | ---- | M] (Microsoft Corporation) MD5=031E7FF41B13B658CAE7D6C98086F76A -- C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\cache\eventlog.dll
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2002.09.23 12:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=E8508E7F865490D8AE71D00C8DF4D227 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2009.10.13 22:11:16 | 001,019,904 | ---- | M] (Microsoft Corporation) MD5=092625F44D4872D1A86086B2249C661A -- C:\WINDOWS\system32\dllcache\cache\explorer.exe
[2009.10.13 22:19:16 | 001,035,776 | ---- | M] (Microsoft Corporation) MD5=0F8A350534C6BA0C85FD2462A31AD9A6 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2002.09.23 12:00:00 | 001,004,544 | ---- | M] (Microsoft Corporation) MD5=11D80755545CFB5EB9659EE88440EAE2 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2009.10.13 21:49:18 | 001,019,392 | ---- | M] (Microsoft Corporation) MD5=A43680BABC22C4AFA24EEA6E1BA1E1DF -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2009.10.13 22:27:26 | 001,007,616 | ---- | M] (Microsoft Corporation) MD5=EF2D168BD0E17873A641FB36D6BDCC11 -- C:\WINDOWS\$NtUninstallKB820291$\explorer.exe

< MD5 for: HAL.DLL >
[2002.09.23 14:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\I386\sp1.cab:hal.dll
[2002.09.23 12:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2002.09.23 12:00:00 | 000,077,440 | ---- | M] (Microsoft Corporation) MD5=09C4C15D18A7133C91C3EF3C4600D256 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
[2008.04.14 00:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.14 00:01:28 | 000,081,152 | ---- | M] (Microsoft Corporation) MD5=C4BA879B581BE34536FE01F79AC28631 -- C:\WINDOWS\system32\HAL.DLL

< MD5 for: CHANGER.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.14 00:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2002.09.23 12:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\ReinstallBackups\0041\DriverFiles\i386\isapnp.sys

< MD5 for: LSASS.EXE >
[2002.09.23 12:00:00 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=32F7074BAC9A5F899CCA9C046C9FA6EB -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\cache\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2002.09.23 12:00:00 | 000,167,552 | ---- | M] (Microsoft Corporation) MD5=3B350E5A2A5E951453F3993275A4523A -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\cache\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
[2002.09.23 12:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=CF03E300B5CEEFFEFBE6F67532BD0EF1 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\cache\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
[2002.09.23 12:00:00 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B2666CAB5E8C8A741D63F18D551A47FB -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: SMSS.EXE >
[2002.09.23 14:00:00 | 000,481,792 | ---- | M] (Microsoft Corporation) MD5=223C19411FD6064E75AABDFCC63B4029 -- C:\I386\SYSTEM32\SMSS.EXE
[2002.09.23 12:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7763D73255AD4046FA999D42EAF22C26 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2002.09.23 12:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=329945887A0C684C38A4845330BC9100 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2006.04.20 13:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2002.09.23 12:00:00 | 000,332,928 | ---- | M] (Microsoft Corporation) MD5=244A2F9816BC9B593957281EF577D976 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2006.01.13 18:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[2006.01.13 03:28:14 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=583E063FDC888CA30D05C2724B0D7EF4 -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2005.05.25 21:07:12 | 000,359,936 | ---- | M] (Microsoft Corporation) MD5=63FDFEA54EB53DE2D863EE454937CE1E -- C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[2007.10.30 17:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2005.05.25 21:04:02 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=88763A98A4C26C409741B4AA162720C9 -- C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
[2007.10.30 18:20:56 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\cache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.04 08:14:40 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 14:18:36 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2002.09.23 12:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B26871B5CE92F9D95AE6E62119799EB9 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
[2002.09.23 12:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=FF8857D1AF59071F172C0FAD0FD33E87 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

< MD5 for: WS2_32.DLL >
[2002.09.23 12:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=748494B94A871A828C64D1D5C738D2B7 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2002.09.23 16:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=748494B94A871A828C64D1D5C738D2B7 -- C:\WINDOWS\$NtUninstallKB817778$\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\cache\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009.03.08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2008.04.14 08:51:50 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010.02.10 12:33:24 | 000,786,432 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010.02.10 12:16:36 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2010.02.10 12:33:24 | 044,564,480 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010.02.10 12:33:24 | 008,912,896 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009.03.08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2008.04.14 08:51:50 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.05.19 13:29:10 | 001,885,464 | ---- | M] (Acronis) -- C:\WINDOWS\system32\AutoPartNt.exe
[2010.05.19 13:30:13 | 000,001,024 | ---- | M] () -- C:\WINDOWS\system32\AutoPartNt.let
[2010.05.21 17:53:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >

VIRY.CZ

Problém ????

Problém ????

Re: Problém ????

Re: Problém ????

Re: Problém ????

Re: Problém ????

Re: Problém ????

Re: Problém ????

Re: Problém ????

Re: Problém ????

Re: Problém ????

Re: Problém ????

Re: Problém ????

Re: Problém ????

Re: Problém ????

Re: Problém ????