VIRY.CZ

Dobrý den,
v poslední době se mi při spouštění systému nepravidelně vyskytuje hláška o zaneprázdněnosti serveru s možnostmi Přepnout a Opakovat. Systém je potom celý zpomalený, dlouhou dobu trvá načtení Wi-fi signálu a internetový prohlížeč je hodně zasekaný. Velice bych prosil o pomoc.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Petr at 2011-08-08 11:20:14
Microsoft Windows 7 Professional
System drive C: has 6 GB (10%) free of 65 GB
Total RAM: 2815 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:21:08, on 8.8.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\SiS VGA Utilities\SiSTray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Petr\Desktop\RSIT.exe
C:\Program Files\trend micro\Petr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mojebanka.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Petr\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Petr\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SafeQ Client] "C:\Program Files\Y Soft\SafeQ Client\Client\SafeQ Client.exe"
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [EPSON Stylus SX200 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\Windows\TEMP\E_S896A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus SX200 Series (kopie 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\Windows\TEMP\E_SE9E2.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Unibet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\unibetpokerMPP\MPPoker.exe (file missing) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Micro Star SCM - Micro-Star Int'l Co., Ltd. - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 9445 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Driver Robot.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1393530065-2457978839-4017472629-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1393530065-2457978839-4017472629-1000UA.job
C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\vgb9yiy0.default

"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/vbp;version=0.9.17]
"Description"=Veetle Broadcaster Plugin
"Path"=C:\Program Files\Veetle\VLCBroadcast\npvbp.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2010-01-27 798771]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Users\Petr\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2009-07-14 150768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2010-01-27 798771]
{D5D47440-0750-463D-BAEF-A47D02414806}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-11-03 6265376]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2006-04-29 94208]
"SiSTray"=C:\Program Files\SiS VGA Utilities\SiSTray.exe [2008-12-29 552960]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-07-04 3493720]
"SafeQ Client"=C:\Program Files\Y Soft\SafeQ Client\Client\SafeQ Client.exe []
""= []
"MGSysCtrl"=C:\Program Files\System Control Manager\MGSysCtrl.exe [2008-11-11 708608]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2011-04-15 2216960]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"EPSON Stylus SX200 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE [2007-12-13 188928]
"EPSON Stylus SX200 Series (kopie 1)"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE [2007-12-13 188928]
"Google Update"=C:\Users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-15 136176]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-04-15 3318784]
"KiesPDLR"=C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2011-07-26 20880]
"KiesHelper"=C:\Program Files\Samsung\Kies\KiesHelper.exe [2011-07-26 958352]
"KiesTrayAgent"=C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2011-07-26 3507088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-09-20 202024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-15 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\CyberLink\PowerCinema\PCMService.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AVer HID Receiver.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
AVerQuick.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"msacm.l3codecp"=
"vidc.ffds"=C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-08-08 11:09:05 ----D---- C:\rsit
2011-08-08 11:09:05 ----D---- C:\Program Files\trend micro
2011-08-02 17:48:02 ----D---- C:\Users\Petr\AppData\Roaming\MiniLyrics
2011-08-02 17:47:58 ----D---- C:\Program Files\Minilyrics
2011-08-02 17:36:40 ----D---- C:\Program Files\EvilLyrics
2011-08-02 16:47:12 ----A---- C:\Windows\system32\drivers\sscewhnt.sys
2011-08-02 16:47:12 ----A---- C:\Windows\system32\drivers\sscewh.sys
2011-08-02 16:47:12 ----A---- C:\Windows\system32\drivers\ssceserd.sys
2011-08-02 16:47:12 ----A---- C:\Windows\system32\drivers\sscemdm.sys
2011-08-02 16:47:12 ----A---- C:\Windows\system32\drivers\sscemdfl.sys
2011-08-02 16:47:12 ----A---- C:\Windows\system32\drivers\sscecmnt.sys
2011-08-02 16:47:12 ----A---- C:\Windows\system32\drivers\sscecm.sys
2011-08-02 16:47:12 ----A---- C:\Windows\system32\drivers\sscebus.sys
2011-08-02 16:45:54 ----A---- C:\Windows\system32\dgderapi.dll
2011-08-02 16:02:04 ----D---- C:\c6a823bf4613275b5f024b566df99e
2011-08-02 15:58:44 ----D---- C:\7bb1385c75c2e54ecf6e5112
2011-08-02 15:57:27 ----D---- C:\04a487a8d5a5a29b8c7652eda7
2011-08-01 11:55:58 ----D---- C:\Program Files\PokerStars.FR
2011-07-29 12:39:27 ----D---- C:\Program Files\MarkAny
2011-07-26 17:26:48 ----A---- C:\Windows\MusiccityDownload.exe
2011-07-26 17:26:48 ----A---- C:\Windows\MASetupCaller.dll
2011-07-24 15:07:47 ----D---- C:\Program Files\SitNGo Wizard
2011-07-22 08:44:45 ----D---- C:\Users\Petr\AppData\Roaming\HEM Data
2011-07-22 08:35:10 ----D---- C:\Program Files\RVG Software
2011-07-22 08:34:59 ----D---- C:\Program Files\PSQLINSTALL
2011-07-14 13:37:58 ----D---- C:\Users\Petr\AppData\Roaming\gtk-2.0
2011-07-12 16:56:26 ----A---- C:\Windows\system32\prevhost.exe
2011-07-12 16:55:21 ----A---- C:\Windows\system32\poqexec.exe
2011-07-12 16:55:19 ----A---- C:\Windows\system32\DWrite.dll
2011-07-12 16:55:18 ----A---- C:\Windows\system32\FntCache.dll
2011-07-12 16:55:18 ----A---- C:\Windows\system32\d2d1.dll
2011-07-12 16:55:17 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-07-12 16:55:17 ----A---- C:\Windows\system32\drivers\srv.sys
2011-07-12 16:55:16 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-07-12 15:44:16 ----A---- C:\Windows\system32\mshtmled.dll
2011-07-12 15:44:15 ----A---- C:\Windows\system32\iertutil.dll
2011-07-12 15:44:14 ----A---- C:\Windows\system32\jscript9.dll
2011-07-12 15:44:14 ----A---- C:\Windows\system32\jscript.dll
2011-07-12 15:44:14 ----A---- C:\Windows\system32\ieui.dll
2011-07-12 15:44:12 ----A---- C:\Windows\system32\mshtml.dll
2011-07-12 15:44:12 ----A---- C:\Windows\system32\ieframe.dll
2011-07-12 15:44:11 ----A---- C:\Windows\system32\urlmon.dll
2011-07-12 15:40:06 ----A---- C:\Windows\system32\wcncsvc.dll
2011-07-12 15:26:01 ----A---- C:\Windows\system32\ntdll.dll
2011-07-12 15:25:46 ----A---- C:\Windows\system32\EncDec.dll
2011-07-12 15:25:46 ----A---- C:\Windows\system32\CPFilters.dll
2011-07-12 15:25:45 ----A---- C:\Windows\system32\sbe.dll
2011-07-12 15:25:43 ----A---- C:\Windows\system32\upnp.dll
2011-07-12 15:25:42 ----A---- C:\Windows\system32\msxml6.dll
2011-07-12 15:25:41 ----A---- C:\Windows\system32\msxml3.dll
2011-07-12 15:25:40 ----A---- C:\Windows\system32\wscsvc.dll
2011-07-12 15:25:40 ----A---- C:\Windows\system32\wscapi.dll
2011-07-12 15:25:40 ----A---- C:\Windows\system32\winhttp.dll
2011-07-12 15:25:40 ----A---- C:\Windows\system32\WebClnt.dll
2011-07-12 15:25:40 ----A---- C:\Windows\system32\slwga.dll
2011-07-12 15:25:40 ----A---- C:\Windows\system32\davclnt.dll
2011-07-12 15:25:36 ----A---- C:\Windows\system32\XpsPrint.dll
2011-07-12 15:25:22 ----A---- C:\Windows\system32\odbc32.dll
2011-07-12 15:24:51 ----A---- C:\Windows\system32\wmp.dll
2011-07-12 15:24:48 ----A---- C:\Windows\system32\wmploc.DLL
2011-07-12 15:24:40 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-07-12 15:24:39 ----A---- C:\Windows\system32\drivers\afd.sys
2011-07-12 14:41:57 ----A---- C:\Windows\system32\drivers\dfsc.sys
2011-07-12 14:41:56 ----A---- C:\Windows\system32\wmpmde.dll
2011-07-12 14:41:55 ----A---- C:\Windows\system32\oleaut32.dll
2011-07-12 14:41:53 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-07-12 14:41:53 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-07-12 14:41:53 ----A---- C:\Windows\system32\dnsapi.dll
2011-07-12 14:41:51 ----A---- C:\Windows\system32\win32k.sys
2011-07-12 14:41:48 ----A---- C:\Windows\system32\inetcomm.dll
2011-07-12 14:41:46 ----A---- C:\Windows\system32\atmlib.dll
2011-07-12 14:41:46 ----A---- C:\Windows\system32\atmfd.dll
2011-07-12 14:41:45 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-07-12 14:41:43 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-07-12 14:41:42 ----A---- C:\Windows\system32\mstscax.dll
2011-07-12 14:41:41 ----A---- C:\Windows\system32\mstsc.exe
2011-07-12 14:41:39 ----A---- C:\Windows\explorer.exe
2011-07-12 14:41:34 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-07-12 14:41:33 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-07-12 14:41:29 ----A---- C:\Windows\system32\kerberos.dll
2011-07-12 14:41:28 ----A---- C:\Windows\system32\d3d10_1.dll
2011-07-12 14:41:27 ----A---- C:\Windows\system32\FXSCOVER.exe
2011-07-12 14:41:25 ----A---- C:\Windows\system32\mfc42.dll
2011-07-12 14:41:24 ----A---- C:\Windows\system32\mfc42u.dll
2011-07-12 14:38:18 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2011-07-12 14:38:05 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-07-12 14:35:37 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-07-12 14:35:37 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-07-12 14:35:37 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-07-12 14:35:35 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2011-07-12 14:35:35 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-07-12 14:35:35 ----A---- C:\Windows\system32\cdd.dll
2011-07-09 10:51:37 ----A---- C:\Windows\system32\javaws.exe
2011-07-09 10:51:37 ----A---- C:\Windows\system32\javaw.exe
2011-07-09 10:51:37 ----A---- C:\Windows\system32\java.exe

======List of files/folders modified in the last 1 month======

2011-08-08 11:20:26 ----D---- C:\Windows\Temp
2011-08-08 11:09:05 ----RD---- C:\Program Files
2011-08-08 11:06:12 ----D---- C:\Windows\system32\config
2011-08-08 10:04:15 ----D---- C:\Windows
2011-08-08 10:04:14 ----D---- C:\Windows\System32
2011-08-07 14:31:40 ----D---- C:\Windows\inf
2011-08-07 14:31:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-06 21:45:18 ----D---- C:\Users\Petr\AppData\Roaming\AIMP
2011-08-05 14:43:11 ----D---- C:\ProgramData\Spyware Terminator
2011-08-02 17:48:02 ----D---- C:\Program Files\The KMPlayer
2011-08-02 16:50:09 ----D---- C:\Windows\system32\drivers
2011-08-02 16:48:44 ----D---- C:\Windows\system32\catroot
2011-08-02 16:48:43 ----D---- C:\Windows\system32\DriverStore
2011-08-02 16:47:37 ----D---- C:\Windows\system32\catroot2
2011-08-02 16:45:50 ----SHD---- C:\Windows\Installer
2011-08-02 16:45:50 ----HD---- C:\Program Files\InstallShield Installation Information
2011-08-02 16:45:22 ----D---- C:\ProgramData\Samsung
2011-08-02 16:45:10 ----D---- C:\Users\Petr\AppData\Roaming\Samsung
2011-08-01 17:29:30 ----D---- C:\Windows\rescache
2011-08-01 12:02:45 ----D---- C:\Users\Petr\AppData\Roaming\Spyware Terminator
2011-07-29 20:33:12 ----D---- C:\filmy - nové
2011-07-29 12:39:41 ----D---- C:\Windows\system32\System32
2011-07-26 17:26:54 ----A---- C:\Windows\system32\Redemption.dll
2011-07-25 13:23:54 ----D---- C:\Users\Petr\AppData\Roaming\Sony
2011-07-22 08:41:21 ----A---- C:\Program Files\hminstalllog.txt
2011-07-22 08:38:40 ----RD---- C:\Users
2011-07-21 16:55:16 ----D---- C:\Program Files\PokerStars
2011-07-20 11:48:27 ----D---- C:\Users\Petr\AppData\Roaming\vlc
2011-07-19 08:38:22 ----A---- C:\Windows\NeroDigital.ini
2011-07-13 13:05:27 ----D---- C:\Windows\Microsoft.NET
2011-07-13 13:05:06 ----RSD---- C:\Windows\assembly
2011-07-13 09:39:45 ----D---- C:\Windows\winsxs
2011-07-12 22:30:53 ----D---- C:\Windows\AppPatch
2011-07-12 22:20:41 ----A---- C:\Windows\AVerText.ini
2011-07-12 16:57:56 ----D---- C:\Program Files\QIP 2010
2011-07-12 16:49:06 ----D---- C:\Windows\Prefetch
2011-07-12 16:47:26 ----D---- C:\Program Files\Microsoft Silverlight
2011-07-12 16:46:06 ----RSD---- C:\Windows\Fonts
2011-07-12 16:46:06 ----D---- C:\Program Files\Windows Media Player
2011-07-12 16:46:06 ----D---- C:\Program Files\Internet Explorer
2011-07-12 15:56:22 ----D---- C:\ProgramData\Microsoft Help
2011-07-12 15:51:18 ----D---- C:\Windows\debug
2011-07-12 11:46:05 ----D---- C:\Trefik10
2011-07-09 10:51:51 ----D---- C:\Program Files\Common Files\Java
2011-07-09 10:51:33 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 SISAGP;SiS AGP Filter; C:\Windows\system32\DRIVERS\SISAGPX.sys [2008-04-23 58416]
R0 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2006-04-22 24320]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-07-04 441176]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-07-04 43608]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2011-04-15 142592]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2007-10-02 64128]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
R2 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2006-04-22 8064]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-10-05 1221632]
R3 ElbyDelay;ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2010-07-26 36640]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-11-03 2159384]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-09-24 47360]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-06-23 62464]
R3 SiS6350;SiS6350; C:\Windows\system32\DRIVERS\SISGRKMD.sys [2008-12-29 463872]
R3 SiSGbeLH;SiS191/SiS190 – ovladač NDIS 6.0 zařízení sítě Ethernet; C:\Windows\system32\DRIVERS\SiSGB6.sys [2009-07-14 48128]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-07-14 1068032]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S1 MpKsl7de4d905;MpKsl7de4d905; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{42B7601F-8C1E-4420-9F68-CF7841E78C19}\MpKsl7de4d905.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 AF9035BDA;GIGABYTE U7200 DVB-T Devices; C:\Windows\System32\Drivers\AF9035BDA.sys [2008-05-29 244096]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 AVerAF35;AVerMedia A867 USB DVB-T; C:\Windows\System32\Drivers\AVerAF35.sys [2010-01-29 477312]
S3 AVerIR;AVerMedia Infrared Receiver; C:\Windows\system32\DRIVERS\AVerIR.sys [2010-01-12 88576]
S3 Axtmvflt;Axesstel USB Filter Service; C:\Windows\system32\DRIVERS\Axtmvflt.sys [2007-03-22 3456]
S3 Axtmvmdm;Axesstel USB Modem; C:\Windows\system32\DRIVERS\Axtmvmdm.sys [2007-03-26 40064]
S3 Axtmvprt;Axesstel Diagnostic Port; C:\Windows\System32\Drivers\Axtmvprt.sys [2007-03-26 38784]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys []
S3 MCU3000;ASUS My Cinema U3000; C:\Windows\System32\Drivers\mcu3000.sys [2006-01-11 32768]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2009-07-14 8192]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM); C:\Windows\system32\DRIVERS\sscebus.sys [2011-07-20 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter; C:\Windows\system32\DRIVERS\sscemdfl.sys [2011-07-20 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers; C:\Windows\system32\DRIVERS\sscemdm.sys [2011-07-20 123648]
S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM); C:\Windows\system32\DRIVERS\ssceserd.sys [2011-07-20 100352]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2008-02-15 131712]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2007-11-29 36608]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2008-01-31 74240]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2008-01-22 54144]
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-10-18 41856]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-07-04 42184]
R2 AVerRemote;AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [2010-04-27 348160]
R2 AVerScheduleService;AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-12-06 397312]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2010-05-28 233472]
R2 Micro Star SCM;Micro Star SCM; C:\Program Files\System Control Manager\MSIService.exe [2008-11-05 159744]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2011-04-15 496128]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-09-28 128360]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-12-23 1343400]

-----------------EOF-----------------

Dobrý večer

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

Dobrý den,
tak hláška již byla odstraněna. Problém byl v odinstalaci klienta pro tisk ve škole. Spyware Terminator to vyřešil. Pro kontrolu posílám log z MBAM.

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 7431

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

11.8.2011 10:57:45
mbam-log-2011-08-11 (10-57-34).txt

Typ kontroly: Úplný test (C:\|D:\|E:\|)
Testované objekty: 377089
Uplynulý čas: 53 minut, 34 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 4
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 5

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CURRENT_USER\SOFTWARE\AAK8K3J4FL (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\D9Q071WKGS (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Users\Petr\AppData\Local\Opera\Opera\cache\g_0048\opr0QJ9F.tmp (Trojan.Agent) -> No action taken.
e:\Programy\nero 8.1.1.0\nero8x.exe (RiskWare.Tool.CK) -> No action taken.
e:\Programy\rgvshm.v1.11.06b1\rvg.software.holdem.manager.v1.11.06b1-crd\prog\crd.exe (TheftMarker.Crude) -> No action taken.
e:\samsung wave\Sygic\KeyGen.exe (Worm.AutoRun) -> No action taken.
c:\Windows\Tasks\{66ba574b-1e11-49b8-909c-8cc9e0e8e015}.job (Trojan.Downloader) -> No action taken.

V mbamu vše smažte.

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

Tak jsem spustil ComboFix podle navodu,ale obavam se,ze se zasekl..Ted je asi 25 minut ve fazi vyhledavani nakazenych souboru,ale nedokoncil jeste ani jednu fazi prohledavani. Je to normalni? Navic ani notas nevypada nejak zatizen..

Když tak restartujte pc a zkuste to v nouzovém režimu.

Bohužel pořád stejný problém - CF rozjedu, ale prostě nezačne sken. Navíc se ta hláška zase začala objevovat po spuštění pc... Máte prosím nějaký jiný nápad? Moc děkuju za pomoc.

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript: - zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

OTL logfile created on: 12.8.2011 21:29:47 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Petr\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,75 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 53,96% Memory free
2,75 Gb Paging File | 1,53 Gb Available in Paging File | 55,53% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 63,50 Gb Total Space | 10,17 Gb Free Space | 16,01% Space Free | Partition Type: NTFS
Drive D: | 7,76 Gb Total Space | 4,53 Gb Free Space | 58,36% Space Free | Partition Type: NTFS
Drive E: | 161,62 Gb Total Space | 9,02 Gb Free Space | 5,58% Space Free | Partition Type: NTFS

Computer Name: PETR-PC | User Name: Petr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.08.12 21:27:53 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Petr\Desktop\OTL.exe
PRC - [2011.07.26 20:23:16 | 003,507,088 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011.07.04 13:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.07.04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011.06.30 11:16:13 | 000,947,056 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2011.04.15 09:43:50 | 003,318,784 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2011.04.15 09:43:50 | 002,216,960 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
PRC - [2011.04.15 09:43:50 | 000,496,128 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.05.28 08:25:04 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010.04.27 12:02:50 | 000,348,160 | R--- | M] (AVerMedia) -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
PRC - [2010.03.03 07:11:15 | 000,651,264 | R--- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
PRC - [2010.01.05 13:43:41 | 000,155,648 | R--- | M] () -- C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
PRC - [2009.12.06 17:13:14 | 000,397,312 | R--- | M] () -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.01.08 07:36:42 | 002,521,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
PRC - [2008.12.29 15:32:08 | 000,552,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\Program Files\SiS VGA Utilities\SiSTray.exe
PRC - [2008.11.11 19:02:14 | 000,708,608 | ---- | M] (Mirco-Star International CO., LTD.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2008.11.05 10:21:04 | 000,159,744 | ---- | M] (Micro-Star Int'l Co., Ltd.) -- C:\Program Files\System Control Manager\MSIService.exe
PRC - [2008.11.03 13:40:52 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.10.15 17:25:28 | 000,756,736 | ---- | M] (Dominik Reichl) -- E:\Programy\KeePass\KeePass.exe
PRC - [2008.02.22 10:04:42 | 002,938,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008.01.22 20:13:08 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2007.10.29 14:30:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007.10.04 18:39:42 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2007.09.28 16:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007.09.28 16:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe


========== Modules (SafeList) ==========

MOD - [2011.08.12 21:27:53 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Petr\Desktop\OTL.exe
MOD - [2011.07.04 13:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - [2011.07.04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.04.15 09:43:50 | 000,496,128 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2010.12.23 11:23:16 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.05.28 08:25:04 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.04.27 12:02:50 | 000,348,160 | R--- | M] (AVerMedia) [Auto | Running] -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2009.12.06 17:13:14 | 000,397,312 | R--- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.11.05 10:21:04 | 000,159,744 | ---- | M] (Micro-Star Int'l Co., Ltd.) [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2007.09.28 16:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)


========== Driver Services (SafeList) ==========

DRV - [2011.07.20 09:46:06 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2011.07.20 09:46:06 | 000,100,352 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssceserd.sys -- (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM)
DRV - [2011.07.20 09:46:06 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV - [2011.07.20 09:46:06 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2011.07.04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.07.04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.07.04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.07.04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.07.04 13:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.07.04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.04.15 09:43:50 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2010.07.26 15:15:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.01.29 08:54:54 | 000,477,312 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerAF35.sys -- (AVerAF35)
DRV - [2010.01.12 14:29:38 | 000,088,576 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerIR.sys -- (AVerIR)
DRV - [2009.10.05 17:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009.07.14 00:02:53 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2008.12.29 15:24:52 | 000,463,872 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350)
DRV - [2008.05.29 15:39:42 | 000,244,096 | ---- | M] (AfaTech ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF9035BDA.sys -- (AF9035BDA)
DRV - [2008.04.23 11:21:08 | 000,058,416 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2008.02.15 15:01:06 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008.01.31 15:55:06 | 000,074,240 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008.01.22 20:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2007.11.29 09:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007.10.18 14:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007.10.02 11:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007.03.26 15:25:50 | 000,038,784 | ---- | M] (Axesstel) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Axtmvprt.sys -- (Axtmvprt)
DRV - [2007.03.26 15:25:30 | 000,040,064 | ---- | M] (Axesstel) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Axtmvmdm.sys -- (Axtmvmdm)
DRV - [2007.03.22 17:36:38 | 000,003,456 | ---- | M] (Axesstel) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Axtmvflt.sys -- (Axtmvflt)
DRV - [2006.10.10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2006.01.11 11:38:38 | 000,032,768 | ---- | M] (ASUS COMPUTER INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mcu3000.sys -- (MCU3000)
DRV - [2005.04.12 10:41:20 | 000,004,608 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2005.01.07 05:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1393530065-2457978839-4017472629-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
IE - HKU\S-1-5-21-1393530065-2457978839-4017472629-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1393530065-2457978839-4017472629-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
IE - HKU\S-1-5-21-1393530065-2457978839-4017472629-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-1393530065-2457978839-4017472629-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mojebanka.cz/
IE - HKU\S-1-5-21-1393530065-2457978839-4017472629-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1393530065-2457978839-4017472629-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1393530065-2457978839-4017472629-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1393530065-2457978839-4017472629-1000\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Petr\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\S-1-5-21-1393530065-2457978839-4017472629-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Petr\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Petr\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011.08.08 10:04:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.26 08:14:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011.05.19 12:48:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Petr\AppData\Roaming\Mozilla\Extensions
[2011.05.19 12:48:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2011.05.19 12:48:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Petr\AppData\Roaming\Mozilla\SeaMonkey\Profiles\y3h7i4zl.default\extensions
[2011.07.09 10:51:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.07.09 10:51:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011.08.08 10:04:16 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2011.04.14 18:38:52 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2010.01.01 10:00:00 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2010.01.01 10:00:00 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2010.01.01 10:00:00 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2010.01.01 10:00:00 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.05.19 12:33:22 | 000,335,315 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
O1 - Hosts: 11487 more lines...
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Petr\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - No CLSID value found.
O3 - HKU\S-1-5-21-1393530065-2457978839-4017472629-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-1393530065-2457978839-4017472629-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SiSTray] C:\Program Files\SiS VGA Utilities\SiSTray.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKU\S-1-5-21-1393530065-2457978839-4017472629-1000..\Run: [EPSON Stylus SX200 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1393530065-2457978839-4017472629-1000..\Run: [EPSON Stylus SX200 Series (kopie 1)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1393530065-2457978839-4017472629-1000..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-1393530065-2457978839-4017472629-1000..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-1393530065-2457978839-4017472629-1000..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-1393530065-2457978839-4017472629-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-1393530065-2457978839-4017472629-1000..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1393530065-2457978839-4017472629-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra Button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - File not found
O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b419dbe3-cea6-11de-bdcd-002185dd4ee4}\Shell - "" = AutoRun
O33 - MountPoints2\{b419dbe3-cea6-11de-bdcd-002185dd4ee4}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\{d1a10fb1-abaf-11df-899c-002185dd4ee4}\Shell - "" = AutoRun
O33 - MountPoints2\{d1a10fb1-abaf-11df-899c-002185dd4ee4}\Shell\AutoRun\command - "" = I:\ICM_ML.exe
O33 - MountPoints2\{f290eb21-a8d7-11de-a413-002185dd4ee4}\Shell - "" = AutoRun
O33 - MountPoints2\{f290eb21-a8d7-11de-a413-002185dd4ee4}\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011.08.12 21:27:47 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Petr\Desktop\OTL.exe
[2011.08.12 08:13:14 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011.08.11 14:52:00 | 000,000,000 | ---D | C] -- C:\Users\Petr\Desktop\Víden
[2011.08.11 12:30:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.08.11 12:30:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.08.11 12:28:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.08.11 12:28:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.08.11 12:18:57 | 004,170,216 | R--- | C] (Swearware) -- C:\Users\Petr\Desktop\ComboFix.exe
[2011.08.11 09:59:56 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Roaming\Malwarebytes
[2011.08.11 09:59:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.11 09:59:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.11 09:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.11 09:59:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.11 09:59:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.08 11:09:05 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.08.08 11:09:05 | 000,000,000 | ---D | C] -- C:\rsit
[2011.08.02 17:48:02 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Roaming\MiniLyrics
[2011.08.02 17:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniLyrics
[2011.08.02 17:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\Minilyrics
[2011.08.02 17:36:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EvilLyrics
[2011.08.02 17:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\EvilLyrics
[2011.08.02 16:47:12 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscemdm.sys
[2011.08.02 16:47:12 | 000,100,352 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssceserd.sys
[2011.08.02 16:47:12 | 000,098,560 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscebus.sys
[2011.08.02 16:47:12 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscemdfl.sys
[2011.08.02 16:47:12 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscecmnt.sys
[2011.08.02 16:47:12 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscecm.sys
[2011.08.02 16:47:12 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscewhnt.sys
[2011.08.02 16:47:12 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscewh.sys
[2011.08.02 16:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2011.08.02 16:45:54 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2011.08.02 16:44:04 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\Downloaded Installations
[2011.08.02 16:02:04 | 000,000,000 | -H-D | C] -- C:\c6a823bf4613275b5f024b566df99e
[2011.08.02 15:58:44 | 000,000,000 | -H-D | C] -- C:\7bb1385c75c2e54ecf6e5112
[2011.08.02 15:57:27 | 000,000,000 | -H-D | C] -- C:\04a487a8d5a5a29b8c7652eda7
[2011.08.01 11:56:25 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\PokerStars.FR
[2011.08.01 11:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars.FR
[2011.07.31 10:33:25 | 000,000,000 | ---D | C] -- C:\Users\Petr\Desktop\casopis ACCA
[2011.07.30 15:59:51 | 000,000,000 | ---D | C] -- C:\Users\Petr\Desktop\ACCA
[2011.07.29 12:39:27 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2011.07.26 18:29:56 | 000,000,000 | ---D | C] -- C:\Users\Petr\Desktop\Incubus - If Not Now, When (2011)
[2011.07.26 17:26:48 | 000,325,552 | ---- | C] ((주)마크애니) -- C:\Windows\MASetupCaller.dll
[2011.07.26 17:26:48 | 000,090,112 | ---- | C] ((주)마크애니) -- C:\Windows\MAMCityDownload.ocx
[2011.07.26 15:16:36 | 000,000,000 | ---D | C] -- C:\Users\Petr\Desktop\amy-winehouse-back-to-black-deluxe-edition
[2011.07.24 15:08:42 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\In_The_Money_LLC
[2011.07.24 15:07:49 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SitNGo Wizard
[2011.07.24 15:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\SitNGo Wizard
[2011.07.22 15:07:20 | 000,000,000 | ---D | C] -- C:\Users\Petr\Desktop\Green-Day.Awesome-As-Fuck.2011
[2011.07.22 14:53:38 | 000,000,000 | ---D | C] -- C:\Users\Petr\Desktop\wohnout-nasim-klientum-2011
[2011.07.22 08:44:53 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\In The Money
[2011.07.22 08:44:45 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Roaming\HEM Data
[2011.07.22 08:35:10 | 000,000,000 | ---D | C] -- C:\Program Files\RVG Software
[2011.07.22 08:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\PSQLINSTALL
[2011.07.21 17:22:37 | 000,000,000 | ---D | C] -- C:\Users\Petr\Desktop\adele-21-2011
[2011.07.21 16:55:21 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\PokerStars
[2011.07.16 12:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.07.14 13:37:58 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Roaming\gtk-2.0
[2009.09.24 10:10:07 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Petr\AppData\Roaming\pcouffin.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Petr\Desktop\*.tmp files -> C:\Users\Petr\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.08.12 21:31:10 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.08.12 21:27:53 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Petr\Desktop\OTL.exe
[2011.08.12 20:54:02 | 000,000,958 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1393530065-2457978839-4017472629-1000UA.job
[2011.08.12 15:23:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.12 12:54:04 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1393530065-2457978839-4017472629-1000Core.job
[2011.08.12 08:26:10 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.12 08:26:10 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.12 08:16:58 | 2214,092,800 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.12 08:08:17 | 004,170,216 | R--- | M] (Swearware) -- C:\Users\Petr\Desktop\ComboFix.exe
[2011.08.11 15:22:52 | 000,000,120 | ---- | M] () -- C:\Windows\System32\~.inf
[2011.08.11 12:14:38 | 000,622,660 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2011.08.11 12:14:38 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.11 12:14:38 | 000,118,810 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2011.08.11 12:14:38 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.08 13:05:38 | 000,147,432 | ---- | M] () -- C:\Users\Petr\Desktop\kupon_standardni.jpeg
[2011.08.08 10:04:17 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011.08.07 15:55:06 | 952,975,162 | ---- | M] () -- C:\Users\Petr\Desktop\parba-v-bangkoku-novinky-cz-tit.avi
[2011.08.07 15:54:29 | 886,966,272 | ---- | M] () -- C:\Users\Petr\Desktop\just-go-with-it-2011-brrip-xvid-cz-leaders.avi
[2011.08.07 15:48:32 | 733,743,569 | ---- | M] () -- C:\Users\Petr\Desktop\bad-teacher-super-kvalita-vloz-titulky.avi
[2011.08.04 08:57:16 | 000,005,722 | ---- | M] () -- C:\Windows\System32\GREEN DAY - 21st Century Breakdown (Album Version).lrc
[2011.08.01 12:08:43 | 000,107,141 | ---- | M] () -- C:\Users\Petr\Desktop\voucher-846071.pdf
[2011.08.01 12:08:25 | 000,107,141 | ---- | M] () -- C:\Users\Petr\Desktop\voucher-846070.pdf
[2011.07.27 19:04:30 | 924,563,460 | ---- | M] () -- C:\Users\Petr\Desktop\50.mpg
[2011.07.26 17:26:54 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2011.07.26 17:26:48 | 000,325,552 | ---- | M] ((주)마크애니) -- C:\Windows\MASetupCaller.dll
[2011.07.26 17:26:48 | 000,090,112 | ---- | M] ((주)마크애니) -- C:\Windows\MAMCityDownload.ocx
[2011.07.26 17:26:48 | 000,030,568 | ---- | M] () -- C:\Windows\MusiccityDownload.exe
[2011.07.26 17:26:44 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2011.07.25 21:10:25 | 000,054,520 | ---- | M] () -- C:\Users\Petr\Desktop\50.vf
[2011.07.25 20:59:00 | 000,054,520 | ---- | M] () -- C:\Users\Petr\Desktop\50.vf.bak
[2011.07.20 09:46:06 | 000,123,648 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\sscemdm.sys
[2011.07.20 09:46:06 | 000,100,352 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\ssceserd.sys
[2011.07.20 09:46:06 | 000,098,560 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\sscebus.sys
[2011.07.20 09:46:06 | 000,014,848 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\sscemdfl.sys
[2011.07.20 09:46:06 | 000,012,416 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\sscecmnt.sys
[2011.07.20 09:46:06 | 000,012,416 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\sscecm.sys
[2011.07.20 09:46:06 | 000,012,288 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\sscewhnt.sys
[2011.07.20 09:46:06 | 000,012,288 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\sscewh.sys
[2011.07.19 08:38:22 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.07.14 13:40:18 | 000,003,398 | ---- | M] () -- C:\Users\Petr\.recently-used.xbel
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Petr\Desktop\*.tmp files -> C:\Users\Petr\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.08.12 21:31:10 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.08.11 15:20:47 | 000,000,120 | ---- | C] () -- C:\Windows\System32\~.inf
[2011.08.11 12:30:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.08.11 12:30:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.08.11 12:30:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.08.11 12:30:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.08.11 12:30:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.08.08 13:05:37 | 000,147,432 | ---- | C] () -- C:\Users\Petr\Desktop\kupon_standardni.jpeg
[2011.08.07 15:16:31 | 886,966,272 | ---- | C] () -- C:\Users\Petr\Desktop\just-go-with-it-2011-brrip-xvid-cz-leaders.avi
[2011.08.07 15:13:09 | 952,975,162 | ---- | C] () -- C:\Users\Petr\Desktop\parba-v-bangkoku-novinky-cz-tit.avi
[2011.08.07 15:11:37 | 733,743,569 | ---- | C] () -- C:\Users\Petr\Desktop\bad-teacher-super-kvalita-vloz-titulky.avi
[2011.08.07 12:37:43 | 733,966,336 | ---- | C] () -- C:\Users\Petr\Desktop\ruzovy-panter-1-cz-dabing.avi
[2011.08.04 08:53:47 | 000,005,722 | ---- | C] () -- C:\Windows\System32\GREEN DAY - 21st Century Breakdown (Album Version).lrc
[2011.08.01 12:08:42 | 000,107,141 | ---- | C] () -- C:\Users\Petr\Desktop\voucher-846071.pdf
[2011.08.01 12:08:24 | 000,107,141 | ---- | C] () -- C:\Users\Petr\Desktop\voucher-846070.pdf
[2011.07.27 17:10:20 | 924,563,460 | ---- | C] () -- C:\Users\Petr\Desktop\50.mpg
[2011.07.26 17:26:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.07.25 14:12:35 | 000,054,520 | ---- | C] () -- C:\Users\Petr\Desktop\50.vf.bak
[2011.07.25 14:12:35 | 000,054,520 | ---- | C] () -- C:\Users\Petr\Desktop\50.vf
[2011.07.14 13:40:18 | 000,003,398 | ---- | C] () -- C:\Users\Petr\.recently-used.xbel
[2011.05.19 21:29:11 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2011.05.14 22:00:04 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.05.03 09:22:08 | 000,000,045 | ---- | C] () -- C:\Users\Petr\AppData\Local\machpro.dat
[2011.04.15 09:43:50 | 000,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011.04.09 13:46:54 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.03.22 17:30:13 | 000,000,064 | ---- | C] () -- C:\Windows\AVerText.ini
[2011.03.22 16:55:45 | 000,049,152 | R--- | C] () -- C:\Windows\System32\AVerIO.dll
[2011.03.22 16:55:45 | 000,003,456 | R--- | C] () -- C:\Windows\System32\AVerIO.sys
[2011.03.22 16:55:31 | 000,606,208 | R--- | C] () -- C:\Windows\System32\sptlib21.dll
[2011.03.22 16:55:31 | 000,311,296 | R--- | C] () -- C:\Windows\System32\sptlib01.dll
[2011.03.22 16:55:31 | 000,294,912 | R--- | C] () -- C:\Windows\System32\sptlib11.dll
[2011.03.22 16:55:31 | 000,290,816 | R--- | C] () -- C:\Windows\System32\sptlib22.dll
[2011.03.22 16:55:31 | 000,249,856 | R--- | C] () -- C:\Windows\System32\sptlib03.dll
[2011.03.22 16:55:31 | 000,225,280 | R--- | C] () -- C:\Windows\System32\sptlib02.dll
[2011.03.22 16:55:31 | 000,135,168 | R--- | C] () -- C:\Windows\System32\sptlib12.dll
[2011.03.17 20:57:04 | 000,000,000 | ---- | C] () -- C:\Windows\Viewer.INI
[2011.02.15 09:55:20 | 000,009,216 | ---- | C] () -- C:\Users\Petr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.01.29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.01.29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.01.29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.11.01 10:17:32 | 000,001,228 | ---- | C] () -- C:\Windows\ricdb.ini
[2010.11.01 10:09:16 | 002,355,200 | ---- | C] () -- C:\Windows\System32\SAFEQVS.DLL
[2010.11.01 10:09:16 | 000,421,888 | ---- | C] () -- C:\Windows\System32\SafeQCairoLib.DLL
[2010.11.01 10:09:16 | 000,131,072 | ---- | C] () -- C:\Windows\System32\SAFEQUI.DLL
[2010.09.03 12:13:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.08.20 19:25:58 | 000,003,376 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.08.20 19:12:43 | 000,001,264 | ---- | C] () -- C:\ProgramData\ss.ini
[2010.06.30 15:47:19 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.06.30 15:47:19 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.06.09 09:13:07 | 000,053,248 | ---- | C] () -- C:\Windows\System32\quick32.dll
[2010.05.02 10:51:49 | 000,430,080 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
[2010.04.06 17:33:32 | 000,014,694 | ---- | C] () -- C:\Windows\System32\Main.ini
[2010.02.08 20:42:30 | 000,138,056 | ---- | C] () -- C:\Users\Petr\AppData\Roaming\PnkBstrK.sys
[2010.01.27 19:53:06 | 000,000,034 | ---- | C] () -- C:\Windows\WTRDCTM.INI
[2009.12.19 23:21:33 | 000,000,040 | ---- | C] () -- C:\Windows\ujf635.bin
[2009.11.11 12:28:15 | 000,000,480 | ---- | C] () -- C:\Windows\eReg.dat
[2009.10.24 14:21:12 | 000,000,097 | ---- | C] () -- C:\Windows\WirelessFTP.INI
[2009.10.18 13:18:23 | 000,000,122 | ---- | C] () -- C:\Windows\WA.INI
[2009.10.07 16:04:14 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2009.10.01 10:07:40 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2009.09.29 15:43:08 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.09.28 18:06:44 | 000,000,224 | ---- | C] () -- C:\Users\Petr\AppData\Roaming\APUSet.xml
[2009.09.28 18:06:36 | 000,006,307 | ---- | C] () -- C:\Users\Petr\AppData\Roaming\PrimoPDFSet.xml
[2009.09.27 11:48:25 | 000,007,601 | ---- | C] () -- C:\Users\Petr\AppData\Local\resmon.resmoncfg
[2009.09.24 14:05:03 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009.09.24 14:05:03 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009.09.24 14:05:03 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009.09.24 14:05:03 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009.09.24 14:05:03 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009.09.24 14:05:03 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009.09.24 14:05:03 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009.09.24 14:05:03 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009.09.24 14:05:03 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009.09.24 14:05:03 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009.09.24 14:05:03 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009.09.24 14:05:03 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009.09.24 14:05:03 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009.09.24 14:05:03 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009.09.24 14:05:03 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009.09.24 14:05:03 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009.09.24 14:05:03 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009.09.24 14:05:03 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009.09.24 14:05:03 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009.09.24 14:03:06 | 000,000,025 | ---- | C] () -- C:\Windows\CDE SX200DEFGIPS.ini
[2009.09.24 10:10:42 | 000,000,671 | ---- | C] () -- C:\Users\Petr\AppData\Roaming\vso_ts_preview.xml
[2009.09.24 10:10:07 | 000,087,608 | ---- | C] () -- C:\Users\Petr\AppData\Roaming\inst.exe
[2009.09.24 10:10:07 | 000,007,887 | ---- | C] () -- C:\Users\Petr\AppData\Roaming\pcouffin.cat
[2009.09.24 10:10:07 | 000,001,144 | ---- | C] () -- C:\Users\Petr\AppData\Roaming\pcouffin.inf
[2009.09.24 10:00:17 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2009.09.24 09:56:24 | 000,000,283 | ---- | C] () -- C:\Windows\wcx_ftp.ini
[2009.09.24 09:53:02 | 000,002,036 | ---- | C] () -- C:\Windows\WINCMD.INI
[2009.09.24 09:48:58 | 000,000,384 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.07.14 10:44:22 | 000,622,660 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2009.07.14 10:44:22 | 000,292,004 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2009.07.14 10:44:22 | 000,118,810 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2009.07.14 10:44:22 | 000,036,232 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,351,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,607,190 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,103,568 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.02.01 01:52:50 | 000,000,049 | ---- | C] () -- C:\Users\Petr\AppData\Roaming\register.bat
[2008.05.26 12:36:20 | 000,000,196 | ---- | C] () -- C:\Windows\System32\af15irtbl.bin
[2007.12.21 16:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2005.07.22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2011.08.11 14:57:56 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\AIMP
[2009.11.03 15:28:23 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\EPSON
[2011.04.07 16:25:26 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\GHISLER
[2011.07.14 13:39:20 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\gtk-2.0
[2011.07.22 08:44:45 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\HEM Data
[2010.09.03 12:09:49 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\JonDo
[2011.02.15 15:51:01 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Jurecek Radek
[2011.03.20 12:44:51 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\LangSoft
[2011.08.11 14:52:46 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\MiniLyrics
[2010.07.01 13:42:13 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Mp3tag
[2011.05.27 07:43:19 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Opera
[2011.07.05 10:19:54 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Publish Providers
[2010.12.22 14:18:34 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\QIP
[2011.03.17 22:02:13 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Rovio
[2011.08.02 16:45:10 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Samsung
[2011.07.25 13:23:54 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Sony
[2011.08.11 10:32:04 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Spyware Terminator
[2011.05.22 21:21:09 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Toshiba
[2010.10.06 17:23:21 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\VirtuaWin
[2011.06.21 17:29:23 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Vso
[2011.03.20 11:57:05 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Winsplit Revolution
[2011.07.03 09:07:03 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2011.05.30 14:03:19 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"RocketDock" = "C:\Program Files\RocketDock\RocketDock.exe" -- [2007.09.02 13:58:52 | 000,495,616 | ---- | M] ()
"EPSON Stylus SX200 Series" = C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\Windows\TEMP\E_S896A.tmp" /EF "HKCU" -- [2007.12.13 08:00:00 | 000,188,928 | ---- | M] (SEIKO EPSON CORPORATION)
"EPSON Stylus SX200 Series (kopie 1)" = C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\Windows\TEMP\E_SE9E2.tmp" /EF "HKCU" -- [2007.12.13 08:00:00 | 000,188,928 | ---- | M] (SEIKO EPSON CORPORATION)
"Google Update" = "C:\Users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2011.04.15 09:11:27 | 000,136,176 | ---- | M] (Google Inc.)
"SpywareTerminatorUpdate" = "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" -- [2011.04.15 09:43:50 | 003,318,784 | ---- | M] (Crawler.com)
"KiesPDLR" = C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe -- [2011.07.26 20:23:24 | 000,020,880 | ---- | M] ()
"KiesHelper" = C:\Program Files\Samsung\Kies\KiesHelper.exe /s -- [2011.07.26 20:23:14 | 000,958,352 | ---- | M] (Samsung)
"KiesTrayAgent" = C:\Program Files\Samsung\Kies\KiesTrayAgent.exe -- [2011.07.26 20:23:16 | 003,507,088 | ---- | M] (Samsung Electronics Co., Ltd.)

< >


< MD5 for: AGP440.SYS >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\System32\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: CSRSS.EXE >
[2009.07.14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe
[2009.07.14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: FASTFAT.SYS >
[2009.07.14 01:14:02 | 000,148,480 | ---- | M] (Microsoft Corporation) MD5=7E0AB74553476622FB6AE36F73D97D35 -- C:\Windows\System32\drivers\fastfat.sys
[2009.07.14 01:14:02 | 000,148,480 | ---- | M] (Microsoft Corporation) MD5=7E0AB74553476622FB6AE36F73D97D35 -- C:\Windows\winsxs\x86_microsoft-windows-fat_31bf3856ad364e35_6.1.7600.16385_none_ae8981a3b8b7be50\fastfat.sys

< MD5 for: HAL.DLL >
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: IASTORV.SYS >
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\isapnp.sys
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\System32\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009.07.14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NTFS.SYS >
[2009.07.14 03:20:44 | 001,210,432 | ---- | M] (Microsoft Corporation) MD5=3795DCD21F740EE799FB7223234215AF -- C:\Windows\System32\drivers\ntfs.sys
[2009.07.14 03:20:44 | 001,210,432 | ---- | M] (Microsoft Corporation) MD5=3795DCD21F740EE799FB7223234215AF -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_a6477fe07e3f2f04\ntfs.sys

< MD5 for: NVRAID.SYS >
[2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\drivers\nvraid.sys
[2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SMSS.EXE >
[2009.07.14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\System32\smss.exe
[2009.07.14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe

< MD5 for: SPOOLSV.EXE >
[2010.08.20 06:25:14 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=2FB4CE429488156B19C0D8E5C4552043 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_d6ab9bc23bf9f1c6\spoolsv.exe
[2009.07.14 03:14:41 | 000,316,416 | ---- | M] (Microsoft Corporation) MD5=49B6DD6AB3715B7A67965F17194E98A9 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_d621f94522dc5a87\spoolsv.exe
[2010.08.21 07:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\System32\spoolsv.exe
[2010.08.21 07:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_d6339da722cfb4be\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2011.04.25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\System32\drivers\tcpip.sys
[2011.04.25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011.04.25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010.04.09 09:16:33 | 001,289,096 | ---- | M] (Microsoft Corporation) MD5=5D6A83E928F22AF5AC9868B162FFAD0D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_b38009a0e0d5a32d\tcpip.sys
[2010.04.09 09:24:54 | 001,285,000 | ---- | M] (Microsoft Corporation) MD5=63170B9EE1D0EF0032F0408605671D1A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_b30e0d41c7a5fe2f\tcpip.sys
[2011.04.25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2011.04.25 06:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2010.06.14 08:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2010.06.14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< >

< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2009.07.14 03:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2003.06.19 01:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2006.10.26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009.07.14 03:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll
[2007.12.10 02:00:00 | 000,057,344 | ---- | M] (Zenographics, Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\ZIMFPRNT.DLL
[2009.07.14 10:43:31 | 000,003,584 | ---- | M] (Lexmark International Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\cs-CZ\LXKPTPRC.DLL.mui

< %systemroot%\system32\drivers\*.sys /5 >

< %systemroot%\system32\drivers\*.sys /X >
[2009.06.10 23:14:29 | 003,440,660 | ---- | M] () -- C:\Windows\system32\drivers\gm.dls
[2009.06.10 23:14:29 | 000,000,646 | ---- | M] () -- C:\Windows\system32\drivers\gmreadme.txt
[2009.06.10 23:27:38 | 000,000,003 | ---- | M] () -- C:\Windows\system32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2010.06.30 16:17:22 | 000,000,000 | -H-- | M] () -- C:\Windows\system32\drivers\Msft_User_wpdcomp_01_09_00.Wdf
[2009.09.22 17:43:31 | 000,000,000 | -H-- | M] () -- C:\Windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.06.30 16:17:06 | 000,000,000 | -H-- | M] () -- C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.* /5 >
[2011.08.12 08:26:10 | 000,013,472 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.12 08:26:10 | 000,013,472 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.08 10:04:17 | 000,002,577 | ---- | M] () -- C:\Windows\system32\config.nt
[2011.08.11 12:14:38 | 000,118,810 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2011.08.11 12:14:38 | 000,103,568 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2011.08.11 12:14:38 | 000,622,660 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2011.08.11 12:14:38 | 000,607,190 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2011.08.11 12:14:38 | 001,445,734 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
[2011.08.11 15:22:52 | 000,000,120 | ---- | M] () -- C:\Windows\system32\~.inf
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\config\*.sav >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\*.* /U /s >
[8 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\2a55dd73fc65c85fb8c29bb88aac7b3d\*.tmp files -> C:\Windows\SoftwareDistribution\Download\2a55dd73fc65c85fb8c29bb88aac7b3d\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\7f537f1f28562eb9d29806f08f28c53a\*.tmp files -> C:\Windows\SoftwareDistribution\Download\7f537f1f28562eb9d29806f08f28c53a\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\a8e5866724b420cc72d749678d178662\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a8e5866724b420cc72d749678d178662\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\aac317a7404906b4aa1a1671639c7933\*.tmp files -> C:\Windows\SoftwareDistribution\Download\aac317a7404906b4aa1a1671639c7933\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %ALLUSERSPROFILE%\Data Aplikací\*.* >

< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.* >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s >

< %APPDATA%\*. >
[2010.05.10 17:11:00 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Adobe
[2011.08.11 14:57:56 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\AIMP
[2009.12.23 13:38:38 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\dvdcss
[2009.11.03 15:28:23 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\EPSON
[2011.04.07 16:25:26 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\GHISLER
[2011.07.14 13:39:20 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\gtk-2.0
[2011.07.22 08:44:45 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\HEM Data
[2009.09.22 17:56:21 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Identities
[2011.03.14 11:29:14 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\InstallShield
[2010.09.03 12:09:49 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\JonDo
[2011.02.15 15:51:01 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Jurecek Radek
[2011.03.20 12:44:51 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\LangSoft
[2009.09.24 08:39:43 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Macromedia
[2011.08.11 09:59:56 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Malwarebytes
[2009.07.14 11:20:15 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Media Center Programs
[2010.09.16 21:27:18 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Media Player Classic
[2011.05.19 21:11:04 | 000,000,000 | --SD | M] -- C:\Users\Petr\AppData\Roaming\Microsoft
[2011.08.11 14:52:46 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\MiniLyrics
[2011.05.26 09:01:17 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Mozilla
[2011.04.20 10:06:07 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Mozilla-Cache
[2010.07.01 13:42:13 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Mp3tag
[2009.10.17 14:51:32 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Nero
[2011.05.27 07:43:19 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Opera
[2011.07.05 10:19:54 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Publish Providers
[2010.12.22 14:18:34 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\QIP
[2011.03.17 22:02:13 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Rovio
[2011.08.02 16:45:10 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Samsung
[2011.05.31 07:38:11 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Skype
[2011.05.31 07:37:08 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\skypePM
[2011.07.25 13:23:54 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Sony
[2011.08.11 10:32:04 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Spyware Terminator
[2011.05.22 21:21:09 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Toshiba
[2010.10.06 17:23:21 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\VirtuaWin
[2011.07.20 11:48:27 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\vlc
[2011.06.21 17:29:23 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Vso
[2011.03.20 11:57:05 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Winsplit Revolution

< %APPDATA%\*.* >
[2009.09.28 18:06:51 | 000,000,224 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\APUSet.xml
[2009.09.24 10:10:07 | 000,087,608 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\inst.exe
[2009.09.24 10:10:07 | 000,007,887 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\pcouffin.cat
[2009.09.24 10:10:07 | 000,001,144 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\pcouffin.inf
[2009.09.24 10:10:33 | 000,000,034 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\pcouffin.log
[2009.09.24 10:10:07 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Petr\AppData\Roaming\pcouffin.sys
[2010.02.08 20:42:30 | 000,138,056 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\PnkBstrK.sys
[2010.04.12 11:24:45 | 000,006,307 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\PrimoPDFSet.xml
[2009.02.01 01:52:50 | 000,000,049 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\register.bat
[2011.06.21 17:29:23 | 000,000,671 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\vso_ts_preview.xml

< %APPDATA%\*.exe /s >
[2009.09.24 10:10:07 | 000,087,608 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\inst.exe
[2011.02.15 15:50:41 | 000,709,138 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\Jurecek Radek\RJ Tools E2007\unins000.exe
[2011.01.31 03:01:42 | 087,340,080 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe

< %SYSTEMDRIVE%\*.exe >

< >

< >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-12 14:59:02

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s >
"JobInactivityTimeout" = 7776000
"JobMinimumRetryDelay" = 600
"JobNoProgressTimeout" = 1209600
"LogFileFlags" = 0
"LogFileMinMemory" = 120
"LogFileSize" = 1
"TimeQuantaLength" = 300
"UseLmCompat" = 2
"IGDSearcherDLL" = bitsigd.dll -- [2009.07.14 03:14:59 | 000,039,936 | ---- | M] (Microsoft Corporation)
"StateIndex" = 1

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.08.12 21:31:10 | 000,000,512 | ---- | M] () MD5=428429E1E3B00D31C2E36F1332CBF0A3 -- C:\PhysicalMBR.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 6144 bytes -> C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT

< End of report >

OTL Extras logfile created on: 12.8.2011 21:29:47 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Petr\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,75 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 53,96% Memory free
2,75 Gb Paging File | 1,53 Gb Available in Paging File | 55,53% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 63,50 Gb Total Space | 10,17 Gb Free Space | 16,01% Space Free | Partition Type: NTFS
Drive D: | 7,76 Gb Total Space | 4,53 Gb Free Space | 58,36% Space Free | Partition Type: NTFS
Drive E: | 161,62 Gb Total Space | 9,02 Gb Free Space | 5,58% Space Free | Partition Type: NTFS

Computer Name: PETR-PC | User Name: Petr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-1393530065-2457978839-4017472629-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3E38250B-AEEE-4D75-B93E-A261E30C27C4}" = AGT Pro
"{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}" = Vegas Movie Studio HD Platinum 10.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CFFAEC0-1F2A-4D38-8D95-3995A936ADD9}" = NetWorkingWizard_ICM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F8A555E-F2E1-415D-AD8A-67C0A7671029}" = Nero 8
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.4.106c
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92C41B26-EBC5-41C5-8B6F-E3EF7E57FF16}" = AVerMedia Applications
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1029-7B44-A91000000001}" = Adobe Reader 9.1 - Czech
"{BE1A2C04-6F14-4A16-B290-003769418AD9}" = ROUTE 66 Sync
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIMP2" = AIMP2
"AMP WinOFF" = AMP WinOFF
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"AVerMedia A867 USB DVB-T" = AVerMedia A867 USB DVB-T 8.0.0.55
"CCleaner" = CCleaner
"CesarFTP 0.99g_is1" = CesarFTP 0.99g
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{92C41B26-EBC5-41C5-8B6F-E3EF7E57FF16}" = AVerMedia Applications
"InstallShield_{BE1A2C04-6F14-4A16-B290-003769418AD9}" = ROUTE 66 Sync
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MiniLyrics" = Minilyrics
"Mozilla Firefox 4.0.1 (x86 cs)" = Mozilla Firefox 4.0.1 (x86 cs)
"Mp3tag" = Mp3tag v2.46a
"OpenTTD" = OpenTTD 1.1.1
"Opera 11.50.1074" = Opera 11.50
"RJ Tools E2007_is1" = RJ Tools E2007
"RocketDock_is1" = RocketDock 1.3.5
"SiS VGA Utilities" = SiS VGA Utilities
"Spyware Terminator_is1" = Spyware Terminator
"The KMPlayer" = The KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.11
"WinGimp-2.0_is1" = GIMP 2.6.6
"ZAV1_is1" = ZAV 4.48 (32bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1393530065-2457978839-4017472629-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"QIP 2010" = QIP 2010 3.1.5488

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Spustte OTL
-do bílého okna dole skopírujte tento skript:
-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde

Dobré ráno!

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
ADS C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E16.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E64.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6683.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7FD9.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8545.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8662.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC719.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEBB8.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI5241.tmp moved successfully.
C:\WINDOWS\Installer\MSI72EB.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\2a55dd73fc65c85fb8c29bb88aac7b3d\BIT953B.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\7f537f1f28562eb9d29806f08f28c53a\BIT8FAB.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\a8e5866724b420cc72d749678d178662\BITD22D.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\aac317a7404906b4aa1a1671639c7933\BIT7EA4.tmp moved successfully.
C:\WINDOWS\System32\~.tmp moved successfully.
c:\Users\Petr\AppData\Roaming\inst.exe moved successfully.
C:\Windows\system32\~.inf moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: Administrator.Petr-PC
->Temp folder emptied: 461056 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 59808 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Petr
->Temp folder emptied: 1892586 bytes
->Temporary Internet Files folder emptied: 48058 bytes
->Java cache emptied: 23364452 bytes
->FireFox cache emptied: 6969897 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 12423864 bytes
->Flash cache emptied: 6740 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: postgres.Petr-PC

User: postgres.Petr-PC.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: postgres.Petr-PC.001
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1050400 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 44,00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.Petr-PC

User: All Users

User: Default

User: Default User

User: Guest

User: Petr
->Flash cache emptied: 0 bytes

User: postgres

User: postgres.Petr-PC

User: postgres.Petr-PC.000

User: postgres.Petr-PC.001

User: Public

Total Flash Files Cleaned = 0,00 mb



OTL by OldTimer - Version 3.2.26.1 log created on 08132011_075019

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Ted to vypadá spočítačem jak? Ta hláška se objeví hned po zapnutí pc?

Krásný rychlý náběh:) Dokonce i hláška Avastu o blokování nějakého procesu ComboFixu zmizela..