VIRY.CZ

ahoj, jsem na pc u rodicu a jsem celkem zdesen, vse je neunosne pomale a sam to nezvladnu, dekuji

Logfile of random's system information tool 1.09 (written by random/random)
Run by PC Popular at 2011-07-28 23:40:30
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 39 GB (25%) free of 153 GB
Total RAM: 1013 MB (11% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:42:05, on 28.7.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SiteRanker\SiteRankTray.exe
C:\Program Files\PCPowerSpeed\PCPowerTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ICQ7.2\ICQ.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Users\PC Popular\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\PC Popular\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC Popular\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC Popular\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC Popular\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC Popular\Desktop\RSIT.exe
C:\Program Files\trend micro\PC Popular.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid=80546&lng=cs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~1\SITERA~1\SiteRank.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~1\APPGRA~1\APPGRA~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: (no name) - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~1\REBATE~1\RebateI.dll
O2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [V0260Cfg.exe] V0260Cfg.exe /d:4
O4 - HKLM\..\Run: [SiteRanker] "C:\Program Files\SiteRanker\SiteRankTray.exe"
O4 - HKLM\..\Run: [PCPowerSpeed] "C:\Program Files\PCPowerSpeed\PCPowerTray.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\PC Popular\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~1\REBATE~1\RebateI.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 9081 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2021764775-3943338914-829116189-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2021764775-3943338914-829116189-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default

prefs.js - "browser.startup.homepage" - "http://www.centrum.cz/"
prefs.js - "extensions.enabledItems" - "{3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429, {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9, {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03, {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05, {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07, {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.2.6&q="

"{3f963a5b-e555-4543-90e2-c3908898db71}"=C:\Program Files\AVG\AVG8\Firefox
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"siteranker@siteranker.com"=C:\Program Files\SiteRanker\firefox\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Program Files\Mozilla Firefox\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeploytk.dll
nppdf32.dll
npwachk.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\extensions\
AppGraffiti@AppGraffiti.com
inboxcomtoolbar@inbox.com
{20a82645-c095-46ed-80e3-08825760534b}
{800b5000-a755-47e1-992b-48a1c1357f07}
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
icqplugin-16.xml
icqplugin-17.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.gif
icqplugin.src
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
C:\PROGRA~1\SITERA~1\SiteRank.dll [2011-07-13 351448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-11 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
AppGraffiti - C:\PROGRA~1\APPGRA~1\APPGRA~1.DLL [2011-07-14 266440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-11-27 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039}]
C:\PROGRA~1\REBATE~1\RebateI.dll [2011-07-14 828408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Inbox Toolbar - C:\PROGRA~1\INBOXT~1\Inbox.dll [2011-07-12 873984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-11-27 2403392]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - &Inbox Toolbar - C:\PROGRA~1\INBOXT~1\Inbox.dll [2011-07-12 873984]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-06-15 4435968]
"Skytel"=C:\Windows\Skytel.exe [2007-06-15 1822720]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2011-03-22 74752]
"UpdatePPShortCut"=C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [2008-02-21 222504]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-07-09 2048352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]
"V0260Cfg.exe"=V0260Cfg.exe /d:4 []
"SiteRanker"=C:\Program Files\SiteRanker\SiteRankTray.exe [2011-07-13 319488]
"PCPowerSpeed"=C:\Program Files\PCPowerSpeed\PCPowerTray.exe [2011-07-11 377984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2007-11-27 171448]
"Creative WebCam Tray"=C:\Program Files\Creative\Shared Files\CamTray.exe [2005-10-27 299008]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"Google Update"=C:\Users\PC Popular\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-05 133104]
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe [2011-01-05 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"VIDC.I420"=msh263.drv
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-28 23:40:34 ----D---- C:\Program Files\trend micro
2011-07-28 23:40:30 ----D---- C:\rsit
2011-07-21 19:38:04 ----D---- C:\Program Files\AppGraffiti
2011-07-21 19:38:00 ----D---- C:\Users\PC Popular\AppData\Roaming\PCPowerSpeed
2011-07-21 19:37:59 ----D---- C:\ProgramData\PCPowerSpeed
2011-07-21 19:37:57 ----D---- C:\Program Files\PCPowerSpeed
2011-07-21 19:37:51 ----D---- C:\Program Files\SiteRanker
2011-07-21 19:37:41 ----D---- C:\Program Files\RebateInformer
2011-07-21 19:37:41 ----D---- C:\Program Files\Inbox.com
2011-07-21 19:34:16 ----D---- C:\Program Files\Inbox Toolbar
2011-07-13 07:13:57 ----A---- C:\Windows\system32\win32k.sys
2011-07-13 07:13:23 ----A---- C:\Windows\system32\kernel32.dll
2011-07-13 07:13:05 ----A---- C:\Windows\system32\winsrv.dll
2011-07-13 07:13:05 ----A---- C:\Windows\system32\csrsrv.dll
2011-07-08 15:07:13 ----D---- C:\covers
2011-06-29 07:21:33 ----A---- C:\Windows\system32\schannel.dll

======List of files/folders modified in the last 1 month======

2011-07-28 23:40:50 ----D---- C:\Windows\Prefetch
2011-07-28 23:40:40 ----D---- C:\Windows\Temp
2011-07-28 23:40:34 ----RD---- C:\Program Files
2011-07-28 23:21:05 ----SHD---- C:\System Volume Information
2011-07-28 23:17:33 ----D---- C:\Windows\system32\drivers\Avg
2011-07-28 23:15:22 ----D---- C:\Users\PC Popular\AppData\Roaming\ICQ
2011-07-24 21:54:36 ----D---- C:\Users\PC Popular\AppData\Roaming\Skype
2011-07-24 21:52:44 ----D---- C:\ProgramData\Easybits GO
2011-07-24 16:02:13 ----D---- C:\Users\PC Popular\AppData\Roaming\go
2011-07-24 08:33:26 ----D---- C:\hudba
2011-07-22 16:57:19 ----D---- C:\Users\PC Popular\AppData\Roaming\OpenOffice.org2
2011-07-21 19:37:59 ----HD---- C:\ProgramData
2011-07-20 09:13:14 ----D---- C:\Windows\system32\Tasks
2011-07-13 16:24:13 ----D---- C:\Windows\winsxs
2011-07-13 16:14:00 ----D---- C:\Windows\system32\catroot
2011-07-13 16:13:58 ----D---- C:\Windows\system32\catroot2
2011-07-13 16:10:11 ----D---- C:\Windows
2011-07-13 16:10:06 ----D---- C:\Windows\System32
2011-07-13 16:10:02 ----D---- C:\Windows\inf
2011-07-13 14:21:08 ----A---- C:\Windows\system32\mrt.exe
2011-07-08 13:41:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-01 12:50:51 ----HD---- C:\$AVG8.VAULT$
2011-06-30 06:55:14 ----RSD---- C:\Windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AvgRkx86;avgrkx86.sys; C:\Windows\System32\Drivers\avgrkx86.sys [2009-04-30 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-07-31 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-07-31 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-04-30 108552]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2007-06-15 228224]
R3 HECI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2007-03-13 44672]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-06-15 1769952]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-07-10 11008040]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-03-13 47360]
R3 V0260VID;Live! Cam Vista IM; C:\Windows\system32\DRIVERS\V0260Vid.sys [2006-11-04 178913]
S1 HWiNFO32;HWiNFO32 Kernel Driver; \??\E:\HWiNFO32\HWiNFO32.SYS []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-31 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-31 297752]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ezGOSvc;Easybits GO Services for Windows; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 129640]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-08-14 809296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-21 654848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-27 138168]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

Dobrý večer

,

Stáhněte MBAM a vložte sem jeho log podle návodu zde, při výběru skenu zvolte Úplný sken.

Zatím nic nemažte, MBAM může mít falešné detekce!

dobry den, tady to je

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 7315

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

29.7.2011 17:38:30
mbam-log-2011-07-29 (17-38-03).txt

Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 302327
Uplynulý čas: 1 hodin, 30 minut, 12 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 5
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\program files\icqtoolbar\toolbaru.dll (Trojan.BHO) -> No action taken.

Vše co MBAM našel nechte smazat.

Stáhněte OTL.

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
*crack* /s
*keygen* /s
CREATERESTOREPOINT

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

OTL logfile created on: 29.7.2011 19:42:07 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\PC Popular\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1013,09 Mb Total Physical Memory | 194,60 Mb Available Physical Memory | 19,21% Memory free
2,24 Gb Paging File | 1,28 Gb Available in Paging File | 57,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 40,04 Gb Free Space | 26,86% Space Free | Partition Type: NTFS

Computer Name: PCPOPULAR-PC | User Name: PC Popular | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.07.29 19:39:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\PC Popular\Desktop\OTL.exe
PRC - [2011.07.13 23:53:20 | 000,319,488 | ---- | M] (Crawler, LLC) -- C:\Program Files\SiteRanker\SiteRankTray.exe
PRC - [2011.03.22 20:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2011.01.05 10:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ7.2\ICQ.exe
PRC - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.07.09 08:07:57 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009.07.31 11:35:08 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009.07.31 11:35:08 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009.07.31 11:35:04 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009.07.31 11:35:02 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009.07.31 11:34:58 | 000,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2009.07.31 11:34:50 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.09.16 13:16:08 | 001,833,296 | ---- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008.08.14 14:39:56 | 000,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.11.27 11:04:16 | 000,171,448 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
PRC - [2007.06.15 06:02:55 | 004,435,968 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2005.10.27 12:00:22 | 000,299,008 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CamTray.exe

========== Modules (SafeList) ==========

MOD - [2011.07.29 19:39:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\PC Popular\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011.05.29 13:57:31 | 000,073,600 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ezGOSvc.dll -- (ezGOSvc)
SRV - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.07.31 11:35:02 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009.07.31 11:34:50 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008.09.21 19:19:28 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.08.14 14:39:56 | 000,809,296 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010.07.10 06:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.31 11:35:08 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009.07.31 11:35:08 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009.04.30 08:15:39 | 000,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2009.04.30 08:15:34 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2007.06.15 06:07:39 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007.03.13 14:05:30 | 000,044,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2006.11.04 00:45:48 | 000,178,913 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\V0260Vid.sys -- (V0260VID)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/def ... earch.html
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid=80546&lng=cs
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://www.centrum.cz/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... r=1.2.6&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\PC Popular\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\PC Popular\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009.12.22 10:24:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\siteranker@siteranker.com: C:\Program Files\SiteRanker\firefox\ [2011.07.21 19:37:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.01 15:56:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.19 19:45:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009.04.26 14:01:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{ED76C299-85BC-4891-9237-74A140C28832}: C:\Program Files\RebateInformer\Firefox\ [2011.07.21 19:38:24 | 000,000,000 | ---D | M]

[2008.07.28 20:18:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Extensions
[2011.07.21 19:38:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\extensions
[2010.06.10 10:02:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.01 20:12:27 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.06.17 13:50:05 | 000,000,000 | ---D | M] (Seznam liĹˇtiÄŤka) -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2011.07.21 19:38:05 | 000,000,000 | ---D | M] (AppGraffiti) -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\extensions\AppGraffiti@AppGraffiti.com
[2011.07.21 19:34:20 | 000,000,000 | ---D | M] ("Inbox Toolbar") -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\extensions\inboxcomtoolbar@inbox.com
[2011.07.12 11:46:48 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-1.xml
[2009.11.10 08:58:27 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-10.xml
[2010.03.21 16:27:06 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-11.xml
[2010.04.08 13:01:26 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-12.xml
[2010.06.09 14:37:45 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-13.xml
[2010.11.04 12:05:39 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-14.xml
[2011.01.04 19:56:49 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-15.xml
[2011.04.01 15:58:33 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-16.xml
[2011.05.12 12:19:09 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-17.xml
[2009.02.04 18:41:31 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-2.xml
[2009.03.05 15:05:53 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-3.xml
[2009.03.29 08:31:04 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-4.xml
[2009.04.23 15:13:06 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-5.xml
[2009.06.12 11:46:05 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-6.xml
[2009.07.25 16:43:52 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-7.xml
[2009.08.15 09:57:55 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-8.xml
[2009.09.24 19:56:42 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-9.xml
[2011.06.20 10:45:18 | 000,000,168 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin.gif
[2011.06.20 10:45:18 | 000,000,618 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin.src
[2010.06.21 17:35:24 | 000,001,042 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin.xml
[2011.04.01 15:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.16 10:29:21 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.04.01 15:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011.04.01 15:56:55 | 000,000,000 | ---D | M] (Seznam liĹˇtiÄŤka) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
File not found (No name found) --
[2011.03.18 19:55:52 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2010.01.01 10:00:00 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2010.01.01 10:00:00 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2010.01.01 10:00:00 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2010.01.01 10:00:00 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2009.01.15 12:19:44 | 000,292,125 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10057 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files\SiteRanker\SiteRank.dll (Crawler, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: () - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\Program Files\RebateInformer\RebateI.dll (Inbox.com, Inc.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SiteRanker] C:\Program Files\SiteRanker\SiteRankTray.exe (Crawler, LLC)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [V0260Cfg.exe] C:\Windows\V0260Cfg.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-2021764775-3943338914-829116189-1000..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-2021764775-3943338914-829116189-1000..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-2021764775-3943338914-829116189-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-2021764775-3943338914-829116189-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 93.99.200.155 77.48.31.69
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\rebinfo {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\Program Files\RebateInformer\RebateI.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (avgrsstx.dllystem32\wuwe) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img21.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img21.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: ezGOSvc - C:\Windows\System32\ezGOSvc.dll ()
NetSvcs: {lang}\"},\"email\":{\"compose\":\"http://email.seznam.cz/gate?pageId=comp ... seznam.cz/ - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - msh263.drv File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.07.29 19:39:16 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\PC Popular\Desktop\OTL.exe
[2011.07.29 11:04:48 | 000,000,000 | ---D | C] -- C:\Users\PC Popular\AppData\Roaming\Malwarebytes
[2011.07.29 11:04:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.07.29 11:04:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.07.29 11:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.07.29 11:04:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.07.29 11:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.07.28 23:40:34 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.07.28 23:40:30 | 000,000,000 | ---D | C] -- C:\rsit
[2011.07.21 19:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti
[2011.07.21 19:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\AppGraffiti
[2011.07.21 19:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiteRanker
[2011.07.21 19:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\SiteRanker
[2011.07.21 19:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RebateInformer
[2011.07.21 19:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\RebateInformer
[2011.07.21 19:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\Inbox.com
[2011.07.21 19:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
[2011.07.21 19:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Inbox Toolbar
[2011.07.13 07:13:57 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.07.13 07:13:05 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.07.13 07:13:05 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.07.08 15:07:13 | 000,000,000 | ---D | C] -- C:\covers
[2010.03.13 16:39:48 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\PC Popular\AppData\Roaming\pcouffin.sys
[2 C:\Users\PC Popular\*.tmp files -> C:\Users\PC Popular\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.07.29 19:39:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\PC Popular\Desktop\OTL.exe
[2011.07.29 19:36:03 | 000,000,982 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2021764775-3943338914-829116189-1000UA.job
[2011.07.29 19:34:45 | 000,094,709 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.07.29 19:34:44 | 000,094,709 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.07.29 19:34:09 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.29 19:34:09 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.29 19:33:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.29 19:33:55 | 1063,063,552 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.29 11:04:43 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.29 11:00:49 | 080,251,592 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011.07.28 23:39:45 | 000,781,383 | ---- | M] () -- C:\Users\PC Popular\Desktop\RSIT.exe
[2011.07.24 08:36:02 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2021764775-3943338914-829116189-1000Core.job
[2011.07.17 17:39:27 | 004,776,436 | ---- | M] () -- C:\Users\PC Popular\Dobrý sen 11.mp3
[2011.07.17 17:38:57 | 004,358,895 | ---- | M] () -- C:\Users\PC Popular\Stopy 08.mp3
[2011.07.15 07:37:54 | 000,002,067 | ---- | M] () -- C:\Users\PC Popular\Desktop\Google Chrome.lnk
[2011.07.13 16:13:15 | 001,591,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.07.08 13:41:59 | 000,607,232 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2011.07.08 13:41:59 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.08 13:41:59 | 000,117,912 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2011.07.08 13:41:59 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2 C:\Users\PC Popular\*.tmp files -> C:\Users\PC Popular\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.07.29 11:04:43 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.28 23:39:44 | 000,781,383 | ---- | C] () -- C:\Users\PC Popular\Desktop\RSIT.exe
[2011.07.17 17:29:01 | 004,776,436 | ---- | C] () -- C:\Users\PC Popular\Dobrý sen 11.mp3
[2011.07.17 17:29:01 | 004,358,895 | ---- | C] () -- C:\Users\PC Popular\Stopy 08.mp3
[2011.05.30 07:56:45 | 000,073,600 | ---- | C] () -- C:\Windows\System32\ezGOSvc.dll
[2010.11.22 15:18:49 | 000,094,709 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.11.22 15:04:47 | 000,094,709 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.03.13 16:39:48 | 000,087,608 | ---- | C] () -- C:\Users\PC Popular\AppData\Roaming\inst.exe
[2010.03.13 16:39:48 | 000,007,887 | ---- | C] () -- C:\Users\PC Popular\AppData\Roaming\pcouffin.cat
[2010.03.13 16:39:48 | 000,001,144 | ---- | C] () -- C:\Users\PC Popular\AppData\Roaming\pcouffin.inf
[2010.03.13 16:08:09 | 000,000,233 | ---- | C] () -- C:\Users\PC Popular\AppData\Roaming\default.rss
[2009.09.24 08:46:10 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.24 08:46:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.04.26 14:01:16 | 000,000,680 | ---- | C] () -- C:\Users\PC Popular\AppData\Local\d3d9caps.dat
[2009.01.15 14:54:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009.01.15 14:54:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009.01.15 14:54:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009.01.15 14:54:38 | 000,049,152 | ---- | C] () -- C:\Windows\VFIND.exe
[2008.11.20 09:48:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.09.21 19:30:14 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008.05.17 22:33:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2007.12.26 17:16:52 | 000,000,014 | ---- | C] () -- C:\Windows\System32\SystemInfo32.sys
[2007.12.10 21:58:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007.12.08 20:13:46 | 000,052,736 | ---- | C] () -- C:\Users\PC Popular\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.11.22 18:24:55 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007.01.08 23:10:33 | 000,607,232 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2007.01.08 23:10:33 | 000,286,912 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2007.01.08 23:10:33 | 000,117,912 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2007.01.08 23:10:33 | 000,034,724 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:44:53 | 001,591,776 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.08.03 00:03:51 | 000,224,768 | ---- | C] () -- C:\Windows\System32\b4fm.dll

========== LOP Check ==========

[2010.11.14 15:19:12 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\GHISLER
[2011.07.24 16:02:13 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\go
[2011.07.29 19:36:13 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\ICQ
[2008.01.13 19:56:45 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\ICQ Toolbar
[2010.03.06 15:34:06 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\InfraRecorder
[2011.05.19 19:44:46 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\OpenCandy
[2009.01.21 23:55:04 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Thunderbird
[2010.08.16 10:30:10 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Vso
[2010.06.23 19:33:00 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Zoner
[2011.07.29 19:32:43 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"swg" = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -- [2007.11.27 11:04:16 | 000,171,448 | ---- | M] (Google Inc.)
"Creative WebCam Tray" = "C:\Program Files\Creative\Shared Files\CamTray.exe" -- [2005.10.27 12:00:22 | 000,299,008 | ---- | M] (Creative Technology Ltd)
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -- [2008.09.16 13:16:08 | 001,833,296 | ---- | M] (Safer Networking Limited)
"Google Update" = "C:\Users\PC Popular\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2009.03.05 15:06:20 | 000,133,104 | ---- | M] (Google Inc.)
"ICQ" = "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4 -- [2011.01.05 10:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009.03.07 11:03:55 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Adobe
[2010.03.06 16:22:52 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\AVS4YOU
[2007.12.26 16:56:57 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Creative
[2008.07.14 22:49:41 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\CyberLink
[2011.06.22 15:48:38 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\dvdcss
[2010.11.14 15:19:12 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\GHISLER
[2011.07.24 16:02:13 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\go
[2008.08.25 19:38:10 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Google
[2011.07.29 19:36:13 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\ICQ
[2008.01.13 19:56:45 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\ICQ Toolbar
[2007.11.08 17:12:47 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Identities
[2010.03.06 15:34:06 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\InfraRecorder
[2007.11.22 17:09:39 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Macromedia
[2011.07.29 11:04:48 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Malwarebytes
[2011.01.31 19:15:59 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Media Player Classic
[2010.11.11 14:00:44 | 000,000,000 | --SD | M] -- C:\Users\PC Popular\AppData\Roaming\Microsoft
[2009.01.21 23:55:05 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Mozilla
[2010.03.23 18:26:20 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Nero
[2011.05.19 19:44:46 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\OpenCandy
[2011.07.22 16:57:19 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\OpenOffice.org2
[2011.07.24 21:54:36 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Skype
[2011.05.29 13:38:11 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\skypePM
[2007.12.10 21:58:28 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Talkback
[2009.01.21 23:55:04 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Thunderbird
[2011.06.22 15:39:19 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\vlc
[2010.08.16 10:30:10 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Vso
[2011.06.13 09:03:08 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Winamp
[2009.03.22 21:21:11 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\WinRAR
[2008.02.25 17:47:58 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Yahoo!
[2010.06.23 19:33:00 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Zoner

< %APPDATA%\*.exe /s >
[2010.03.13 16:39:48 | 000,087,608 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\inst.exe
[2008.12.16 23:26:51 | 001,850,800 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\PC Popular\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_06FC51BA7D11E341665404.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_092FACECCDBA9FDCA53734.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_1E9A97B835DD8F6ABBAAE8.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_2844EEFA074253913346FD.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_2E7BEF5AB9AB3749507AA0.exe
[2009.01.15 13:02:21 | 000,017,542 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_3961DA64A8AE4B8B93244B.exe
[2009.01.15 13:02:21 | 000,013,262 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_3CED451BC56276B2681B49.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_47233D72327EDA91466B5D.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_481C0BBA507B7F3096F01C.exe
[2009.01.15 13:02:21 | 000,005,430 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_486299C0DDDE2367035252.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_49D7F58BC16DD145B18BB8.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_56F19459493C85A6F79A36.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_5C2EBB28A914CE72DF8485.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_667922C01AF0A65C0B6260.exe
[2009.01.15 13:02:20 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_6FEFF9B68218417F98F549.exe
[2009.01.15 13:02:21 | 000,017,542 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_703DBBDB98256C212C4CE0.exe
[2009.01.15 13:02:21 | 000,017,542 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_861E3A794E5EACCD15513C.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_866C8945003DD5BD659054.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_87503577C2BB078B973E27.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_8EB2BD0231E8C77B718D15.exe
[2009.01.15 13:02:21 | 000,013,262 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_9508CB83619B2E55A29D78.exe
[2009.01.15 13:02:21 | 000,007,886 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_9AB5D41CE41E82F0880FD4.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_9B945C1B6EE2A1ADE69E60.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_C5AE88827B14EF85A0EFD6.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_C7BB9F340B75D30A93AE21.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_D3B2B7D74569DB60E01A35.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_D4558C34712611A6BC922F.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_D6D774AF431FABA032F095.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_E89C2D99675BBA51B4EBAF.exe
[2011.05.19 19:44:46 | 000,416,160 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\OpenCandy\OpenCandy_F7632426D7E74D288379E2E4F0A5DAD1\LatestDLMgr.exe
[2010.12.18 00:07:06 | 000,043,440 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\OpenCandy\OpenCandy_F7632426D7E74D288379E2E4F0A5DAD1\SpeedstarterCZ.exe
[2010.12.17 19:48:22 | 001,720,472 | ---- | M] (Speedchecker Limited ) -- C:\Users\PC Popular\AppData\Roaming\OpenCandy\OpenCandy_F7632426D7E74D288379E2E4F0A5DAD1\ZrychleniPocitace.exe
[2011.05.19 19:44:54 | 001,842,096 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\OpenCandy\OpenCandy_F7632426D7E74D288379E2E4F0A5DAD1\ZrychleniPocitace_p2v1.exe

< MD5 for: AGP440.SYS >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.14 09:56:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.14 09:56:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.14 09:56:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.04.11 08:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\System32\autochk.exe
[2009.04.11 08:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008.01.19 09:33:01 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2006.11.02 11:44:50 | 000,640,000 | ---- | M] (Microsoft Corporation) MD5=C08D1FE284C3330934E45D6E5F5B768B -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6000.16386_none_dfbd2b4dc4d6121b\autochk.exe

< MD5 for: CDROM.SYS >
[2008.01.19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008.01.19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009.04.11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2009.04.11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009.04.11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006.11.02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2006.11.02 11:46:03 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=1C26FB097170A2A91066D1E3A24366E3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6000.16386_none_73c8d7689de43d15\cryptsvc.dll
[2008.01.19 09:34:00 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll
[2009.04.11 08:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\System32\cryptsvc.dll
[2009.04.11 08:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_77eb127097f11935\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.11.23 13:25:06 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.11.23 13:25:05 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: HAL.DLL >
[2009.04.11 08:32:46 | 000,177,128 | ---- | M] (Microsoft Corporation) MD5=B8D52005181A15D7D1470CBF2AF214DD -- C:\Windows\System32\hal.dll

< MD5 for: IASTORV.SYS >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2006.11.02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- C:\Windows\System32\drivers\isapnp.sys
[2006.11.02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\isapnp.sys
[2008.01.19 09:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\isapnp.sys
[2008.01.19 09:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\isapnp.sys
[2008.01.19 09:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\isapnp.sys
[2008.01.19 09:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.06.15 14:51:56 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=203D86EBD6D8E4C8501B222421E81506 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[2009.09.10 16:44:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=2D3AC5E7AC01E905F3ABD2D745FE3A9B -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[2009.06.15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\System32\lsass.exe
[2009.06.15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[2009.02.13 09:26:04 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=59DE082968FDD257FFF0D209B9A5B460 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[2006.11.02 11:45:21 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=6A0E382E74280E4CC0DF17FE2661D003 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\lsass.exe
[2009.06.15 15:03:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=6F1F23D3599EAE17734451936B7F17C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[2009.06.15 14:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[2009.02.13 06:58:37 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=AFF8A58280863629CA4FFA9E0B259F1E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[2009.06.15 14:59:08 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=BA9A67672E025078C77967731BCFC560 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[2009.06.15 15:10:12 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[2009.09.09 13:09:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=CB7E838C140B4087B2DA323F2D4523C5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[2009.09.10 16:47:51 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D09A5DA84B7C9CA9B02EBCD7FAE41C8D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[2008.01.19 09:33:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[2008.01.19 09:33:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[2008.01.19 09:33:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\lsass.exe
[2009.02.13 10:20:29 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=F4C62B07E5BF96F1FDCA9DB393ECED22 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe

< MD5 for: NDIS.SYS >
[2009.04.11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009.04.11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2006.11.02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008.01.19 09:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

< MD5 for: NETLOGON.DLL >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008.01.19 09:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008.01.19 09:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\drivers\nvraid.sys
[2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: SMSS.EXE >
[2008.01.19 09:33:31 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\smss.exe
[2009.04.11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\System32\smss.exe
[2009.04.11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.18005_none_ae26210916536b06\smss.exe
[2006.11.02 11:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=CAA75757BB3695478C23CB0624342A61 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6000.16386_none_aa03e6011c468ee6\smss.exe

< MD5 for: SVCHOST.EXE >
[2006.11.02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008.01.19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008.01.19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.26 10:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2008.01.09 21:25:12 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=028061C7F6D2D03068C72E2A27E4228A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577ce925d75a7\tcpip.sys
[2009.04.11 08:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2009.12.08 22:52:30 | 000,897,624 | ---- | M] (Microsoft Corporation) MD5=1ACBB7A47E78F4CC82D2EFFB72901528 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
[2009.08.15 23:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009.08.14 19:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2010.02.18 13:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010.02.18 16:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2009.08.14 16:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2008.01.09 21:25:12 | 000,804,352 | ---- | M] (Microsoft Corporation) MD5=43EAE40B50FE3E60D194DD9C97EBB1FD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb7555ab898001\tcpip.sys
[2009.12.08 22:15:00 | 000,907,832 | ---- | M] (Microsoft Corporation) MD5=46E6685F3E92AEC743773ADD4CD54F57 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
[2010.02.18 16:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010.02.18 14:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2008.02.14 09:56:26 | 000,806,400 | ---- | M] (Microsoft Corporation) MD5=52A8BD6294F7D1443C6184C67AE13AF4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys
[2009.12.08 22:37:09 | 000,900,696 | ---- | M] (Microsoft Corporation) MD5=5653230D480A9C54D169E1B080B72CF5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
[2008.02.14 09:56:26 | 000,803,328 | ---- | M] (Microsoft Corporation) MD5=5DF77458AA92FDB36FCE79C60F74AB5D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
[2010.06.16 17:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2009.08.14 18:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2010.06.16 18:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2010.06.16 17:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2008.04.26 10:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009.12.08 19:58:13 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=8734BD051FFDCBF8425CF222141C3741 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
[2009.08.14 19:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010.02.18 19:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010.06.16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\System32\drivers\tcpip.sys
[2010.06.16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2009.12.08 19:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=CA3A5756672013A66BB9D547A5A62DCA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
[2006.11.02 10:58:38 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=D944522B048A5FEB7700B5170D3D9423 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
[2010.02.18 16:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2009.12.08 22:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=DA467E7619AE5F4588E6262C13C8940A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
[2008.01.19 09:43:39 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009.08.14 18:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\System32\ws2_32.dll
[2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
[2006.11.02 11:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=D99A071C1018BB3D4ABAAD4B62048AC2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2011.07.29 19:34:09 | 000,004,048 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.29 19:34:09 | 000,004,048 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< *crack* /s >

< *keygen* /s >

< End of report >

OTL Extras logfile created on: 29.7.2011 19:42:07 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\PC Popular\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1013,09 Mb Total Physical Memory | 194,60 Mb Available Physical Memory | 19,21% Memory free
2,24 Gb Paging File | 1,28 Gb Available in Paging File | 57,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 40,04 Gb Free Space | 26,86% Space Free | Partition Type: NTFS

Computer Name: PCPOPULAR-PC | User Name: PC Popular | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2021764775-3943338914-829116189-1000]
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A9635A-1E30-4B01-96E1-D2581A9D5B23}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{04C82B2E-921E-4B60-ACE6-7B77267417AB}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{1CDDD860-D214-4DDA-B339-DAB19373B21B}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{1FB7DB06-E78B-4C73-A3E4-318255EC64C6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{45593FFE-C9DC-4686-9025-2BA90D1C29ED}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{4E4F9927-DD39-4677-BCCB-417FB098D83F}" = dir=in | app=c:\program files\avg\avg8\avgam.exe |
"{6F44F17A-F46B-4751-BBD0-96020B58E828}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{901C469C-3725-4DEF-B2D6-71ACA8999DE0}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{99F34C67-08C9-40DF-B365-33550BD1D006}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{9C6519A7-97F7-4E2A-BC0A-9A8D5E681DE0}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{A87E0F8E-59A5-483C-9AD6-BF0999AAE74A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA7916FD-2061-4B6E-AD2D-449473FB7CE6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{C0399FD0-84E7-4BBA-A2DF-3B09AEB74AB2}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{C49950EF-8242-43F1-AF55-5358289FECD6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{C8F65530-B4C1-4A64-A31F-4AF9E40E5E2A}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{D9C1644B-7817-4534-A7D8-3A5578796519}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E73C9367-4529-4AD7-A20B-CD725C941F85}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{EDC8A422-050F-413A-8973-9F1087355D13}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{F42107D9-BE93-4878-9046-CAB6849AC4DB}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{F5D59112-6CE9-4C07-A193-63D4589DA63F}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{FF46B4A2-87E7-4DB1-96F8-3A725248AAD6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{126FA149-B80D-4B51-AEC7-DCEEFC890FBA}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{12ABE697-C20B-437A-A6EC-376F21E0825B}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{2B5E9E76-9E56-4F0E-BA35-68675B711A5E}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{2F636F98-4898-43D8-88F0-688D51E7607A}C:\users\pc popular\appdata\local\temp\onlineupdate8\setupxu.exe" = protocol=6 | dir=in | app=c:\users\pc popular\appdata\local\temp\onlineupdate8\setupxu.exe |
"TCP Query User{378EAA22-D7CE-49D0-A836-03D558EB73B6}C:\users\pc popular\appdata\local\temp\onlineupdate8\setupxu.exe" = protocol=6 | dir=in | app=c:\users\pc popular\appdata\local\temp\onlineupdate8\setupxu.exe |
"TCP Query User{4A19FAE3-995A-4A46-9422-C763AB88DF44}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{5F6E1A02-EDC5-43E8-8F21-CA6A5393E544}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{811A351C-9074-4E4C-A259-1FB2902F232A}C:\program files\common files\nero\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe |
"TCP Query User{A5A523E6-F0B3-4A05-B811-4734002BD40C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{DE397DA5-2F49-4BA3-B25C-A28552ED37E6}C:\program files\common files\nero\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe |
"TCP Query User{F57A9171-F32F-4C15-A72F-F8E673635514}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{FBE86FD0-889D-4019-B480-45254FEFFFFB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{FBFF6717-2E7D-41B5-BB5C-1F00521386D2}C:\users\pc popular\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\pc popular\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{02928DC8-7295-4240-9B7A-23FC8C196102}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{070414BD-A3FD-485C-A9CF-8E01278F1422}C:\users\pc popular\appdata\local\temp\onlineupdate8\setupxu.exe" = protocol=17 | dir=in | app=c:\users\pc popular\appdata\local\temp\onlineupdate8\setupxu.exe |
"UDP Query User{153F21FF-FA5D-4820-BDDE-9F0C74ABAAD2}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{1890109D-5646-4F15-B25B-6DCE90AC600B}C:\program files\common files\nero\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe |
"UDP Query User{3EC8DDC3-7C51-4786-9B01-85626754667D}C:\program files\common files\nero\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe |
"UDP Query User{4B3A262F-DFC4-4342-BAEB-8047D85DF53F}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{707C77A2-EB21-4394-A983-16AC4D8C184F}C:\users\pc popular\appdata\local\temp\onlineupdate8\setupxu.exe" = protocol=17 | dir=in | app=c:\users\pc popular\appdata\local\temp\onlineupdate8\setupxu.exe |
"UDP Query User{8451F8D3-66EF-48D1-B132-3279F4E0FFBD}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{90657417-EBEB-41E0-8723-40C581714FE1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{9D31737D-BECD-4EF8-B9CE-D94D3CFDFA65}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{A6EF61E7-0FD6-423E-A313-425013E32013}C:\users\pc popular\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\pc popular\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{CB288F9F-9382-40F5-B1D6-69982EE2896C}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{E55367B0-A42A-4FD9-83C9-3CBC2F6E6803}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{107254A0-0ADF-11D4-9397-00D0B7020B38}" =
"{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1" = SiteRanker
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4E79AC14-1F0A-4044-B069-126EDCD2308F}" = Vista Manager
"{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1" = RebateInformer
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1" = AppGraffiti
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C03FBE-4492-4133-BBAB-421CD88ADA32}" = OpenOffice.org 2.3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1029-7B44-A81200000003}" = Adobe Reader 8 - Czech
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6D5CB84-0E6E-4E69-B300-C690B6911033}" = Nero 8
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"AVG8Uninstall" = AVG 8.5
"AVS DVD Copy_is1" = AVS DVD Copy version 4.1.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Burn4Free" = Burn4Free CD and DVD
"CCleaner" = CCleaner
"Creative Live! Cam Vista IM User's Guide English" = Creative Live! Cam Vista IM User's Guide (English)
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0260" = Creative Live! Cam Vista IM Driver (1.01.03.1104)
"Creative WebCam Center" = Creative WebCam Center
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"DVDFab 7_is1" = DVDFab 7.0.9.3 (08/08/2010)
"HECI" = Intel(R) Management Engine Interface
"ICQToolbar" = ICQ Toolbar
"InfraRecorder" = InfraRecorder
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"iTV - televizní program_is1" = iTV 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Mozilla Firefox 4.0 (x86 cs)" = Mozilla Firefox 4.0 (x86 cs)
"Mozilla Thunderbird (2.0.0.21)" = Mozilla Thunderbird (2.0.0.21)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"PK-PCSU_is1" = Zrychleni Pocitace
"PROSetDX" = Intel(R) PRO Network Connections 12.1.12.0
"RalliSport Challenge 1.0" = Microsoft RalliSport Challenge
"SysInfo" = Creative System Information
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 1.1.10
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2021764775-3943338914-829116189-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28.6.2011 7:10:40 | Computer Name = PCPopular-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 28.6.2011 7:10:41 | Computer Name = PCPopular-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 28.6.2011 13:11:38 | Computer Name = PCPopular-PC | Source = Application Hang | ID = 1002
Description = Program soffice.BIN verze 2.3.9215.500 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení problémů.
ID
procesu: 105c Čas zahájení: 01cc35b60d04308f Čas ukončení: 7

Error - 28.6.2011 13:14:02 | Computer Name = PCPopular-PC | Source = Application Hang | ID = 1002
Description = Program winamp.exe verze 5.6.1.3133 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení problémů.
ID
procesu: bcc Čas zahájení: 01cc35b5f70d536f Čas ukončení: 43

Error - 28.6.2011 13:24:14 | Computer Name = PCPopular-PC | Source = Application Hang | ID = 1002
Description = Program Explorer.EXE verze 6.0.6002.18005 přestal spolupracovat se
systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací
o tomto problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení
problémů. ID procesu: 744 Čas zahájení: 01cc35b7bff2dfb4 Čas ukončení: 127

Error - 29.6.2011 4:54:32 | Computer Name = PCPopular-PC | Source = Application Hang | ID = 1002
Description = Program winamp.exe verze 5.6.1.3133 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení problémů.
ID
procesu: 3d4 Čas zahájení: 01cc363a100c4473 Čas ukončení: 39

Error - 7.7.2011 14:09:40 | Computer Name = PCPopular-PC | Source = EventSystem | ID = 4609
Description =

Error - 12.7.2011 8:57:48 | Computer Name = PCPopular-PC | Source = Application Hang | ID = 1002
Description = Program winamp.exe verze 5.6.1.3133 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení problémů.
ID
procesu: f34 Čas zahájení: 01cc409317b72330 Čas ukončení: 59

Error - 17.7.2011 10:34:14 | Computer Name = PCPopular-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace Skype.exe, verze 5.0.0.156, časové razítko 0x4cf901f4,
chybující modul RPCRT4.dll, verze 6.0.6002.18024, časové razítko 0x49f05bcc, kód
výjimky 0xc0000005, posun chyby 0x00040d14, ID procesu 0xd50, čas spuštění aplikace
0x01cc4450e3e5a5ea.

Error - 18.7.2011 13:36:39 | Computer Name = PCPopular-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace explorer.exe, verze 6.0.6002.18005, časové razítko
0x49e01da5, chybující modul SDHelper.dll, verze 1.6.2.14, časové razítko 0x2a425e19,
kód výjimky 0xc0000005, posun chyby 0x00001c59, ID procesu 0x794, čas spuštění aplikace
0x01cc4570ed7be0f3.

[ System Events ]
Error - 19.7.2011 1:39:20 | Computer Name = PCPopular-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 20.7.2011 4:48:35 | Computer Name = PCPopular-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (10:47:03, 20.7.2011) bylo neočekávané.

Error - 20.7.2011 4:49:21 | Computer Name = PCPopular-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 21.7.2011 1:43:43 | Computer Name = PCPopular-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 22.7.2011 1:40:47 | Computer Name = PCPopular-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 23.7.2011 1:15:33 | Computer Name = PCPopular-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 24.7.2011 2:11:50 | Computer Name = PCPopular-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 28.7.2011 17:13:55 | Computer Name = PCPopular-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 29.7.2011 4:57:11 | Computer Name = PCPopular-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 29.7.2011 13:34:19 | Computer Name = PCPopular-PC | Source = Service Control Manager | ID = 7026
Description =

< End of report >

Doporučuji odinstalovat AVG a Spybot. Jako náhradu doporučuji jeden z antivirů Avast, Avira nebo MSE, místo Spybota SuperAntiSpyware. Dále odinstalujte nepoužívané toolbary.

Otevřete znovu OTL, do okna dole vložte následující skript a klikněte na tlačítko Opravit. Po provedení a restartu se otevře log, ten sem prosím vložte společně s novým OTL logem podle postupu výše.

Kód: Vybrat vše

:Commands
[EmptyTemp]
[EmptyFlash]
[ResetHosts]

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/def ... earch.html
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
[2011.07.12 11:46:48 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-1.xml
[2009.11.10 08:58:27 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-10.xml
[2010.03.21 16:27:06 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-11.xml
[2010.04.08 13:01:26 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-12.xml
[2010.06.09 14:37:45 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-13.xml
[2010.11.04 12:05:39 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-14.xml
[2011.01.04 19:56:49 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-15.xml
[2011.04.01 15:58:33 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-16.xml
[2011.05.12 12:19:09 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-17.xml
[2009.02.04 18:41:31 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-2.xml
[2009.03.05 15:05:53 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-3.xml
[2009.03.29 08:31:04 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-4.xml
[2009.04.23 15:13:06 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-5.xml
[2009.06.12 11:46:05 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-6.xml
[2009.07.25 16:43:52 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-7.xml
[2009.08.15 09:57:55 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-8.xml
[2009.09.24 19:56:42 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-9.xml
[2011.06.20 10:45:18 | 000,000,168 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin.gif
[2011.06.20 10:45:18 | 000,000,618 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin.src
[2010.06.21 17:35:24 | 000,001,042 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin.xml
[2010.05.16 10:29:21 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O20 - AppInit_DLLs: (avgrsstx.dllystem32\wuwe) - File not found
[2 C:\Users\PC Popular\*.tmp files -> C:\Users\PC Popular\*.tmp -> ]
[2011.07.29 19:36:03 | 000,000,982 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2021764775-3943338914-829116189-1000UA.job
[2011.07.24 08:36:02 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2021764775-3943338914-829116189-1000Core.job
[2011.07.08 13:41:59 | 000,607,232 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2011.07.08 13:41:59 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.08 13:41:59 | 000,117,912 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2011.07.08 13:41:59 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2 C:\Users\PC Popular\*.tmp files -> C:\Users\PC Popular\*.tmp -> ]
[2009.01.15 14:54:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009.01.15 14:54:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009.01.15 14:54:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009.01.15 14:54:38 | 000,049,152 | ---- | C] () -- C:\Windows\VFIND.exe
[2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2007.01.08 23:10:33 | 000,607,232 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2007.01.08 23:10:33 | 000,286,912 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2007.01.08 23:10:33 | 000,117,912 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2007.01.08 23:10:33 | 000,034,724 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2010.03.13 16:39:48 | 000,087,608 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\inst.exe
[2008.12.16 23:26:51 | 001,850,800 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\PC Popular\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_06FC51BA7D11E341665404.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_092FACECCDBA9FDCA53734.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_1E9A97B835DD8F6ABBAAE8.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_2844EEFA074253913346FD.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_2E7BEF5AB9AB3749507AA0.exe
[2009.01.15 13:02:21 | 000,017,542 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_3961DA64A8AE4B8B93244B.exe
[2009.01.15 13:02:21 | 000,013,262 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_3CED451BC56276B2681B49.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_47233D72327EDA91466B5D.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_481C0BBA507B7F3096F01C.exe
[2009.01.15 13:02:21 | 000,005,430 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_486299C0DDDE2367035252.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_49D7F58BC16DD145B18BB8.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_56F19459493C85A6F79A36.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_5C2EBB28A914CE72DF8485.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_667922C01AF0A65C0B6260.exe
[2009.01.15 13:02:20 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_6FEFF9B68218417F98F549.exe
[2009.01.15 13:02:21 | 000,017,542 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_703DBBDB98256C212C4CE0.exe
[2009.01.15 13:02:21 | 000,017,542 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_861E3A794E5EACCD15513C.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_866C8945003DD5BD659054.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_87503577C2BB078B973E27.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_8EB2BD0231E8C77B718D15.exe
[2009.01.15 13:02:21 | 000,013,262 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_9508CB83619B2E55A29D78.exe
[2009.01.15 13:02:21 | 000,007,886 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_9AB5D41CE41E82F0880FD4.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_9B945C1B6EE2A1ADE69E60.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_C5AE88827B14EF85A0EFD6.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_C7BB9F340B75D30A93AE21.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_D3B2B7D74569DB60E01A35.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_D4558C34712611A6BC922F.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_D6D774AF431FABA032F095.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_E89C2D99675BBA51B4EBAF.exe
[2011.05.19 19:44:46 | 000,416,160 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\OpenCandy\OpenCandy_F7632426D7E74D288379E2E4F0A5DAD1\LatestDLMgr.exe
[2010.12.18 00:07:06 | 000,043,440 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\OpenCandy\OpenCandy_F7632426D7E74D288379E2E4F0A5DAD1\SpeedstarterCZ.exe
[2010.12.17 19:48:22 | 001,720,472 | ---- | M] (Speedchecker Limited ) -- C:\Users\PC Popular\AppData\Roaming\OpenCandy\OpenCandy_F7632426D7E74D288379E2E4F0A5DAD1\ZrychleniPocitace.exe
[2011.05.19 19:44:54 | 001,842,096 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\OpenCandy\OpenCandy_F7632426D7E74D288379E2E4F0A5DAD1\ZrychleniPocitace_p2v1.exe



:Files
C:\Windows\System32\ezGOSvc.dll
C:\Program Files\ICQ6Toolbar

:Services
ezGOSvc
ICQ Service

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Creative WebCam Tray"=-
"Google Update"=-
"swg"=-
"SpybotSD TeaTimer"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{2F636F98-4898-43D8-88F0-688D51E7607A}C:\users\pc popular\appdata\local\temp\onlineupdate8\setupxu.exe"=-
"TCP Query User{378EAA22-D7CE-49D0-A836-03D558EB73B6}C:\users\pc popular\appdata\local\temp\onlineupdate8\setupxu.exe"=-
"TCP Query User{4A19FAE3-995A-4A46-9422-C763AB88DF44}C:\program files\icq6\icq.exe"=-
"TCP Query User{5F6E1A02-EDC5-43E8-8F21-CA6A5393E544}C:\program files\icq6.5\icq.exe"=-
"TCP Query User{811A351C-9074-4E4C-A259-1FB2902F232A}C:\program files\common files\nero\nero web\setupx.exe"=-
"TCP Query User{DE397DA5-2F49-4BA3-B25C-A28552ED37E6}C:\program files\common files\nero\nero web\setupx.exe"=-
"TCP Query User{F57A9171-F32F-4C15-A72F-F8E673635514}C:\program files\icq6\icq.exe"=-
"UDP Query User{070414BD-A3FD-485C-A9CF-8E01278F1422}C:\users\pc popular\appdata\local\temp\onlineupdate8\setupxu.exe"=-
"UDP Query User{1890109D-5646-4F15-B25B-6DCE90AC600B}C:\program files\common files\nero\nero web\setupx.exe"=-
"UDP Query User{3EC8DDC3-7C51-4786-9B01-85626754667D}C:\program files\common files\nero\nero web\setupx.exe"=-
"UDP Query User{4B3A262F-DFC4-4342-BAEB-8047D85DF53F}C:\program files\icq6.5\icq.exe"=-
"UDP Query User{707C77A2-EB21-4394-A983-16AC4D8C184F}C:\users\pc popular\appdata\local\temp\onlineupdate8\setupxu.exe"=-
"UDP Query User{CB288F9F-9382-40F5-B1D6-69982EE2896C}C:\program files\icq6\icq.exe"=-
"UDP Query User{E55367B0-A42A-4FD9-83C9-3CBC2F6E6803}C:\program files\icq6\icq.exe"=-

OTL logfile created on: 30.7.2011 15:01:57 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\PC Popular\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1013,09 Mb Total Physical Memory | 251,38 Mb Available Physical Memory | 24,81% Memory free
2,24 Gb Paging File | 1,19 Gb Available in Paging File | 53,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 40,66 Gb Free Space | 27,28% Space Free | Partition Type: NTFS

Computer Name: PCPOPULAR-PC | User Name: PC Popular | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.07.29 19:39:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\PC Popular\Desktop\OTL.exe
PRC - [2011.07.13 23:53:20 | 000,319,488 | ---- | M] (Crawler, LLC) -- C:\Program Files\SiteRanker\SiteRankTray.exe
PRC - [2011.07.04 13:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.07.04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011.06.30 15:50:31 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011.03.22 20:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2011.01.05 10:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ7.2\ICQ.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.06.15 06:02:55 | 004,435,968 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2005.10.27 12:00:22 | 000,299,008 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CamTray.exe

========== Modules (SafeList) ==========

MOD - [2011.07.29 19:39:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\PC Popular\Desktop\OTL.exe
MOD - [2011.07.04 13:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011.07.04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.05.29 13:57:31 | 000,073,600 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ezGOSvc.dll -- (ezGOSvc)
SRV - [2008.09.21 19:19:28 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011.07.04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.07.04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.07.04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.07.04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.07.04 13:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.07.04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.07.10 06:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007.06.15 06:07:39 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007.03.13 14:05:30 | 000,044,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2006.11.04 00:45:48 | 000,178,913 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\V0260Vid.sys -- (V0260VID)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/def ... earch.html
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found

IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid=80546&lng=cs
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://www.centrum.cz/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... r=1.2.6&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\PC Popular\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\PC Popular\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\siteranker@siteranker.com: C:\Program Files\SiteRanker\firefox\ [2011.07.21 19:37:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.01 15:56:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.30 15:00:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{ED76C299-85BC-4891-9237-74A140C28832}: C:\Program Files\RebateInformer\Firefox\ [2011.07.21 19:38:24 | 000,000,000 | ---D | M]

[2008.07.28 20:18:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Extensions
[2011.07.30 13:55:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\extensions
[2010.06.10 10:02:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.01 20:12:27 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.06.17 13:50:05 | 000,000,000 | ---D | M] (Seznam liĹˇtiÄŤka) -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2011.07.21 19:38:05 | 000,000,000 | ---D | M] (AppGraffiti) -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\extensions\AppGraffiti@AppGraffiti.com
[2011.07.12 11:46:48 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-1.xml
[2009.11.10 08:58:27 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-10.xml
[2010.03.21 16:27:06 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-11.xml
[2010.04.08 13:01:26 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-12.xml
[2010.06.09 14:37:45 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-13.xml
[2010.11.04 12:05:39 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-14.xml
[2011.01.04 19:56:49 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-15.xml
[2011.04.01 15:58:33 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-16.xml
[2011.05.12 12:19:09 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-17.xml
[2009.02.04 18:41:31 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-2.xml
[2009.03.05 15:05:53 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-3.xml
[2009.03.29 08:31:04 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-4.xml
[2009.04.23 15:13:06 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-5.xml
[2009.06.12 11:46:05 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-6.xml
[2009.07.25 16:43:52 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-7.xml
[2009.08.15 09:57:55 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-8.xml
[2009.09.24 19:56:42 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-9.xml
[2011.06.20 10:45:18 | 000,000,168 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin.gif
[2011.06.20 10:45:18 | 000,000,618 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin.src
[2010.06.21 17:35:24 | 000,001,042 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin.xml
[2011.07.30 15:01:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.16 10:29:21 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.07.30 15:01:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.04.01 15:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011.04.01 15:56:55 | 000,000,000 | ---D | M] (Seznam liĹˇtiÄŤka) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
File not found (No name found) --
[2011.03.18 19:55:52 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2010.01.01 10:00:00 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2010.01.01 10:00:00 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2010.01.01 10:00:00 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2010.01.01 10:00:00 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2009.01.15 12:19:44 | 000,292,125 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10057 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files\SiteRanker\SiteRank.dll (Crawler, LLC)
O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
O2 - BHO: () - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\Program Files\RebateInformer\RebateI.dll (Inbox.com, Inc.)
O3 - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\..\Toolbar\WebBrowser: (no name) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No CLSID value found.
O3 - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] File not found
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SiteRanker] C:\Program Files\SiteRanker\SiteRankTray.exe (Crawler, LLC)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [V0260Cfg.exe] C:\Windows\V0260Cfg.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-2021764775-3943338914-829116189-1000..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-2021764775-3943338914-829116189-1000..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-2021764775-3943338914-829116189-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 93.99.200.155 77.48.31.69
O18 - Protocol\Handler\rebinfo {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\Program Files\RebateInformer\RebateI.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (avgrsstx.dll??) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img21.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img21.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.07.30 15:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.07.30 15:00:39 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.07.30 15:00:39 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.07.30 15:00:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.07.30 15:00:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.07.30 14:43:39 | 000,000,000 | ---D | C] -- C:\Users\PC Popular\AppData\Roaming\SUPERAntiSpyware.com
[2011.07.30 14:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.07.30 14:43:34 | 000,000,000 | ---D | C] -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.07.30 14:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.07.30 14:24:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011.07.30 14:20:52 | 000,309,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011.07.30 14:20:52 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011.07.30 14:20:50 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011.07.30 14:20:49 | 000,043,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011.07.30 14:20:49 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011.07.30 14:20:48 | 000,054,104 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011.07.30 14:19:53 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.07.30 14:19:52 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.07.30 14:19:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2011.07.29 19:39:16 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\PC Popular\Desktop\OTL.exe
[2011.07.29 11:04:48 | 000,000,000 | ---D | C] -- C:\Users\PC Popular\AppData\Roaming\Malwarebytes
[2011.07.29 11:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.07.29 11:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.07.28 23:40:34 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.07.28 23:40:30 | 000,000,000 | ---D | C] -- C:\rsit
[2011.07.21 19:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti
[2011.07.21 19:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\AppGraffiti
[2011.07.21 19:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiteRanker
[2011.07.21 19:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\SiteRanker
[2011.07.21 19:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RebateInformer
[2011.07.21 19:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\RebateInformer
[2011.07.21 19:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\Inbox.com
[2011.07.13 07:13:57 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.07.13 07:13:05 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.07.13 07:13:05 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.07.08 15:07:13 | 000,000,000 | ---D | C] -- C:\covers
[2010.03.13 16:39:48 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\PC Popular\AppData\Roaming\pcouffin.sys
[2 C:\Users\PC Popular\*.tmp files -> C:\Users\PC Popular\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.07.30 14:51:29 | 000,094,709 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.07.30 14:51:28 | 000,094,709 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.07.30 14:51:15 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.30 14:51:15 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.30 14:51:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.30 14:51:02 | 1063,063,552 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.30 14:43:34 | 000,001,800 | ---- | M] () -- C:\Users\PC Popular\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.07.30 14:36:35 | 000,000,982 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2021764775-3943338914-829116189-1000UA.job
[2011.07.30 14:29:01 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011.07.30 14:24:04 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.07.30 14:05:37 | 000,087,608 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\inst.exe
[2011.07.30 14:05:37 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\PC Popular\AppData\Roaming\pcouffin.sys
[2011.07.30 14:05:37 | 000,007,887 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\pcouffin.cat
[2011.07.30 14:05:37 | 000,001,144 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\pcouffin.inf
[2011.07.29 19:39:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\PC Popular\Desktop\OTL.exe
[2011.07.28 23:39:45 | 000,781,383 | ---- | M] () -- C:\Users\PC Popular\Desktop\RSIT.exe
[2011.07.24 08:36:02 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2021764775-3943338914-829116189-1000Core.job
[2011.07.17 17:39:27 | 004,776,436 | ---- | M] () -- C:\Users\PC Popular\Dobrý sen 11.mp3
[2011.07.17 17:38:57 | 004,358,895 | ---- | M] () -- C:\Users\PC Popular\Stopy 08.mp3
[2011.07.15 07:37:54 | 000,002,067 | ---- | M] () -- C:\Users\PC Popular\Desktop\Google Chrome.lnk
[2011.07.13 16:13:15 | 001,591,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.07.08 13:41:59 | 000,607,232 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2011.07.08 13:41:59 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.08 13:41:59 | 000,117,912 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2011.07.08 13:41:59 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.07.04 13:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.07.04 13:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.07.04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011.07.04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011.07.04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011.07.04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011.07.04 13:32:20 | 000,054,104 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011.07.04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2 C:\Users\PC Popular\*.tmp files -> C:\Users\PC Popular\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.07.30 14:43:34 | 000,001,800 | ---- | C] () -- C:\Users\PC Popular\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.07.30 14:24:04 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.07.28 23:39:44 | 000,781,383 | ---- | C] () -- C:\Users\PC Popular\Desktop\RSIT.exe
[2011.07.17 17:29:01 | 004,776,436 | ---- | C] () -- C:\Users\PC Popular\Dobrý sen 11.mp3
[2011.07.17 17:29:01 | 004,358,895 | ---- | C] () -- C:\Users\PC Popular\Stopy 08.mp3
[2011.05.30 07:56:45 | 000,073,600 | ---- | C] () -- C:\Windows\System32\ezGOSvc.dll
[2010.11.22 15:18:49 | 000,094,709 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.11.22 15:04:47 | 000,094,709 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.03.13 16:39:48 | 000,087,608 | ---- | C] () -- C:\Users\PC Popular\AppData\Roaming\inst.exe
[2010.03.13 16:39:48 | 000,007,887 | ---- | C] () -- C:\Users\PC Popular\AppData\Roaming\pcouffin.cat
[2010.03.13 16:39:48 | 000,001,144 | ---- | C] () -- C:\Users\PC Popular\AppData\Roaming\pcouffin.inf
[2010.03.13 16:08:09 | 000,000,233 | ---- | C] () -- C:\Users\PC Popular\AppData\Roaming\default.rss
[2009.09.24 08:46:10 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.24 08:46:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.04.26 14:01:16 | 000,000,680 | ---- | C] () -- C:\Users\PC Popular\AppData\Local\d3d9caps.dat
[2009.01.15 14:54:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009.01.15 14:54:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009.01.15 14:54:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009.01.15 14:54:38 | 000,049,152 | ---- | C] () -- C:\Windows\VFIND.exe
[2008.11.20 09:48:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.09.21 19:30:14 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008.05.17 22:33:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2007.12.26 17:16:52 | 000,000,014 | ---- | C] () -- C:\Windows\System32\SystemInfo32.sys
[2007.12.10 21:58:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007.12.08 20:13:46 | 000,052,736 | ---- | C] () -- C:\Users\PC Popular\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.11.22 18:24:55 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007.01.08 23:10:33 | 000,607,232 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2007.01.08 23:10:33 | 000,286,912 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2007.01.08 23:10:33 | 000,117,912 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2007.01.08 23:10:33 | 000,034,724 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:44:53 | 001,591,776 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.08.03 00:03:51 | 000,224,768 | ---- | C] () -- C:\Windows\System32\b4fm.dll

========== LOP Check ==========

[2010.11.14 15:19:12 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\GHISLER
[2011.07.24 16:02:13 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\go
[2011.07.30 14:52:34 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\ICQ
[2008.01.13 19:56:45 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\ICQ Toolbar
[2010.03.06 15:34:06 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\InfraRecorder
[2011.05.19 19:44:46 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\OpenCandy
[2009.01.21 23:55:04 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Thunderbird
[2011.07.30 14:05:37 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Vso
[2010.06.23 19:33:00 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Zoner
[2011.07.30 14:50:05 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< :Commands >

< [EmptyTemp] >

< [EmptyFlash] >

< [ResetHosts] >

< >

< :OTL >

< IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html >
Invalid Switch: def ... earch.html

< IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ >
Invalid Switch:

< IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/def ... earch.html >
Invalid Switch: def ... earch.html

< IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found >

< IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) >

< IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found >

< IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) >

< IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found >

< IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) >

< IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\..\URLSearchHook: - Reg Error: Key error. File not found >

< IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) >

< IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) >

< FF - prefs.js..browser.search.defaultenginename: "ICQ Search" >

< FF - prefs.js..browser.search.selectedEngine: "ICQ Search" >

< [2011.07.12 11:46:48 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-1.xml >

< [2009.11.10 08:58:27 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-10.xml >

< [2010.03.21 16:27:06 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-11.xml >

< [2010.04.08 13:01:26 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-12.xml >

< [2010.06.09 14:37:45 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-13.xml >

< [2010.11.04 12:05:39 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-14.xml >

< [2011.01.04 19:56:49 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-15.xml >

< [2011.04.01 15:58:33 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-16.xml >

< [2011.05.12 12:19:09 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-17.xml >

< [2009.02.04 18:41:31 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-2.xml >

< [2009.03.05 15:05:53 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-3.xml >

< [2009.03.29 08:31:04 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-4.xml >

< [2009.04.23 15:13:06 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-5.xml >

< [2009.06.12 11:46:05 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-6.xml >

< [2009.07.25 16:43:52 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-7.xml >

< [2009.08.15 09:57:55 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-8.xml >

< [2009.09.24 19:56:42 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-9.xml >

< [2011.06.20 10:45:18 | 000,000,168 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin.gif >

< [2011.06.20 10:45:18 | 000,000,618 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin.src >

< [2010.06.21 17:35:24 | 000,001,042 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin.xml >

< [2010.05.16 10:29:21 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} >

< O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 >

< O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present >

< O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present >

< O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present >

< O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present >

< O7 - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present >

< O7 - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 >

< O13 - gopher Prefix: missing >

< O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) >

< O20 - AppInit_DLLs: (avgrsstx.dllystem32\wuwe) - File not found >

< [2 C:\Users\PC Popular\*.tmp files -> C:\Users\PC Popular\*.tmp -> ] >

< [2011.07.29 19:36:03 | 000,000,982 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2021764775-3943338914-829116189-1000UA.job >

< [2011.07.24 08:36:02 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2021764775-3943338914-829116189-1000Core.job >

< [2011.07.08 13:41:59 | 000,607,232 | ---- | M] () -- C:\Windows\System32\perfh005.dat >

< [2011.07.08 13:41:59 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat >

< [2011.07.08 13:41:59 | 000,117,912 | ---- | M] () -- C:\Windows\System32\perfc005.dat >

< [2011.07.08 13:41:59 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat >

< [2 C:\Users\PC Popular\*.tmp files -> C:\Users\PC Popular\*.tmp -> ] >

< [2009.01.15 14:54:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe >

< [2009.01.15 14:54:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe >

< [2009.01.15 14:54:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe >

< [2009.01.15 14:54:38 | 000,049,152 | ---- | C] () -- C:\Windows\VFIND.exe >

< [2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat >

< [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat >

< [2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat >

< [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat >

< [2007.01.08 23:10:33 | 000,607,232 | ---- | C] () -- C:\Windows\System32\perfh005.dat >

< [2007.01.08 23:10:33 | 000,286,912 | ---- | C] () -- C:\Windows\System32\perfi005.dat >

< [2007.01.08 23:10:33 | 000,117,912 | ---- | C] () -- C:\Windows\System32\perfc005.dat >

< [2007.01.08 23:10:33 | 000,034,724 | ---- | C] () -- C:\Windows\System32\perfd005.dat >

< [2010.03.13 16:39:48 | 000,087,608 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\inst.exe >

< [2008.12.16 23:26:51 | 001,850,800 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\PC Popular\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe >

< [2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_06FC51BA7D11E341665404.exe >

< [2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_092FACECCDBA9FDCA53734.exe >

< [2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_1E9A97B835DD8F6ABBAAE8.exe >

< [2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_2844EEFA074253913346FD.exe >

< [2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_2E7BEF5AB9AB3749507AA0.exe >

< [2009.01.15 13:02:21 | 000,017,542 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_3961DA64A8AE4B8B93244B.exe >

< [2009.01.15 13:02:21 | 000,013,262 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_3CED451BC56276B2681B49.exe >

< [2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_47233D72327EDA91466B5D.exe >

< [2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_481C0BBA507B7F3096F01C.exe >

< [2009.01.15 13:02:21 | 000,005,430 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_486299C0DDDE2367035252.exe >

< [2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_49D7F58BC16DD145B18BB8.exe >

< [2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_56F19459493C85A6F79A36.exe >

< [2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_5C2EBB28A914CE72DF8485.exe >

< [2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_667922C01AF0A65C0B6260.exe >

< [2009.01.15 13:02:20 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_6FEFF9B68218417F98F549.exe >

< [2009.01.15 13:02:21 | 000,017,542 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_703DBBDB98256C212C4CE0.exe >

< [2009.01.15 13:02:21 | 000,017,542 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_861E3A794E5EACCD15513C.exe >

< [2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_866C8945003DD5BD659054.exe >

< [2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_87503577C2BB078B973E27.exe >

< [2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_8EB2BD0231E8C77B718D15.exe >

< [2009.01.15 13:02:21 | 000,013,262 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_9508CB83619B2E55A29D78.exe >

< [2009.01.15 13:02:21 | 000,007,886 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_9AB5D41CE41E82F0880FD4.exe >

< [2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_9B945C1B6EE2A1ADE69E60.exe >

< [2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_C5AE88827B14EF85A0EFD6.exe >

< [2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_C7BB9F340B75D30A93AE21.exe >

< [2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_D3B2B7D74569DB60E01A35.exe >

< [2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_D4558C34712611A6BC922F.exe >

< [2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_D6D774AF431FABA032F095.exe >

< [2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_E89C2D99675BBA51B4EBAF.exe >

< [2011.05.19 19:44:46 | 000,416,160 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\OpenCandy\OpenCandy_F7632426D7E74D288379E2E4F0A5DAD1\LatestDLMgr.exe >

< [2010.12.18 00:07:06 | 000,043,440 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\OpenCandy\OpenCandy_F7632426D7E74D288379E2E4F0A5DAD1\SpeedstarterCZ.exe >

< [2010.12.17 19:48:22 | 001,720,472 | ---- | M] (Speedchecker Limited ) -- C:\Users\PC Popular\AppData\Roaming\OpenCandy\OpenCandy_F7632426D7E74D288379E2E4F0A5DAD1\ZrychleniPocitace.exe >

< [2011.05.19 19:44:54 | 001,842,096 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\OpenCandy\OpenCandy_F7632426D7E74D288379E2E4F0A5DAD1\ZrychleniPocitace_p2v1.exe >

< >

< >

< >

< :Files >

< C:\Windows\System32\ezGOSvc.dll >
[2011.05.29 13:57:31 | 000,073,600 | ---- | M] () -- C:\Windows\System32\ezGOSvc.dll

< C:\Program Files\ICQ6Toolbar >

< >

< :Services >

< ezGOSvc >

< ICQ Service >

< >

< :Reg >

< [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] >

< "Creative WebCam Tray"=- >

< "Google Update"=- >

< "swg"=- >

< "SpybotSD TeaTimer"=- >

< >

< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] >

< "TCP Query User{2F636F98-4898-43D8-88F0-688D51E7607A}C:\users\pc popular\appdata\local\temp\onlineupdate8\setupxu.exe"=- >

< "TCP Query User{378EAA22-D7CE-49D0-A836-03D558EB73B6}C:\users\pc popular\appdata\local\temp\onlineupdate8\setupxu.exe"=- >

< "TCP Query User{4A19FAE3-995A-4A46-9422-C763AB88DF44}C:\program files\icq6\icq.exe"=- >

< "TCP Query User{5F6E1A02-EDC5-43E8-8F21-CA6A5393E544}C:\program files\icq6.5\icq.exe"=- >

< "TCP Query User{811A351C-9074-4E4C-A259-1FB2902F232A}C:\program files\common files\nero\nero web\setupx.exe"=- >

< "TCP Query User{DE397DA5-2F49-4BA3-B25C-A28552ED37E6}C:\program files\common files\nero\nero web\setupx.exe"=- >

< "TCP Query User{F57A9171-F32F-4C15-A72F-F8E673635514}C:\program files\icq6\icq.exe"=- >

< "UDP Query User{070414BD-A3FD-485C-A9CF-8E01278F1422}C:\users\pc popular\appdata\local\temp\onlineupdate8\setupxu.exe"=- >

< "UDP Query User{1890109D-5646-4F15-B25B-6DCE90AC600B}C:\program files\common files\nero\nero web\setupx.exe"=- >

< "UDP Query User{3EC8DDC3-7C51-4786-9B01-85626754667D}C:\program files\common files\nero\nero web\setupx.exe"=- >

< "UDP Query User{4B3A262F-DFC4-4342-BAEB-8047D85DF53F}C:\program files\icq6.5\icq.exe"=- >

< "UDP Query User{707C77A2-EB21-4394-A983-16AC4D8C184F}C:\users\pc popular\appdata\local\temp\onlineupdate8\setupxu.exe"=- >

< "UDP Query User{CB288F9F-9382-40F5-B1D6-69982EE2896C}C:\program files\icq6\icq.exe"=- >

< "UDP Query User{E55367B0-A42A-4FD9-83C9-3CBC2F6E6803}C:\program files\icq6\icq.exe"=- >

< End of report >

Oprava neproběhla správně, takže ještě jednou :

Spusťte OTL s následujícím skriptem a klikněte na tlačítko Opravit. Po restartu počítače se otevře log, ten sem vložte.

Kód: Vybrat vše

:Commands
[EmptyTemp]
[EmptyFlash]
[ResetHosts]

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/def ... earch.html
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
[2011.07.12 11:46:48 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-1.xml
[2009.11.10 08:58:27 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-10.xml
[2010.03.21 16:27:06 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-11.xml
[2010.04.08 13:01:26 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-12.xml
[2010.06.09 14:37:45 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-13.xml
[2010.11.04 12:05:39 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-14.xml
[2011.01.04 19:56:49 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-15.xml
[2011.04.01 15:58:33 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-16.xml
[2011.05.12 12:19:09 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-17.xml
[2009.02.04 18:41:31 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-2.xml
[2009.03.05 15:05:53 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-3.xml
[2009.03.29 08:31:04 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-4.xml
[2009.04.23 15:13:06 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-5.xml
[2009.06.12 11:46:05 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-6.xml
[2009.07.25 16:43:52 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-7.xml
[2009.08.15 09:57:55 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-8.xml
[2009.09.24 19:56:42 | 000,000,950 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-9.xml
[2011.06.20 10:45:18 | 000,000,168 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin.gif
[2011.06.20 10:45:18 | 000,000,618 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin.src
[2010.06.21 17:35:24 | 000,001,042 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin.xml
[2010.05.16 10:29:21 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O20 - AppInit_DLLs: (avgrsstx.dllystem32\wuwe) - File not found
[2 C:\Users\PC Popular\*.tmp files -> C:\Users\PC Popular\*.tmp -> ]
[2011.07.29 19:36:03 | 000,000,982 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2021764775-3943338914-829116189-1000UA.job
[2011.07.24 08:36:02 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2021764775-3943338914-829116189-1000Core.job
[2011.07.08 13:41:59 | 000,607,232 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2011.07.08 13:41:59 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.08 13:41:59 | 000,117,912 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2011.07.08 13:41:59 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2 C:\Users\PC Popular\*.tmp files -> C:\Users\PC Popular\*.tmp -> ]
[2009.01.15 14:54:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009.01.15 14:54:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009.01.15 14:54:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009.01.15 14:54:38 | 000,049,152 | ---- | C] () -- C:\Windows\VFIND.exe
[2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2007.01.08 23:10:33 | 000,607,232 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2007.01.08 23:10:33 | 000,286,912 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2007.01.08 23:10:33 | 000,117,912 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2007.01.08 23:10:33 | 000,034,724 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2010.03.13 16:39:48 | 000,087,608 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\inst.exe
[2008.12.16 23:26:51 | 001,850,800 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\PC Popular\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_06FC51BA7D11E341665404.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_092FACECCDBA9FDCA53734.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_1E9A97B835DD8F6ABBAAE8.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_2844EEFA074253913346FD.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_2E7BEF5AB9AB3749507AA0.exe
[2009.01.15 13:02:21 | 000,017,542 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_3961DA64A8AE4B8B93244B.exe
[2009.01.15 13:02:21 | 000,013,262 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_3CED451BC56276B2681B49.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_47233D72327EDA91466B5D.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_481C0BBA507B7F3096F01C.exe
[2009.01.15 13:02:21 | 000,005,430 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_486299C0DDDE2367035252.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_49D7F58BC16DD145B18BB8.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_56F19459493C85A6F79A36.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_5C2EBB28A914CE72DF8485.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_667922C01AF0A65C0B6260.exe
[2009.01.15 13:02:20 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_6FEFF9B68218417F98F549.exe
[2009.01.15 13:02:21 | 000,017,542 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_703DBBDB98256C212C4CE0.exe
[2009.01.15 13:02:21 | 000,017,542 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_861E3A794E5EACCD15513C.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_866C8945003DD5BD659054.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_87503577C2BB078B973E27.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_8EB2BD0231E8C77B718D15.exe
[2009.01.15 13:02:21 | 000,013,262 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_9508CB83619B2E55A29D78.exe
[2009.01.15 13:02:21 | 000,007,886 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_9AB5D41CE41E82F0880FD4.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_9B945C1B6EE2A1ADE69E60.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_C5AE88827B14EF85A0EFD6.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_C7BB9F340B75D30A93AE21.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_D3B2B7D74569DB60E01A35.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_D4558C34712611A6BC922F.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_D6D774AF431FABA032F095.exe
[2009.01.15 13:02:21 | 000,015,086 | R--- | M] () -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_E89C2D99675BBA51B4EBAF.exe
[2011.05.19 19:44:46 | 000,416,160 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\OpenCandy\OpenCandy_F7632426D7E74D288379E2E4F0A5DAD1\LatestDLMgr.exe
[2010.12.18 00:07:06 | 000,043,440 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\OpenCandy\OpenCandy_F7632426D7E74D288379E2E4F0A5DAD1\SpeedstarterCZ.exe
[2010.12.17 19:48:22 | 001,720,472 | ---- | M] (Speedchecker Limited ) -- C:\Users\PC Popular\AppData\Roaming\OpenCandy\OpenCandy_F7632426D7E74D288379E2E4F0A5DAD1\ZrychleniPocitace.exe
[2011.05.19 19:44:54 | 001,842,096 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\OpenCandy\OpenCandy_F7632426D7E74D288379E2E4F0A5DAD1\ZrychleniPocitace_p2v1.exe



:Files
C:\Windows\System32\ezGOSvc.dll
C:\Program Files\ICQ6Toolbar

:Services
ezGOSvc
ICQ Service

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Creative WebCam Tray"=-
"Google Update"=-
"swg"=-
"SpybotSD TeaTimer"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{2F636F98-4898-43D8-88F0-688D51E7607A}C:\users\pc popular\appdata\local\temp\onlineupdate8\setupxu.exe"=-
"TCP Query User{378EAA22-D7CE-49D0-A836-03D558EB73B6}C:\users\pc popular\appdata\local\temp\onlineupdate8\setupxu.exe"=-
"TCP Query User{4A19FAE3-995A-4A46-9422-C763AB88DF44}C:\program files\icq6\icq.exe"=-
"TCP Query User{5F6E1A02-EDC5-43E8-8F21-CA6A5393E544}C:\program files\icq6.5\icq.exe"=-
"TCP Query User{811A351C-9074-4E4C-A259-1FB2902F232A}C:\program files\common files\nero\nero web\setupx.exe"=-
"TCP Query User{DE397DA5-2F49-4BA3-B25C-A28552ED37E6}C:\program files\common files\nero\nero web\setupx.exe"=-
"TCP Query User{F57A9171-F32F-4C15-A72F-F8E673635514}C:\program files\icq6\icq.exe"=-
"UDP Query User{070414BD-A3FD-485C-A9CF-8E01278F1422}C:\users\pc popular\appdata\local\temp\onlineupdate8\setupxu.exe"=-
"UDP Query User{1890109D-5646-4F15-B25B-6DCE90AC600B}C:\program files\common files\nero\nero web\setupx.exe"=-
"UDP Query User{3EC8DDC3-7C51-4786-9B01-85626754667D}C:\program files\common files\nero\nero web\setupx.exe"=-
"UDP Query User{4B3A262F-DFC4-4342-BAEB-8047D85DF53F}C:\program files\icq6.5\icq.exe"=-
"UDP Query User{707C77A2-EB21-4394-A983-16AC4D8C184F}C:\users\pc popular\appdata\local\temp\onlineupdate8\setupxu.exe"=-
"UDP Query User{CB288F9F-9382-40F5-B1D6-69982EE2896C}C:\program files\icq6\icq.exe"=-
"UDP Query User{E55367B0-A42A-4FD9-83C9-3CBC2F6E6803}C:\program files\icq6\icq.exe"=-

Spusťte znovu OTL, postupujte podle návodu v tomto příspěvku http://www.viry.cz/forum/viewtopic.php? ... 8#p1015148 a vložte log, který se otevře.

se omlouvam, jsem prehlidl to Opravit predtim

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: PC Popular
->Temp folder emptied: 57571657 bytes
->Temporary Internet Files folder emptied: 64686072 bytes
->Java cache emptied: 64835900 bytes
->FireFox cache emptied: 101665539 bytes
->Google Chrome cache emptied: 349797101 bytes
->Flash cache emptied: 1873050 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23593223 bytes
RecycleBin emptied: 7296862145 bytes

Total Files Cleaned = 7 592,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: PC Popular
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomSearch| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
C:\Program Files\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-2021764775-3943338914-829116189-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2021764775-3943338914-829116189-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-2021764775-3943338914-829116189-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\ not found.
File C:\Program Files\Inbox Toolbar\Inbox.dll not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-14.xml moved successfully.
C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-15.xml moved successfully.
C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-16.xml moved successfully.
C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-17.xml moved successfully.
C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin.gif moved successfully.
C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin.src moved successfully.
C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\searchplugins\icqplugin.xml moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-2021764775-3943338914-829116189-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2021764775-3943338914-829116189-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Starting removal of ActiveX control {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:avgrsstx.dllystem32\wuwe deleted successfully.
C:\Users\PC Popular\PP_MOTION.TMP folder deleted successfully.
C:\Users\PC Popular\PP_ROTATE_SLIDE.TMP folder deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2021764775-3943338914-829116189-1000UA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2021764775-3943338914-829116189-1000Core.job moved successfully.
C:\Windows\System32\perfh005.dat moved successfully.
C:\Windows\System32\perfh009.dat moved successfully.
C:\Windows\System32\perfc005.dat moved successfully.
C:\Windows\System32\perfc009.dat moved successfully.
C:\Windows\sed.exe moved successfully.
C:\Windows\grep.exe moved successfully.
C:\Windows\zip.exe moved successfully.
C:\Windows\VFIND.exe moved successfully.
File C:\Windows\System32\perfh009.dat not found.
C:\Windows\System32\perfi009.dat moved successfully.
File C:\Windows\System32\perfc009.dat not found.
C:\Windows\System32\perfd009.dat moved successfully.
File C:\Windows\System32\perfh005.dat not found.
C:\Windows\System32\perfi005.dat moved successfully.
File C:\Windows\System32\perfc005.dat not found.
C:\Windows\System32\perfd005.dat moved successfully.
C:\Users\PC Popular\AppData\Roaming\inst.exe moved successfully.
File C:\Users\PC Popular\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe not found.
C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_06FC51BA7D11E341665404.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_092FACECCDBA9FDCA53734.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_1E9A97B835DD8F6ABBAAE8.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_2844EEFA074253913346FD.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_2E7BEF5AB9AB3749507AA0.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_3961DA64A8AE4B8B93244B.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_3CED451BC56276B2681B49.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_47233D72327EDA91466B5D.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_481C0BBA507B7F3096F01C.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_486299C0DDDE2367035252.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_49D7F58BC16DD145B18BB8.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_56F19459493C85A6F79A36.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_5C2EBB28A914CE72DF8485.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_667922C01AF0A65C0B6260.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_6FEFF9B68218417F98F549.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_703DBBDB98256C212C4CE0.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_861E3A794E5EACCD15513C.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_866C8945003DD5BD659054.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_87503577C2BB078B973E27.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_8EB2BD0231E8C77B718D15.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_9508CB83619B2E55A29D78.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_9AB5D41CE41E82F0880FD4.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_9B945C1B6EE2A1ADE69E60.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_C5AE88827B14EF85A0EFD6.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_C7BB9F340B75D30A93AE21.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_D3B2B7D74569DB60E01A35.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_D4558C34712611A6BC922F.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_D6D774AF431FABA032F095.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\_E89C2D99675BBA51B4EBAF.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\OpenCandy\OpenCandy_F7632426D7E74D288379E2E4F0A5DAD1\LatestDLMgr.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\OpenCandy\OpenCandy_F7632426D7E74D288379E2E4F0A5DAD1\SpeedstarterCZ.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\OpenCandy\OpenCandy_F7632426D7E74D288379E2E4F0A5DAD1\ZrychleniPocitace.exe moved successfully.
C:\Users\PC Popular\AppData\Roaming\OpenCandy\OpenCandy_F7632426D7E74D288379E2E4F0A5DAD1\ZrychleniPocitace_p2v1.exe moved successfully.
========== FILES ==========
C:\Windows\System32\ezGOSvc.dll moved successfully.
C:\Program Files\ICQ6Toolbar folder moved successfully.
========== SERVICES/DRIVERS ==========
Error: Unable to stop service ezGOSvc!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ezGOSvc deleted successfully.
Error: No service named ICQ Service was found to stop!
Service\Driver key ICQ Service not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Creative WebCam Tray deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2F636F98-4898-43D8-88F0-688D51E7607A}C:\users\pc popular\appdata\local\temp\onlineupdate8\setupxu.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{378EAA22-D7CE-49D0-A836-03D558EB73B6}C:\users\pc popular\appdata\local\temp\onlineupdate8\setupxu.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4A19FAE3-995A-4A46-9422-C763AB88DF44}C:\program files\icq6\icq.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5F6E1A02-EDC5-43E8-8F21-CA6A5393E544}C:\program files\icq6.5\icq.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{811A351C-9074-4E4C-A259-1FB2902F232A}C:\program files\common files\nero\nero web\setupx.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DE397DA5-2F49-4BA3-B25C-A28552ED37E6}C:\program files\common files\nero\nero web\setupx.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F57A9171-F32F-4C15-A72F-F8E673635514}C:\program files\icq6\icq.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{070414BD-A3FD-485C-A9CF-8E01278F1422}C:\users\pc popular\appdata\local\temp\onlineupdate8\setupxu.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1890109D-5646-4F15-B25B-6DCE90AC600B}C:\program files\common files\nero\nero web\setupx.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3EC8DDC3-7C51-4786-9B01-85626754667D}C:\program files\common files\nero\nero web\setupx.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4B3A262F-DFC4-4342-BAEB-8047D85DF53F}C:\program files\icq6.5\icq.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{707C77A2-EB21-4394-A983-16AC4D8C184F}C:\users\pc popular\appdata\local\temp\onlineupdate8\setupxu.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CB288F9F-9382-40F5-B1D6-69982EE2896C}C:\program files\icq6\icq.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E55367B0-A42A-4FD9-83C9-3CBC2F6E6803}C:\program files\icq6\icq.exe deleted successfully.

OTL by OldTimer - Version 3.2.26.1 log created on 07302011_152955

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP0000003B6587FE64386577E9 not found!

Registry entries deleted on Reboot...

OTL logfile created on: 30.7.2011 15:55:38 - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\PC Popular\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1013,09 Mb Total Physical Memory | 315,58 Mb Available Physical Memory | 31,15% Memory free
2,23 Gb Paging File | 1,36 Gb Available in Paging File | 60,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 50,60 Gb Free Space | 33,95% Space Free | Partition Type: NTFS

Computer Name: PCPOPULAR-PC | User Name: PC Popular | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.07.29 19:39:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\PC Popular\Desktop\OTL.exe
PRC - [2011.07.13 23:53:20 | 000,319,488 | ---- | M] (Crawler, LLC) -- C:\Program Files\SiteRanker\SiteRankTray.exe
PRC - [2011.07.04 13:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.07.04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011.06.30 15:50:31 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011.03.22 20:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2011.01.05 10:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ7.2\ICQ.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.06.15 06:02:55 | 004,435,968 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

========== Modules (SafeList) ==========

MOD - [2011.07.29 19:39:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\PC Popular\Desktop\OTL.exe
MOD - [2011.07.04 13:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011.07.04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008.09.21 19:19:28 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011.07.04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.07.04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.07.04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.07.04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.07.04 13:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.07.04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.07.10 06:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007.06.15 06:07:39 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007.03.13 14:05:30 | 000,044,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2006.11.04 00:45:48 | 000,178,913 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\V0260Vid.sys -- (V0260VID)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid=80546&lng=cs
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.centrum.cz/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... r=1.2.6&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\PC Popular\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\PC Popular\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\siteranker@siteranker.com: C:\Program Files\SiteRanker\firefox\ [2011.07.21 19:37:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.01 15:56:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.30 15:00:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{ED76C299-85BC-4891-9237-74A140C28832}: C:\Program Files\RebateInformer\Firefox\ [2011.07.21 19:38:24 | 000,000,000 | ---D | M]

[2008.07.28 20:18:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Extensions
[2011.07.30 13:55:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\extensions
[2010.06.10 10:02:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.01 20:12:27 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.06.17 13:50:05 | 000,000,000 | ---D | M] (Seznam liĹˇtiÄŤka) -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2011.07.21 19:38:05 | 000,000,000 | ---D | M] (AppGraffiti) -- C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\extensions\AppGraffiti@AppGraffiti.com
[2011.07.30 15:34:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.07.30 15:01:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.04.01 15:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011.04.01 15:56:55 | 000,000,000 | ---D | M] (Seznam liĹˇtiÄŤka) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
File not found (No name found) --
[2011.03.18 19:55:52 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2010.01.01 10:00:00 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2010.01.01 10:00:00 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2010.01.01 10:00:00 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2010.01.01 10:00:00 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2011.07.30 15:34:37 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files\SiteRanker\SiteRank.dll (Crawler, LLC)
O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
O2 - BHO: () - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\Program Files\RebateInformer\RebateI.dll (Inbox.com, Inc.)
O3 - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\..\Toolbar\WebBrowser: (no name) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No CLSID value found.
O3 - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\S-1-5-21-2021764775-3943338914-829116189-1000\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] File not found
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SiteRanker] C:\Program Files\SiteRanker\SiteRankTray.exe (Crawler, LLC)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [V0260Cfg.exe] C:\Windows\V0260Cfg.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-2021764775-3943338914-829116189-1000..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-2021764775-3943338914-829116189-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 93.99.200.155 77.48.31.69
O18 - Protocol\Handler\rebinfo {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\Program Files\RebateInformer\RebateI.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (avgrsstx.dll??) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img21.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img21.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: ezGOSvc - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - msh263.drv File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.07.30 15:29:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.07.30 15:18:22 | 000,000,000 | ---D | C] -- C:\filmy
[2011.07.30 15:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.07.30 15:00:39 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.07.30 15:00:39 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.07.30 15:00:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.07.30 15:00:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.07.30 14:43:39 | 000,000,000 | ---D | C] -- C:\Users\PC Popular\AppData\Roaming\SUPERAntiSpyware.com
[2011.07.30 14:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.07.30 14:43:34 | 000,000,000 | ---D | C] -- C:\Users\PC Popular\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.07.30 14:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.07.30 14:24:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011.07.30 14:20:52 | 000,309,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011.07.30 14:20:52 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011.07.30 14:20:50 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011.07.30 14:20:49 | 000,043,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011.07.30 14:20:49 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011.07.30 14:20:48 | 000,054,104 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011.07.30 14:19:53 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.07.30 14:19:52 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.07.30 14:19:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2011.07.29 19:39:16 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\PC Popular\Desktop\OTL.exe
[2011.07.29 11:04:48 | 000,000,000 | ---D | C] -- C:\Users\PC Popular\AppData\Roaming\Malwarebytes
[2011.07.29 11:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.07.29 11:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.07.28 23:40:34 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.07.28 23:40:30 | 000,000,000 | ---D | C] -- C:\rsit
[2011.07.21 19:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti
[2011.07.21 19:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\AppGraffiti
[2011.07.21 19:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiteRanker
[2011.07.21 19:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\SiteRanker
[2011.07.21 19:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RebateInformer
[2011.07.21 19:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\RebateInformer
[2011.07.21 19:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\Inbox.com
[2011.07.13 07:13:57 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.07.13 07:13:05 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.07.13 07:13:05 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.07.08 15:07:13 | 000,000,000 | ---D | C] -- C:\covers
[2010.03.13 16:39:48 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\PC Popular\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011.07.30 15:50:41 | 000,094,709 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.07.30 15:50:40 | 000,094,709 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.07.30 15:48:35 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.30 15:48:34 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.30 15:48:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.30 15:48:23 | 1063,063,552 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.30 15:34:37 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011.07.30 14:43:34 | 000,001,800 | ---- | M] () -- C:\Users\PC Popular\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.07.30 14:29:01 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011.07.30 14:24:04 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.07.30 14:05:37 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\PC Popular\AppData\Roaming\pcouffin.sys
[2011.07.30 14:05:37 | 000,007,887 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\pcouffin.cat
[2011.07.30 14:05:37 | 000,001,144 | ---- | M] () -- C:\Users\PC Popular\AppData\Roaming\pcouffin.inf
[2011.07.29 19:39:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\PC Popular\Desktop\OTL.exe
[2011.07.28 23:39:45 | 000,781,383 | ---- | M] () -- C:\Users\PC Popular\Desktop\RSIT.exe
[2011.07.17 17:39:27 | 004,776,436 | ---- | M] () -- C:\Users\PC Popular\Dobrý sen 11.mp3
[2011.07.17 17:38:57 | 004,358,895 | ---- | M] () -- C:\Users\PC Popular\Stopy 08.mp3
[2011.07.15 07:37:54 | 000,002,067 | ---- | M] () -- C:\Users\PC Popular\Desktop\Google Chrome.lnk
[2011.07.13 16:13:15 | 001,591,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.07.04 13:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.07.04 13:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.07.04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011.07.04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011.07.04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011.07.04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011.07.04 13:32:20 | 000,054,104 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011.07.04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

========== Files Created - No Company Name ==========

[2011.07.30 14:43:34 | 000,001,800 | ---- | C] () -- C:\Users\PC Popular\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.07.30 14:24:04 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.07.28 23:39:44 | 000,781,383 | ---- | C] () -- C:\Users\PC Popular\Desktop\RSIT.exe
[2011.07.17 17:29:01 | 004,776,436 | ---- | C] () -- C:\Users\PC Popular\Dobrý sen 11.mp3
[2011.07.17 17:29:01 | 004,358,895 | ---- | C] () -- C:\Users\PC Popular\Stopy 08.mp3
[2010.11.22 15:18:49 | 000,094,709 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.11.22 15:04:47 | 000,094,709 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.03.13 16:39:48 | 000,007,887 | ---- | C] () -- C:\Users\PC Popular\AppData\Roaming\pcouffin.cat
[2010.03.13 16:39:48 | 000,001,144 | ---- | C] () -- C:\Users\PC Popular\AppData\Roaming\pcouffin.inf
[2010.03.13 16:08:09 | 000,000,233 | ---- | C] () -- C:\Users\PC Popular\AppData\Roaming\default.rss
[2009.09.24 08:46:10 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.24 08:46:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.04.26 14:01:16 | 000,000,680 | ---- | C] () -- C:\Users\PC Popular\AppData\Local\d3d9caps.dat
[2008.11.20 09:48:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.09.21 19:30:14 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008.05.17 22:33:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2007.12.26 17:16:52 | 000,000,014 | ---- | C] () -- C:\Windows\System32\SystemInfo32.sys
[2007.12.10 21:58:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007.12.08 20:13:46 | 000,052,736 | ---- | C] () -- C:\Users\PC Popular\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.11.22 18:24:55 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:44:53 | 001,591,776 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.08.03 00:03:51 | 000,224,768 | ---- | C] () -- C:\Windows\System32\b4fm.dll

========== LOP Check ==========

[2010.11.14 15:19:12 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\GHISLER
[2011.07.24 16:02:13 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\go
[2011.07.30 14:52:34 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\ICQ
[2008.01.13 19:56:45 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\ICQ Toolbar
[2010.03.06 15:34:06 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\InfraRecorder
[2011.05.19 19:44:46 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\OpenCandy
[2009.01.21 23:55:04 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Thunderbird
[2011.07.30 14:05:37 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Vso
[2010.06.23 19:33:00 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Zoner
[2011.07.30 15:47:26 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ICQ" = "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4 -- [2011.01.05 10:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.)
"SUPERAntiSpyware" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -- [2011.06.30 15:50:31 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009.03.07 11:03:55 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Adobe
[2010.03.06 16:22:52 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\AVS4YOU
[2007.12.26 16:56:57 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Creative
[2008.07.14 22:49:41 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\CyberLink
[2011.06.22 15:48:38 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\dvdcss
[2010.11.14 15:19:12 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\GHISLER
[2011.07.24 16:02:13 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\go
[2008.08.25 19:38:10 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Google
[2011.07.30 14:52:34 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\ICQ
[2008.01.13 19:56:45 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\ICQ Toolbar
[2007.11.08 17:12:47 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Identities
[2010.03.06 15:34:06 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\InfraRecorder
[2007.11.22 17:09:39 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Macromedia
[2011.07.29 11:04:48 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Malwarebytes
[2011.07.30 14:37:04 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Media Player Classic
[2011.07.30 13:39:02 | 000,000,000 | --SD | M] -- C:\Users\PC Popular\AppData\Roaming\Microsoft
[2009.01.21 23:55:05 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Mozilla
[2010.03.23 18:26:20 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Nero
[2011.05.19 19:44:46 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\OpenCandy
[2011.07.30 04:35:24 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\OpenOffice.org2
[2011.07.24 21:54:36 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Skype
[2011.05.29 13:38:11 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\skypePM
[2011.07.30 14:43:39 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\SUPERAntiSpyware.com
[2007.12.10 21:58:28 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Talkback
[2009.01.21 23:55:04 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Thunderbird
[2011.06.22 15:39:19 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\vlc
[2011.07.30 14:05:37 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Vso
[2011.06.13 09:03:08 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Winamp
[2009.03.22 21:21:11 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\WinRAR
[2011.07.30 14:05:24 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Yahoo!
[2010.06.23 19:33:00 | 000,000,000 | ---D | M] -- C:\Users\PC Popular\AppData\Roaming\Zoner

< %APPDATA%\*.exe /s >

< MD5 for: AGP440.SYS >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.14 09:56:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.14 09:56:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.14 09:56:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.04.11 08:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\System32\autochk.exe
[2009.04.11 08:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008.01.19 09:33:01 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2006.11.02 11:44:50 | 000,640,000 | ---- | M] (Microsoft Corporation) MD5=C08D1FE284C3330934E45D6E5F5B768B -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6000.16386_none_dfbd2b4dc4d6121b\autochk.exe

< MD5 for: CDROM.SYS >
[2008.01.19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008.01.19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009.04.11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2009.04.11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009.04.11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006.11.02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2006.11.02 11:46:03 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=1C26FB097170A2A91066D1E3A24366E3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6000.16386_none_73c8d7689de43d15\cryptsvc.dll
[2008.01.19 09:34:00 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll
[2009.04.11 08:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\System32\cryptsvc.dll
[2009.04.11 08:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_77eb127097f11935\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.11.23 13:25:06 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.11.23 13:25:05 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: HAL.DLL >
[2009.04.11 08:32:46 | 000,177,128 | ---- | M] (Microsoft Corporation) MD5=B8D52005181A15D7D1470CBF2AF214DD -- C:\Windows\System32\hal.dll

< MD5 for: IASTORV.SYS >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2006.11.02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- C:\Windows\System32\drivers\isapnp.sys
[2006.11.02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\isapnp.sys
[2008.01.19 09:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\isapnp.sys
[2008.01.19 09:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\isapnp.sys
[2008.01.19 09:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\isapnp.sys
[2008.01.19 09:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.06.15 14:51:56 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=203D86EBD6D8E4C8501B222421E81506 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[2009.09.10 16:44:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=2D3AC5E7AC01E905F3ABD2D745FE3A9B -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[2009.06.15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\System32\lsass.exe
[2009.06.15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[2009.02.13 09:26:04 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=59DE082968FDD257FFF0D209B9A5B460 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[2006.11.02 11:45:21 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=6A0E382E74280E4CC0DF17FE2661D003 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\lsass.exe
[2009.06.15 15:03:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=6F1F23D3599EAE17734451936B7F17C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[2009.06.15 14:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[2009.02.13 06:58:37 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=AFF8A58280863629CA4FFA9E0B259F1E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[2009.06.15 14:59:08 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=BA9A67672E025078C77967731BCFC560 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[2009.06.15 15:10:12 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[2009.09.09 13:09:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=CB7E838C140B4087B2DA323F2D4523C5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[2009.09.10 16:47:51 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D09A5DA84B7C9CA9B02EBCD7FAE41C8D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[2008.01.19 09:33:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[2008.01.19 09:33:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[2008.01.19 09:33:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\lsass.exe
[2009.02.13 10:20:29 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=F4C62B07E5BF96F1FDCA9DB393ECED22 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe

< MD5 for: NDIS.SYS >
[2009.04.11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009.04.11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2006.11.02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008.01.19 09:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

< MD5 for: NETLOGON.DLL >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008.01.19 09:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008.01.19 09:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\drivers\nvraid.sys
[2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: SMSS.EXE >
[2008.01.19 09:33:31 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\smss.exe
[2009.04.11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\System32\smss.exe
[2009.04.11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.18005_none_ae26210916536b06\smss.exe
[2006.11.02 11:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=CAA75757BB3695478C23CB0624342A61 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6000.16386_none_aa03e6011c468ee6\smss.exe

< MD5 for: SVCHOST.EXE >
[2006.11.02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008.01.19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008.01.19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.26 10:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2008.01.09 21:25:12 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=028061C7F6D2D03068C72E2A27E4228A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577ce925d75a7\tcpip.sys
[2009.04.11 08:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2009.12.08 22:52:30 | 000,897,624 | ---- | M] (Microsoft Corporation) MD5=1ACBB7A47E78F4CC82D2EFFB72901528 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
[2009.08.15 23:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009.08.14 19:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2010.02.18 13:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010.02.18 16:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2009.08.14 16:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2008.01.09 21:25:12 | 000,804,352 | ---- | M] (Microsoft Corporation) MD5=43EAE40B50FE3E60D194DD9C97EBB1FD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb7555ab898001\tcpip.sys
[2009.12.08 22:15:00 | 000,907,832 | ---- | M] (Microsoft Corporation) MD5=46E6685F3E92AEC743773ADD4CD54F57 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
[2010.02.18 16:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010.02.18 14:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2008.02.14 09:56:26 | 000,806,400 | ---- | M] (Microsoft Corporation) MD5=52A8BD6294F7D1443C6184C67AE13AF4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys
[2009.12.08 22:37:09 | 000,900,696 | ---- | M] (Microsoft Corporation) MD5=5653230D480A9C54D169E1B080B72CF5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
[2008.02.14 09:56:26 | 000,803,328 | ---- | M] (Microsoft Corporation) MD5=5DF77458AA92FDB36FCE79C60F74AB5D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
[2010.06.16 17:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2009.08.14 18:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2010.06.16 18:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2010.06.16 17:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2008.04.26 10:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009.12.08 19:58:13 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=8734BD051FFDCBF8425CF222141C3741 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
[2009.08.14 19:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010.02.18 19:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010.06.16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\System32\drivers\tcpip.sys
[2010.06.16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2009.12.08 19:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=CA3A5756672013A66BB9D547A5A62DCA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
[2006.11.02 10:58:38 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=D944522B048A5FEB7700B5170D3D9423 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
[2010.02.18 16:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2009.12.08 22:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=DA467E7619AE5F4588E6262C13C8940A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
[2008.01.19 09:43:39 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009.08.14 18:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\System32\ws2_32.dll
[2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
[2006.11.02 11:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=D99A071C1018BB3D4ABAAD4B62048AC2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2011.07.30 15:48:34 | 000,004,048 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.30 15:48:35 | 000,004,048 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.30 14:29:01 | 000,002,577 | ---- | M] () -- C:\Windows\system32\config.nt
[2011.07.30 15:00:36 | 000,006,712 | ---- | M] () -- C:\Windows\system32\jupdate-1.6.0_26-b03.log

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< *crack* /s >

< *keygen* /s >

< End of report >

Vypadá to lépe, jak je na tom PC? A ještě poprosím o log z RSIT.

ano je to o dost lepsi, dekuji velmi

ano je to o dost lepsi, dekuji velmi

Logfile of random's system information tool 1.09 (written by random/random)
Run by PC Popular at 2011-07-31 01:05:55
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 53 GB (34%) free of 153 GB
Total RAM: 1013 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:06:20, on 31.7.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\ICQ7.2\ICQ.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\conime.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\PC Popular\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC Popular\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC Popular\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC Popular\Desktop\RSIT.exe
C:\Program Files\trend micro\PC Popular.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid=80546&lng=cs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~1\APPGRA~1\APPGRA~1.DLL
O2 - BHO: (no name) - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~1\REBATE~1\RebateI.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [V0260Cfg.exe] V0260Cfg.exe /d:4
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~1\REBATE~1\RebateI.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll??
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

--
End of file - 5180 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default

prefs.js - "browser.startup.homepage" - "http://www.centrum.cz/"
prefs.js - "extensions.enabledItems" - "{3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429, {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9, {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03, {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05, {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07, {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.2.6&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\PC Popular\AppData\Roaming\Mozilla\Firefox\Profiles\lc7er351.default\extensions\
AppGraffiti@AppGraffiti.com
{20a82645-c095-46ed-80e3-08825760534b}
{800b5000-a755-47e1-992b-48a1c1357f07}
{ea614400-e918-4741-9a97-7a972ff7c30b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
AppGraffiti - C:\PROGRA~1\APPGRA~1\APPGRA~1.DLL [2011-07-14 266440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039}]
C:\PROGRA~1\REBATE~1\RebateI.dll [2011-07-14 828408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-07-21 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-06-15 4435968]
"Skytel"=C:\Windows\Skytel.exe [2007-06-15 1822720]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2011-03-22 74752]
"UpdatePPShortCut"=C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [2008-02-21 222504]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]
"V0260Cfg.exe"=V0260Cfg.exe /d:4 []
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /runcleanupscript []
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-07-04 3493720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe [2011-01-05 133432]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-06-30 2424192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll??"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"VIDC.I420"=msh263.drv
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-30 15:29:55 ----D---- C:\_OTL
2011-07-30 15:18:22 ----D---- C:\filmy
2011-07-30 15:01:37 ----D---- C:\ProgramData\Sun
2011-07-30 15:00:39 ----A---- C:\Windows\system32\javaws.exe
2011-07-30 15:00:39 ----A---- C:\Windows\system32\javaw.exe
2011-07-30 15:00:39 ----A---- C:\Windows\system32\java.exe
2011-07-30 15:00:39 ----A---- C:\Windows\system32\deployJava1.dll
2011-07-30 14:43:39 ----D---- C:\Users\PC Popular\AppData\Roaming\SUPERAntiSpyware.com
2011-07-30 14:43:39 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2011-07-30 14:43:29 ----D---- C:\Program Files\SUPERAntiSpyware
2011-07-30 14:20:52 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-07-30 14:20:52 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-07-30 14:20:50 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-07-30 14:20:49 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-07-30 14:20:49 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-07-30 14:20:48 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-07-30 14:19:53 ----A---- C:\Windows\avastSS.scr
2011-07-30 14:19:52 ----A---- C:\Windows\system32\aswBoot.exe
2011-07-30 14:19:42 ----D---- C:\ProgramData\Alwil Software
2011-07-29 11:04:48 ----D---- C:\Users\PC Popular\AppData\Roaming\Malwarebytes
2011-07-29 11:04:42 ----D---- C:\ProgramData\Malwarebytes
2011-07-29 11:04:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-07-28 23:40:34 ----D---- C:\Program Files\trend micro
2011-07-28 23:40:30 ----D---- C:\rsit
2011-07-21 19:38:04 ----D---- C:\Program Files\AppGraffiti
2011-07-21 19:37:41 ----D---- C:\Program Files\RebateInformer
2011-07-21 19:37:41 ----D---- C:\Program Files\Inbox.com
2011-07-13 07:13:57 ----A---- C:\Windows\system32\win32k.sys
2011-07-13 07:13:23 ----A---- C:\Windows\system32\kernel32.dll
2011-07-13 07:13:05 ----A---- C:\Windows\system32\winsrv.dll
2011-07-13 07:13:05 ----A---- C:\Windows\system32\csrsrv.dll
2011-07-08 15:07:13 ----D---- C:\covers

======List of files/folders modified in the last 1 month======

2011-07-31 01:06:11 ----D---- C:\Windows\Prefetch
2011-07-31 01:06:06 ----D---- C:\Windows\Temp
2011-07-30 21:38:38 ----D---- C:\Users\PC Popular\AppData\Roaming\Skype
2011-07-30 20:44:56 ----RD---- C:\Program Files
2011-07-30 20:44:56 ----D---- C:\Windows\System32
2011-07-30 16:45:12 ----SHD---- C:\System Volume Information
2011-07-30 15:34:41 ----D---- C:\Windows
2011-07-30 15:34:39 ----D---- C:\Windows\Tasks
2011-07-30 15:34:37 ----D---- C:\Windows\system32\drivers\etc
2011-07-30 15:23:40 ----D---- C:\hudba
2011-07-30 15:01:37 ----SHD---- C:\Windows\Installer
2011-07-30 15:01:37 ----HD---- C:\ProgramData
2011-07-30 15:01:36 ----D---- C:\Program Files\Common Files\Java
2011-07-30 15:00:36 ----D---- C:\Program Files\Java
2011-07-30 14:52:46 ----D---- C:\Windows\system32\catroot2
2011-07-30 14:52:34 ----D---- C:\Users\PC Popular\AppData\Roaming\ICQ
2011-07-30 14:49:17 ----D---- C:\Windows\system32\drivers
2011-07-30 14:37:04 ----D---- C:\Users\PC Popular\AppData\Roaming\Media Player Classic
2011-07-30 14:34:07 ----D---- C:\Program Files\Google
2011-07-30 14:28:05 ----D---- C:\Program Files\Windows Sidebar
2011-07-30 14:20:43 ----D---- C:\Windows\winsxs
2011-07-30 14:19:42 ----D---- C:\Program Files\Alwil Software
2011-07-30 14:17:15 ----D---- C:\install
2011-07-30 14:07:02 ----D---- C:\ProgramData\Google
2011-07-30 14:05:37 ----D---- C:\Users\PC Popular\AppData\Roaming\Vso
2011-07-30 14:05:24 ----D---- C:\Users\PC Popular\AppData\Roaming\Yahoo!
2011-07-30 14:05:24 ----D---- C:\ProgramData\Yahoo!
2011-07-30 14:05:02 ----D---- C:\Program Files\Microsoft Games
2011-07-30 13:54:51 ----RD---- C:\Program Files\Skype
2011-07-30 13:44:43 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-07-30 13:39:37 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-07-30 13:39:02 ----SD---- C:\Users\PC Popular\AppData\Roaming\Microsoft
2011-07-30 04:35:24 ----D---- C:\Users\PC Popular\AppData\Roaming\OpenOffice.org2
2011-07-29 19:33:40 ----D---- C:\Windows\AppPatch
2011-07-29 19:31:36 ----D---- C:\Program Files\ICQToolbar
2011-07-24 21:52:44 ----D---- C:\ProgramData\Easybits GO
2011-07-24 16:02:13 ----D---- C:\Users\PC Popular\AppData\Roaming\go
2011-07-20 09:13:14 ----D---- C:\Windows\system32\Tasks
2011-07-13 16:14:00 ----D---- C:\Windows\system32\catroot
2011-07-13 16:10:02 ----D---- C:\Windows\inf
2011-07-13 14:21:08 ----A---- C:\Windows\system32\mrt.exe
2011-07-08 13:41:59 ----A---- C:\Windows\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-07-04 441176]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-07-04 43608]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2007-06-15 228224]
R3 HECI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2007-03-13 44672]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-06-15 1769952]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-07-10 11008040]
R3 V0260VID;Live! Cam Vista IM; C:\Windows\system32\DRIVERS\V0260Vid.sys [2006-11-04 178913]
S1 HWiNFO32;HWiNFO32 Kernel Driver; \??\E:\HWiNFO32\HWiNFO32.SYS []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys []
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-03-13 47360]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-07-04 42184]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 129640]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-21 654848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-27 138168]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

Ještě provedeme dočištění....

Spusťte znovu HijackThis (najdete jej ve svém počítači jako C:\Program Files\trend micro\PC Popular.exe), z nabídky vyberte Do a system scan only. Po provedení skenu u následujících položek zaškrtněte políčko vlevo a klikněte na Fix Checked.

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

...a úklid (některé antiviry mohou tyto utility chybně označit za vir, pokud by se tak stalo, hlášku ignorujte, popř. antivir dočasně vypněte. Po použití utility smažte):

Stáhněte T-Cleaner. Potvrzování se provádí stisknutím A.

Stáhněte OTC, Spusťte jej a stiskněte CleanUp! Bude následovat restart.

Stáhněte TFC, spusťte jej a dejte Start.

Stáhněte CCleaner, nainstalujte a spusťte.

Na záložce Čistič stiskněte tlačítko Spustit Cleaner
Po provedení přepněte na záložku Registry, stiskněte Hledej problémy a poté Opravit vybrané problémy. Opakujte, dokud nebude po hledání problémů seznam prázdný.

VIRY.CZ

Pomale PC, fake antivir

Pomale PC, fake antivir

Re: Pomale PC, fake antivir

Re: Pomale PC, fake antivir

Re: Pomale PC, fake antivir

Re: Pomale PC, fake antivir

Re: Pomale PC, fake antivir

Re: Pomale PC, fake antivir

Re: Pomale PC, fake antivir

Re: Pomale PC, fake antivir

Re: Pomale PC, fake antivir

Re: Pomale PC, fake antivir

Re: Pomale PC, fake antivir

Re: Pomale PC, fake antivir

Re: Pomale PC, fake antivir

Re: Pomale PC, fake antivir