Naprosta kontrola PC

[)aguar]

No takže jsem vložil script.
Vyskočila tato tabulka. Odpočet 60 sekund a myslím že program stále pracoval když se PC začlo vypínat.



PC se restartovalo, ale po naběhnutí byla jen černá obrazovka. Tak jsem dal reset a zkusil znovu. Tentokrát se PC ani nevypnulo. Zůstalo zamrznuté u "vypínání" Po třetí to samé jako podruhé.

[Danstahr]

Vložte prosím nový log z OTL podle postupu zde : http://www.viry.cz/forum/viewtopic.php? ... 2#p1027022

[)aguar]

Teď nerozumím. Podle jakého postupu? Podle toho jak jste psal pro OTL prvně?

[Danstahr]

Ano.

[)aguar]

OTL logfile created on: 26.8.2011 13:19:11 - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Radek\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

511,29 Mb Total Physical Memory | 144,88 Mb Available Physical Memory | 28,34% Memory free
1,22 Gb Paging File | 0,49 Gb Available in Paging File | 39,96% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 17,14 Gb Free Space | 11,50% Space Free | Partition Type: NTFS
Drive J: | 966,09 Mb Total Space | 862,36 Mb Free Space | 89,26% Space Free | Partition Type: FAT32

Computer Name: KAREL | User Name: Radek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.08.25 21:49:22 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Radek\Plocha\OTL.exe
PRC - [2011.07.21 14:59:06 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware\AAWService.exe
PRC - [2011.07.21 14:59:06 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware\AAWTray.exe
PRC - [2011.07.21 12:24:49 | 000,182,272 | ---- | M] () -- C:\Documents and Settings\Radek\Data aplikací\dwm.exe
PRC - [2011.07.21 12:24:21 | 000,173,056 | ---- | M] () -- C:\Documents and Settings\Radek\Data aplikací\Microsoft\conhost.exe
PRC - [2011.07.18 11:35:20 | 000,340,480 | ---- | M] () -- C:\WINDOWS\update.5.0\svchost.exe
PRC - [2011.07.18 11:35:20 | 000,340,480 | ---- | M] () -- C:\WINDOWS\update.5.0\svchost.exe
PRC - [2011.07.17 18:44:25 | 000,232,960 | ---- | M] () -- C:\WINDOWS\sysdriver32_.exe
PRC - [2011.07.17 18:44:25 | 000,232,960 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe
PRC - [2011.07.15 16:34:57 | 000,110,592 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe
PRC - [2011.07.15 16:32:12 | 000,483,328 | ---- | M] () -- C:\WINDOWS\update.2\svchost.exe
PRC - [2011.07.15 16:32:12 | 000,483,328 | ---- | M] () -- C:\WINDOWS\update.2\svchost.exe
PRC - [2011.07.15 16:09:49 | 001,170,432 | -H-- | M] () -- C:\WINDOWS\update.1\svchost.exe
PRC - [2011.06.30 09:37:28 | 001,793,712 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011.06.30 09:37:06 | 002,554,696 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.06.28 12:16:43 | 006,731,312 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
PRC - [2007.06.28 12:16:19 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
PRC - [2007.03.04 11:29:29 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2007.02.13 15:00:14 | 000,061,440 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe
PRC - [2006.06.01 13:32:12 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005.10.24 08:45:16 | 000,090,112 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005.07.19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005.06.08 15:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005.06.08 14:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2005.02.25 04:22:38 | 000,208,896 | ---- | M] () -- C:\WINDOWS\inf\MSI\SlowDownCPU\SlowDownCPU.exe
PRC - [2005.01.25 06:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAAE.EXE
PRC - [2004.06.09 00:42:22 | 000,766,004 | ---- | M] () -- C:\Program Files\Ahead\InCD\incdsrv.exe
PRC - [2004.06.09 00:42:20 | 000,974,898 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2002.09.20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2000.10.16 09:37:36 | 000,032,768 | R--- | M] () -- C:\WINDOWS\system32\rmctrl.exe


========== Modules (No Company Name) ==========

MOD - [2011.07.21 14:59:08 | 000,589,184 | ---- | M] () -- C:\Program Files\Ad-Aware\RPAPI.dll
MOD - [2011.07.21 14:59:08 | 000,430,568 | ---- | M] () -- C:\Program Files\Ad-Aware\Viprebridge.dll
MOD - [2011.07.21 14:59:08 | 000,308,560 | ---- | M] () -- C:\Program Files\Ad-Aware\Vipre.dll
MOD - [2011.07.21 12:24:49 | 000,182,272 | ---- | M] () -- C:\Documents and Settings\Radek\Data aplikací\dwm.exe
MOD - [2011.07.21 12:24:21 | 000,173,056 | ---- | M] () -- C:\Documents and Settings\Radek\Data aplikací\Microsoft\conhost.exe
MOD - [2011.07.18 11:35:20 | 000,340,480 | ---- | M] () -- C:\WINDOWS\update.5.0\svchost.exe
MOD - [2011.07.17 18:44:25 | 000,232,960 | ---- | M] () -- C:\WINDOWS\sysdriver32_.exe
MOD - [2011.07.17 18:44:25 | 000,232,960 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe
MOD - [2011.07.15 16:34:57 | 000,110,592 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe
MOD - [2011.07.15 16:32:12 | 000,483,328 | ---- | M] () -- C:\WINDOWS\update.2\svchost.exe
MOD - [2011.07.15 16:09:49 | 001,170,432 | -H-- | M] () -- C:\WINDOWS\update.1\svchost.exe
MOD - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
MOD - [2009.11.03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009.11.03 16:51:26 | 000,039,712 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MOD - [2007.03.04 00:14:27 | 000,061,496 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll
MOD - [2004.06.09 00:42:24 | 000,364,593 | ---- | M] () -- C:\Program Files\Ahead\InCD\incdunt.dll
MOD - [2004.06.09 00:42:22 | 000,766,004 | ---- | M] () -- C:\Program Files\Ahead\InCD\incdsrv.exe
MOD - [2004.06.09 00:42:22 | 000,757,812 | ---- | M] () -- C:\Program Files\Ahead\InCD\incdapi.dll
MOD - [2002.10.05 01:04:26 | 000,092,672 | ---- | M] () -- C:\WINDOWS\system32\vorbis.dll
MOD - [2002.10.05 01:04:18 | 000,021,504 | ---- | M] () -- C:\WINDOWS\system32\ogg.dll
MOD - [2000.10.16 09:37:36 | 000,036,864 | R--- | M] () -- C:\WINDOWS\system32\ctrldll.dll
MOD - [2000.10.16 09:37:36 | 000,032,768 | R--- | M] () -- C:\WINDOWS\system32\rmctrl.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NOD32krn)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011.07.21 14:59:06 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.07.18 11:35:20 | 000,340,480 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.5.0\svchost.exe -- (srvbtcclient)
SRV - [2011.07.17 18:44:25 | 000,232,960 | ---- | M] () [Auto | Running] -- C:\WINDOWS\sysdriver32.exe -- (srvsysdriver32)
SRV - [2011.07.15 16:32:12 | 000,483,328 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.2\svchost.exe -- (srviecheck)
SRV - [2011.07.15 16:09:49 | 001,170,432 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\update.1\svchost.exe -- (wxpdrivers)
SRV - [2011.06.30 09:37:28 | 001,793,712 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2007.06.28 12:16:19 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard)
SRV - [2004.06.09 00:42:22 | 000,766,004 | ---- | M] () [Auto | Running] -- C:\Program Files\Ahead\InCD\incdsrv.exe -- (InCDsrv)
SRV - [2002.09.20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011.07.21 14:59:08 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011.07.21 14:59:08 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011.06.30 09:38:16 | 000,097,504 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011.06.30 09:38:14 | 000,242,600 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011.06.30 09:38:14 | 000,029,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010.10.20 10:15:38 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010.03.20 11:57:51 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.09.26 14:05:20 | 000,502,208 | ---- | M] (Eset ) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007.06.28 12:16:12 | 000,011,000 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver)
DRV - [2006.11.22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006.10.11 10:00:10 | 000,045,312 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ma8630u.sys -- (MA8630U)
DRV - [2006.09.05 18:03:16 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln)
DRV - [2006.05.30 15:18:52 | 000,033,792 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2006.03.22 05:56:22 | 001,522,688 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.02.21 13:12:00 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.10.26 10:08:26 | 003,786,944 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005.08.18 05:44:50 | 000,049,867 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mardp2k.sys -- (MaRdPnp)
DRV - [2005.08.18 05:44:44 | 000,011,473 | R--- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.27 11:32:52 | 001,317,152 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2005.05.27 11:31:28 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.03.04 05:10:26 | 000,074,496 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005.02.22 08:47:44 | 000,039,040 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\inf\MSI\SlowDownCPU\RushTop.sys -- (RushTopDevice)
DRV - [2005.01.25 09:31:58 | 000,025,428 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ma8630m.sys -- (MA8630M)
DRV - [2004.11.01 11:12:36 | 000,023,424 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\inf\MSI\SlowDownCPU\NTGLM7X.SYS -- (SlowDownCPU)
DRV - [2004.09.14 12:12:18 | 000,023,248 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ma8630c.sys -- (MA8630C)
DRV - [2004.09.14 06:55:44 | 000,088,960 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2004.06.09 00:42:24 | 000,085,360 | ---- | M] () [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2004.06.09 00:42:24 | 000,026,784 | ---- | M] (Ahead Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2004.04.26 02:49:56 | 000,381,056 | R--- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004.02.24 05:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = http://www.google.com
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchT ... f8&oe=utf8
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1006\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1006\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1006\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1006\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Program Files\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1006\..\URLSearchHook: {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (Morpheus)
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1006\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50364

IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = http://www.google.com
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchT ... f8&oe=utf8
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1009\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1009\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1009\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Program Files\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1009\..\URLSearchHook: {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (Morpheus)
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1009\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1847444920-2511039311-3333254768-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:57980

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... id=afex&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Data aplikací\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007.08.23 17:44:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.19 16:00:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.19 16:00:33 | 000,000,000 | ---D | M]

[2010.01.21 00:00:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Radek\Data aplikací\Mozilla\Extensions
[2011.06.23 19:02:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Radek\Data aplikací\Mozilla\Firefox\Profiles\if0qwll6.default\extensions
[2010.01.22 20:45:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Radek\Data aplikací\Mozilla\Firefox\Profiles\if0qwll6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008.09.29 16:04:06 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Radek\Data aplikací\Mozilla\Firefox\Profiles\if0qwll6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.01.21 00:01:53 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Radek\Data aplikací\Mozilla\Firefox\Profiles\if0qwll6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.06.23 19:02:47 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Radek\Data aplikací\Mozilla\Firefox\Profiles\if0qwll6.default\searchplugins\icqplugin-1.xml
[2008.10.29 09:22:57 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Radek\Data aplikací\Mozilla\Firefox\Profiles\if0qwll6.default\searchplugins\icqplugin-2.xml
[2008.12.02 14:05:39 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Radek\Data aplikací\Mozilla\Firefox\Profiles\if0qwll6.default\searchplugins\icqplugin-3.xml
[2010.08.03 21:34:37 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Radek\Data aplikací\Mozilla\Firefox\Profiles\if0qwll6.default\searchplugins\icqplugin-4.xml
[2011.06.23 18:52:52 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Radek\Data aplikací\Mozilla\Firefox\Profiles\if0qwll6.default\searchplugins\icqplugin-5.xml
[2008.03.31 10:52:00 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Radek\Data aplikací\Mozilla\Firefox\Profiles\if0qwll6.default\searchplugins\icqplugin.gif
[2008.03.31 10:52:00 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Radek\Data aplikací\Mozilla\Firefox\Profiles\if0qwll6.default\searchplugins\icqplugin.src
[2008.07.10 14:50:23 | 000,000,962 | ---- | M] () -- C:\Documents and Settings\Radek\Data aplikací\Mozilla\Firefox\Profiles\if0qwll6.default\searchplugins\icqplugin.xml
[2011.07.18 11:40:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.19 23:27:06 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2007.08.23 17:45:04 | 000,000,000 | ---D | M] (DivX Settings) -- C:\Program Files\Mozilla Firefox\extensions\divx@partners.mozilla.com
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\RADEK\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\IF0QWLL6.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\RADEK\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\IF0QWLL6.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
[2008.12.20 21:27:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009.08.31 18:55:02 | 000,118,000 | ---- | M] () -- C:\Program Files\mozilla firefox\components\qippipe.dll
[2008.03.24 20:21:00 | 002,889,088 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2011.06.19 15:59:46 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.06.19 15:59:46 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2011.06.19 15:59:46 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2011.06.19 15:59:46 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011.06.19 15:59:46 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2011.07.28 12:27:55 | 000,203,160 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 vkontakte.ru
O1 - Hosts: 127.0.0.1 www.vkontakte.ru
O1 - Hosts: 127.0.0.1 login.vk.com
O1 - Hosts: 127.0.0.1 vk.com
O1 - Hosts: 127.0.0.1 www.vk.com
O1 - Hosts: 127.0.0.1 odnoklassniki.ru
O1 - Hosts: 127.0.0.1 www.odnoklassniki.ru
O1 - Hosts: 127.0.0.1 facebook.com
O1 - Hosts: 127.0.0.1 www.facebook.com
O1 - Hosts: 127.0.0.1 af-za.facebook.com
O1 - Hosts: 127.0.0.1 az-az.facebook.com
O1 - Hosts: 127.0.0.1 id-id.facebook.com
O1 - Hosts: 127.0.0.1 ms-my.facebook.com
O1 - Hosts: 127.0.0.1 bs-ba.facebook.com
O1 - Hosts: 127.0.0.1 ca-es.facebook.com
O1 - Hosts: 127.0.0.1 cs-cz.facebook.com
O1 - Hosts: 127.0.0.1 cy-gb.facebook.com
O1 - Hosts: 127.0.0.1 da-dk.facebook.com
O1 - Hosts: 127.0.0.1 de-de.facebook.com
O1 - Hosts: 127.0.0.1 et-ee.facebook.com
O1 - Hosts: 127.0.0.1 en-gb.facebook.com
O1 - Hosts: 127.0.0.1 es-la.facebook.com
O1 - Hosts: 127.0.0.1 eo-eo.facebook.com
O1 - Hosts: 127.0.0.1 eu-es.facebook.com
O1 - Hosts: 50060 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MorpheusToolbar BHO) - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL (Morpheus)
O2 - BHO: (no name) - {54B62CEF-8A07-4d3c-A2EF-DDF184264374} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Program Files\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (no name) - {A8884FF9-41CF-4A85-AC9A-CB4567AD72E4} - No CLSID value found.
O2 - BHO: (no name) - {ADC3B2AC-F30B-4A2A-9865-1C96C7D58483} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: () - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (Morpheus)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Morpheus Toolbar) - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL (Morpheus)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (&Seznam Lištička) - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Listicka\Toolbar.dll (Seznam.cz a.s.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1847444920-2511039311-3333254768-1006\..\Toolbar\WebBrowser: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - No CLSID value found.
O3 - HKU\S-1-5-21-1847444920-2511039311-3333254768-1006\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\S-1-5-21-1847444920-2511039311-3333254768-1006\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-1847444920-2511039311-3333254768-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1847444920-2511039311-3333254768-1009\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-1847444920-2511039311-3333254768-1009\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
O4 - HKLM..\Run: [1568991.exe] File not found
O4 - HKLM..\Run: [3470417.exe] C:\WINDOWS\TEMP\3470417.exe ()
O4 - HKLM..\Run: [729719.exe] File not found
O4 - HKLM..\Run: [8215445.exe] C:\WINDOWS\TEMP\8215445.exe ()
O4 - HKLM..\Run: [8789533.exe] C:\WINDOWS\TEMP\8789533.exe ()
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [conhost] C:\Documents and Settings\Radek\Data aplikací\Microsoft\conhost.exe ()
O4 - HKLM..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG)
O4 - HKLM..\Run: [l1rezerv.exe] C:\WINDOWS\l1rezerv.exe ()
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe ()
O4 - HKLM..\Run: [SlowDownCPU] C:\WINDOWS\inf\MSI\SlowDownCPU\SlowDownCPU.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [sysdriver32.exe] C:\WINDOWS\sysdriver32.exe ()
O4 - HKLM..\Run: [sysdriver32_.exe] C:\WINDOWS\sysdriver32_.exe ()
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico1] File not found
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O4 - HKU\S-1-5-21-1847444920-2511039311-3333254768-1006..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1847444920-2511039311-3333254768-1006..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1847444920-2511039311-3333254768-1006..\Run: [QIP2005] C:\Program Files\QIP\qip.exe (The Author of QIP)
O4 - HKU\S-1-5-21-1847444920-2511039311-3333254768-1006..\Run: [SMSToolBar] File not found
O4 - HKU\S-1-5-21-1847444920-2511039311-3333254768-1009..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1847444920-2511039311-3333254768-1009..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Jakub Máša\Nabídka Start\Programy\Po spuštění\Registration Brothers In Arms.LNK = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1847444920-2511039311-3333254768-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1847444920-2511039311-3333254768-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1847444920-2511039311-3333254768-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 8376447873 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/webplayer/stag ... taller.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://www.ostrava.unas.cz/kamery/AxisCamControl.cab (CamImage Class)
O16 - DPF: {CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1847444920-2511039311-3333254768-1009 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1847444920-2511039311-3333254768-1009 Winlogon: Shell - (C:\Documents and Settings\Radek\Data aplikací\dwm.exe) - C:\Documents and Settings\Radek\Data aplikací\dwm.exe ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O31 - SafeBoot: AlternateShell - services32.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.09.13 22:33:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (OODDRMBS) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.a3d - C:\WINDOWS\System32\a3d.dll (Sensaura Ltd)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa - C:\WINDOWS\System32\divxa32.acm (build Pinky.cz)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3radius - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.ogg - C:\WINDOWS\System32\ogg.dll ()
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: msacm.vorbisenc - C:\WINDOWS\System32\vorbisenc.dll ()
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.div3 - C:\WINDOWS\System32\divxc32.dll (build Pinky.cz)
Drivers32: vidc.div4 - C:\WINDOWS\System32\divxc32f.dll (Pinky.cz)
Drivers32: vidc.divx - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.DVSD - C:\WINDOWS\System32\pdvcodec.dll (Matsushita Electric Industrial Co., Ltd.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

[)aguar]

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.08.26 11:29:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.08.25 21:57:15 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Radek\Plocha\OTL.exe
[2011.08.25 21:24:42 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011.08.25 20:54:26 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011.08.25 20:19:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.08.25 20:19:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.08.25 20:19:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.08.25 20:19:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.08.25 19:56:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Radek\Recent
[2011.08.25 19:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\CCleaner
[2011.08.25 19:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.08.25 19:38:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.08.25 19:37:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.08.25 19:33:23 | 004,182,373 | R--- | C] (Swearware) -- C:\Documents and Settings\Radek\Plocha\ComboFix.exe
[2011.08.24 15:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radek\Data aplikací\Malwarebytes
[2011.08.24 15:01:23 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.08.24 15:01:06 | 000,000,000 | ---D | C] -- C:\rsit
[2011.08.24 14:17:07 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011.08.24 14:16:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Lavasoft
[2011.08.24 14:16:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
[2011.08.24 14:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware
[2011.08.24 14:12:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\COMODO
[2011.08.24 14:12:05 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011.08.24 14:07:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Comodo
[2011.08.24 13:51:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radek\Nabídka Start\Programy\HiJackThis
[2011.08.24 13:51:40 | 000,000,000 | ---D | C] -- C:\Programy
[2007.12.07 23:58:19 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Radek\Data aplikací\pcouffin.sys
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.08.26 13:16:08 | 000,012,700 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.08.26 13:11:00 | 000,001,046 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1847444920-2511039311-3333254768-1007UA.job
[2011.08.26 12:37:13 | 000,000,948 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.26 12:21:10 | 000,000,944 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.26 12:20:27 | 000,000,450 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011.08.26 12:20:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.08.25 21:49:22 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Radek\Plocha\OTL.exe
[2011.08.25 21:41:20 | 000,004,487 | ---- | M] () -- C:\Documents and Settings\Radek\Data aplikací\24B2.078
[2011.08.25 20:09:15 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011.08.25 20:08:17 | 000,060,416 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER
[2011.08.25 19:59:34 | 000,000,556 | ---- | M] () -- C:\Documents and Settings\Radek\Dokumenty\cc_20110825_195932.reg
[2011.08.25 19:59:05 | 000,002,176 | ---- | M] () -- C:\Documents and Settings\Radek\Dokumenty\cc_20110825_195903.reg
[2011.08.25 19:58:37 | 000,475,896 | ---- | M] () -- C:\Documents and Settings\Radek\Dokumenty\cc_20110825_195810.reg
[2011.08.25 19:44:10 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\Radek\Data aplikací\$_hpcst$.hpc
[2011.08.25 19:25:10 | 004,182,373 | R--- | M] (Swearware) -- C:\Documents and Settings\Radek\Plocha\ComboFix.exe
[2011.08.25 18:11:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1847444920-2511039311-3333254768-1007Core.job
[2011.08.25 14:48:19 | 000,000,492 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Markéta Mášová.job
[2011.08.24 15:15:50 | 000,002,444 | -H-- | M] () -- C:\aaw7boot.cmd
[2011.08.24 14:12:41 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\COMODO Firewall.lnk
[2011.08.24 13:51:51 | 000,002,523 | ---- | M] () -- C:\Documents and Settings\Radek\Plocha\HiJackThis.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.08.25 20:19:41 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.08.25 20:19:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.08.25 20:19:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.08.25 20:19:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.08.25 20:19:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.08.25 19:59:33 | 000,000,556 | ---- | C] () -- C:\Documents and Settings\Radek\Dokumenty\cc_20110825_195932.reg
[2011.08.25 19:59:04 | 000,002,176 | ---- | C] () -- C:\Documents and Settings\Radek\Dokumenty\cc_20110825_195903.reg
[2011.08.25 19:58:14 | 000,475,896 | ---- | C] () -- C:\Documents and Settings\Radek\Dokumenty\cc_20110825_195810.reg
[2011.08.25 19:44:10 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Radek\Data aplikací\$_hpcst$.hpc
[2011.08.24 15:15:13 | 000,002,444 | -H-- | C] () -- C:\aaw7boot.cmd
[2011.08.24 14:17:37 | 000,000,450 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011.08.24 14:12:41 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\COMODO Firewall.lnk
[2011.08.24 13:51:41 | 000,002,523 | ---- | C] () -- C:\Documents and Settings\Radek\Plocha\HiJackThis.lnk
[2011.07.21 12:24:49 | 000,182,272 | ---- | C] () -- C:\Documents and Settings\Radek\Data aplikací\dwm.exe
[2011.07.21 12:24:23 | 000,004,487 | ---- | C] () -- C:\Documents and Settings\Radek\Data aplikací\24B2.078
[2011.07.18 11:35:26 | 000,169,472 | ---- | C] () -- C:\WINDOWS\gbot111.exe
[2011.07.17 18:44:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok
[2011.07.15 16:37:41 | 000,246,272 | ---- | C] () -- C:\WINDOWS\unrar.exe
[2011.07.15 16:35:01 | 000,110,592 | ---- | C] () -- C:\WINDOWS\l1rezerv.exe
[2011.07.15 16:31:57 | 000,232,960 | ---- | C] () -- C:\WINDOWS\sysdriver32_.exe
[2011.07.15 16:31:07 | 000,232,960 | ---- | C] () -- C:\WINDOWS\sysdriver32.exe
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2010.10.20 10:15:39 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2010.04.17 09:57:28 | 000,000,028 | ---- | C] () -- C:\WINDOWS\MotionDVSTUDIO.INI
[2010.01.23 11:25:42 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.01.23 11:25:40 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.01.23 11:25:27 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.01.23 11:25:27 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.01.23 11:25:21 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010.01.23 11:25:09 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.10.06 19:35:41 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.09.27 15:38:55 | 000,020,628 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009.05.29 21:07:42 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008.12.18 20:23:00 | 000,138,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008.12.18 20:22:43 | 000,201,440 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008.12.18 20:22:13 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2008.12.17 20:22:49 | 000,000,045 | -H-- | C] () -- C:\WINDOWS\dsez7408.dat
[2008.12.02 13:34:59 | 000,003,439 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2007.12.21 22:10:52 | 000,000,043 | ---- | C] () -- C:\WINDOWS\prdelka.INI
[2007.12.07 23:58:19 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Radek\Data aplikací\ezpinst.exe
[2007.12.07 23:58:19 | 000,007,824 | ---- | C] () -- C:\Documents and Settings\Radek\Data aplikací\pcouffin.cat
[2007.12.07 23:58:19 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Radek\Data aplikací\pcouffin.inf
[2007.11.07 13:30:58 | 000,000,289 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2007.08.24 12:05:08 | 000,001,508 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007.07.12 23:17:55 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Radek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.03.06 18:09:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VideoExe.INI
[2007.03.06 17:53:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhoneBkExe.INI
[2007.03.06 17:50:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MelodyExe.INI
[2007.03.06 17:12:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
[2007.03.06 17:10:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MessageExe.INI
[2007.02.23 19:37:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EngineExe.INI
[2007.02.23 19:37:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2007.02.23 19:37:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AlbumExe.INI
[2007.02.17 17:02:30 | 000,001,582 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2007.01.18 17:37:20 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007.01.18 17:37:20 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2007.01.08 12:33:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006.12.09 21:23:53 | 000,000,373 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006.11.10 20:15:20 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\QTSBandwidthCache
[2006.10.18 18:01:01 | 000,319,488 | R--- | C] () -- C:\WINDOWS\System32\MafiaSetup.exe
[2006.10.14 21:15:33 | 000,036,972 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2006.09.26 16:20:35 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
[2006.09.23 19:11:52 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006.09.20 15:04:45 | 000,000,070 | ---- | C] () -- C:\WINDOWS\Morpheus.INI
[2006.09.20 14:59:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\mo001.dat
[2006.09.20 14:58:54 | 000,341,584 | ---- | C] () -- C:\WINDOWS\System32\uninstall.exe
[2006.09.18 22:21:48 | 001,317,152 | R--- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2006.09.18 22:21:48 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006.09.18 22:19:05 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2006.09.18 22:17:45 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
[2006.09.18 21:23:06 | 000,086,214 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2006.09.18 21:23:06 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2006.09.18 21:23:06 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2006.09.18 21:23:06 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2006.09.18 21:23:06 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2006.09.18 21:23:06 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2006.09.18 21:23:06 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2006.09.18 21:23:06 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2006.09.18 21:23:06 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2006.09.18 21:23:06 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2006.09.18 21:23:06 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2006.09.18 21:23:06 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2006.09.18 21:23:06 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2006.09.18 21:23:06 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2006.09.18 21:23:06 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2006.09.18 21:23:06 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2006.09.18 21:23:06 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006.09.18 21:18:54 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CDED68ECHP.ini
[2006.09.18 19:31:24 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\ctrldll.dll
[2006.09.18 19:31:24 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\rmctrl.exe
[2006.09.18 19:17:18 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.09.18 18:59:17 | 000,000,676 | ---- | C] () -- C:\WINDOWS\im32st.dat
[2006.09.18 18:54:44 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\NMOCOD.DLL
[2006.09.18 18:22:02 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.09.18 16:05:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.05.30 15:18:18 | 000,085,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\InCDfs.sys
[2005.09.14 00:27:53 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005.09.14 00:27:12 | 000,137,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005.09.14 00:22:02 | 000,157,184 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005.09.14 00:21:43 | 000,000,786 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005.09.14 00:21:36 | 000,429,172 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2005.09.14 00:21:36 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2005.09.14 00:21:36 | 000,078,294 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2005.09.14 00:21:36 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2005.09.14 00:21:28 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005.09.14 00:21:26 | 000,432,778 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005.09.14 00:21:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005.09.14 00:21:26 | 000,067,734 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005.09.14 00:21:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005.09.14 00:21:26 | 000,004,486 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005.09.14 00:21:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005.09.14 00:21:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005.09.14 00:21:21 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005.09.14 00:21:21 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005.09.14 00:21:17 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005.09.14 00:21:13 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005.09.13 23:17:20 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2005.09.13 23:17:12 | 000,121,995 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005.09.13 22:34:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005.09.13 22:31:39 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005.02.01 16:10:30 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\exasd_.dll
[2003.08.20 21:12:36 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\MADLib.dll
[2003.07.16 13:09:32 | 000,202,752 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2003.05.08 00:27:48 | 000,902,318 | ---- | C] () -- C:\WINDOWS\System32\mos.exe
[2002.10.06 20:42:58 | 000,105,472 | ---- | C] () -- C:\WINDOWS\System32\oggds.dll
[2002.10.05 01:04:26 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002.10.05 01:04:26 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002.10.05 01:04:18 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002.05.17 22:18:30 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[1999.12.02 07:12:00 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\msconsysi.dat
[1999.04.11 22:54:20 | 000,281,600 | ---- | C] () -- C:\WINDOWS\System32\cncs232.dll
[1999.01.27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1998.07.30 16:02:04 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\NUMERALG.DLL
[1998.03.03 10:37:32 | 000,182,784 | ---- | C] () -- C:\WINDOWS\System32\DAOLIBS.DLL
[1997.06.13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1996.02.23 21:34:48 | 000,014,629 | ---- | C] () -- C:\WINDOWS\System32\declw.dll
[1996.02.22 19:09:20 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\decln.dll

========== LOP Check ==========

[2009.09.26 14:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avg7
[2010.03.20 11:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2009.09.26 14:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Grisoft
[2010.01.19 23:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2008.08.02 15:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\JollyBear
[2006.10.17 21:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MumboJumbo
[2010.04.17 09:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Panasonic
[2008.10.26 21:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Simply Super Software
[2008.12.04 21:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SweetIM
[2008.08.02 17:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2006.09.18 21:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\UDL
[2009.11.25 11:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2006.12.10 16:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jakub Máša\Data aplikací\Atari
[2009.08.19 11:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jakub Máša\Data aplikací\AVG7
[2006.10.06 20:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jakub Máša\Data aplikací\Balloon Express
[2006.09.20 15:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jakub Máša\Data aplikací\BearShare
[2007.09.07 19:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jakub Máša\Data aplikací\COWON
[2010.03.20 15:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jakub Máša\Data aplikací\DAEMON Tools Lite
[2007.12.07 14:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jakub Máša\Data aplikací\Dcads Advanced Toolbar
[2010.03.28 14:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jakub Máša\Data aplikací\Euro4
[2010.06.19 12:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jakub Máša\Data aplikací\Facebook
[2006.12.12 12:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jakub Máša\Data aplikací\flightgear.org
[2006.12.12 20:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jakub Máša\Data aplikací\fltk.org
[2006.10.27 19:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jakub Máša\Data aplikací\funkitron
[2009.12.26 13:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jakub Máša\Data aplikací\Hide IP NG
[2010.01.19 23:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jakub Máša\Data aplikací\ICQ
[2007.05.30 20:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jakub Máša\Data aplikací\ICQ Toolbar
[2006.09.19 09:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jakub Máša\Data aplikací\ICQLite
[2008.06.28 19:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jakub Máša\Data aplikací\MobileAction
[2006.10.06 16:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jakub Máša\Data aplikací\Morpheus
[2008.10.26 21:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jakub Máša\Data aplikací\Simply Super Software
[2006.09.20 19:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jakub Máša\Data aplikací\Zoner
[2006.09.18 18:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\AVG7
[2007.01.12 12:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Atari
[2009.06.22 11:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\AVG7
[2008.01.28 11:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\COWON
[2008.07.03 21:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\ICQ
[2007.06.04 20:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\ICQ Toolbar
[2007.11.03 17:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\ICQLite
[2008.05.16 09:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Vso
[2011.08.26 12:20:27 | 000,000,450 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 05:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)
"LDM" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -- [2007.03.04 11:29:29 | 000,067,128 | ---- | M] (Logitech Inc.)
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" -- [2006.06.01 13:32:12 | 000,094,208 | ---- | M] (Nero AG)
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -- [2007.06.21 07:53:50 | 000,068,856 | ---- | M] (Google Inc.)
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2008.04.14 05:22:36 | 001,695,232 | ---- | M] (Microsoft Corporation)

< c:\windows\*.* /U >
[1 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2008.01.27 16:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Adobe
[2008.04.05 21:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Apple Computer
[2007.01.12 12:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Atari
[2009.06.22 11:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\AVG7
[2008.01.28 11:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\COWON
[2008.01.18 12:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Google
[2005.09.13 23:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Help
[2008.07.03 21:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\ICQ
[2007.06.04 20:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\ICQ Toolbar
[2007.11.03 17:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\ICQLite
[2005.09.13 22:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Identities
[2006.11.22 22:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Macromedia
[2011.08.24 15:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Malwarebytes
[2011.08.25 19:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Media Player Classic
[2011.08.24 13:51:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Radek\Data aplikací\Microsoft
[2007.09.15 13:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Mozilla
[2010.05.23 15:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Real
[2007.03.17 21:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Skype
[2008.12.02 14:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Sun
[2007.09.15 13:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Talkback
[2008.05.16 09:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Vso

< %APPDATA%\*.exe /s >
[2011.07.21 12:24:49 | 000,182,272 | ---- | M] () -- C:\Documents and Settings\Radek\Data aplikací\dwm.exe
[2007.12.07 23:58:19 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Radek\Data aplikací\ezpinst.exe
[2011.07.21 12:24:21 | 000,173,056 | ---- | M] () -- C:\Documents and Settings\Radek\Data aplikací\Microsoft\conhost.exe
[2011.08.24 13:51:41 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Radek\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe


< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.12.04 10:10:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008.12.04 10:10:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.12.04 10:10:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2003.04.16 14:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008.12.04 10:10:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.17 15:57:28 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2004.08.17 15:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
[2004.08.17 15:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\I386\AUTOCHK.EXE

< MD5 for: CDROM.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.12.04 10:10:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2003.04.16 14:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:cdrom.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:cdrom.sys
[2008.12.04 10:10:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2009.12.22 20:39:20 | 000,062,592 | ---- | M] (Microsoft Corporation) MD5=7B53584D94E9D8716B2DE91D5F1CB42D -- C:\WINDOWS\system32\dllcache\cdrom.sys
[2004.08.17 15:57:28 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.12.04 10:10:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2003.04.16 14:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:hal.dll
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:hal.dll
[2008.12.04 10:10:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 20:31:28 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2004.08.17 15:57:28 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.12.04 10:10:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:Changer.sys
[2008.12.04 10:10:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: IASTOR.SYS >
[2004.03.24 18:00:00 | 000,274,816 | ---- | M] (Intel Corporation) MD5=9B5D077B6033BB41AB5AF0E28E566164 -- C:\driver\rai\intel\ICH5R\Floppy\iastor.sys
[2004.03.23 06:13:58 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\driver\rai\intel\ICH6R\Floppy\iastor.sys

< MD5 for: ISAPNP.SYS >
[2008.12.04 10:10:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.12.04 10:10:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001.10.24 11:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2003.04.16 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2004.01.13 11:36:00 | 000,063,744 | ---- | M] (NVIDIA Corporation) MD5=06F86506555644CBA020CD2CFFE28668 -- C:\driver\Chi\nvidia\NvAtaBus.sys

< MD5 for: NVRAID.SYS >
[2004.01.13 11:36:00 | 000,057,472 | ---- | M] (NVIDIA Corporation) MD5=E182F94D65DEDA3668C23EE5BC8E980F -- C:\driver\Chi\nvidia\nvraid.sys

< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
[2004.08.17 15:49:28 | 000,481,792 | ---- | M] (Microsoft Corporation) MD5=CB56F803D2CAF6B3F32E82D2F73F4B3A -- C:\WINDOWS\I386\SYSTEM32\SMSS.EXE

< MD5 for: SVCHOST.EXE >
[2011.07.18 11:35:20 | 000,340,480 | ---- | M] () MD5=1733B4BD3F88618E348977328B384762 -- C:\WINDOWS\update.5.0\svchost.exe
[2011.07.15 16:09:49 | 001,170,432 | -H-- | M] () MD5=2ED651EA0565B4C3C0F7F4EE372FEFC7 -- C:\WINDOWS\update.1\svchost.exe
[2011.07.15 16:09:49 | 001,170,432 | -H-- | M] () MD5=2ED651EA0565B4C3C0F7F4EE372FEFC7 -- C:\WINDOWS\update.tray-3-0-lnk\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2011.07.15 16:32:12 | 000,483,328 | ---- | M] () MD5=EFB19E06A994F184B781A3C948E77E6E -- C:\WINDOWS\update.2\svchost.exe

< MD5 for: TCPIP.SYS >
[2006.04.20 13:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 14:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: VIAMRAID.SYS >
[2004.03.29 07:45:32 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\driver\rai\via\VIARaid\driver\2003IA32\viamraid.sys
[2004.03.29 07:45:32 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\driver\rai\via\VIARaid\driver\Win2000\viamraid.sys
[2004.03.29 07:45:36 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\driver\rai\via\VIARaid\driver\Winxp\viamraid.sys

< MD5 for: VIASRAID.SYS >
[2003.08.05 08:14:30 | 000,077,056 | ---- | M] (VIA Technologies inc,.ltd) MD5=2EAB80850163B2A123D09F34574BEDCF -- C:\driver\rai\via\SataRaid\SATA\2003IA32\viasraid.sys
[2003.08.05 08:14:32 | 000,077,056 | ---- | M] (VIA Technologies inc,.ltd) MD5=2EAB80850163B2A123D09F34574BEDCF -- C:\driver\rai\via\SataRaid\SATA\Winxp\viasraid.sys
[2003.08.05 08:14:30 | 000,078,796 | ---- | M] (VIA Technologies inc,.ltd) MD5=4E5C34099227570FB04CBEEE11B1BCA3 -- C:\driver\rai\via\SataRaid\SATA\Win2000\viasraid.sys
[2003.08.05 08:14:32 | 000,080,240 | ---- | M] (VIA Technologies inc,.ltd) MD5=7B49F476B041FC1F316A9386D598E998 -- C:\driver\rai\via\SataRaid\SATA\Winnt40\viasraid.sys

< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.03.20 11:57:51 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2005.09.14 00:25:41 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005.09.14 00:25:40 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005.09.14 00:25:40 | 000,462,848 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2011.08.26 13:16:08 | 000,012,700 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< *crack* /s >
[2007.05.04 13:14:31 | 000,000,371 | ---- | M] () -- \Documents and Settings\Jakub Máša\Cookies\jakub máša@likecrack[2].txt
[2007.05.04 13:14:31 | 000,000,086 | ---- | M] () -- \Documents and Settings\Jakub Máša\Cookies\jakub máša@www.likecrack[2].txt
[2007.03.10 22:16:04 | 000,040,579 | ---- | M] () -- \Documents and Settings\Jakub Máša\Plocha\ATEAM\kubiček-pupiček\downloads\Torrents\Removed\GTA[1].Grand.Theft.Auto.San.Andreas.DVD.with.CRACK(1).torrent
[2003.12.05 13:52:40 | 000,000,796 | ---- | M] () -- \Program Files\GTA San Andreas\data\Decision\Craig\crack1.ped
[2006.10.05 21:34:39 | 000,174,904 | ---- | M] () -- \Program Files\Singles\Texture\crackerbox.dds
[2006.01.26 18:10:32 | 000,174,861 | R--- | M] () -- \Program Files\Ubisoft\Red Storm Entertainment\Rainbow Six Lockdown\data\map\m02_sec_03_PC\m02_s3_PC_floorcrack.rsb
[2006.01.26 18:10:32 | 000,349,613 | R--- | M] () -- \Program Files\Ubisoft\Red Storm Entertainment\Rainbow Six Lockdown\data\map\m02_sec_03_PC\m02_s3_PC_floorcracked.rsb
[2006.01.26 18:11:46 | 001,398,189 | R--- | M] () -- \Program Files\Ubisoft\Red Storm Entertainment\Rainbow Six Lockdown\data\map\m07_sec_01_pc\m07_decal_cracks.rsb
[2006.01.26 18:11:48 | 001,398,189 | R--- | M] () -- \Program Files\Ubisoft\Red Storm Entertainment\Rainbow Six Lockdown\data\map\m07_sec_01_pc\m07_s1_concrete_crack_02.rsb
[2006.01.26 18:12:12 | 000,349,613 | R--- | M] () -- \Program Files\Ubisoft\Red Storm Entertainment\Rainbow Six Lockdown\data\map\m08_sec_02_PC\m08_s2_PC_floorcrackdecal1.rsb
[2006.01.26 18:13:00 | 000,011,077 | R--- | M] () -- \Program Files\Ubisoft\Red Storm Entertainment\Rainbow Six Lockdown\data\map\m10_sec_02_pc\M10_S1_crackedgrnd.rsb
[2006.01.26 18:13:12 | 000,087,405 | R--- | M] () -- \Program Files\Ubisoft\Red Storm Entertainment\Rainbow Six Lockdown\data\map\m11_sec_01_pc\m11_pc_edgecrack.rsb
[2006.01.26 18:13:28 | 000,087,525 | R--- | M] () -- \Program Files\Ubisoft\Red Storm Entertainment\Rainbow Six Lockdown\data\map\m11_sec_02_pc\m11_pc_crackg.rsb
[2006.01.26 18:13:28 | 000,087,405 | R--- | M] () -- \Program Files\Ubisoft\Red Storm Entertainment\Rainbow Six Lockdown\data\map\m11_sec_02_pc\m11_pc_edgecrack.rsb
[2006.01.26 18:13:38 | 000,349,613 | R--- | M] () -- \Program Files\Ubisoft\Red Storm Entertainment\Rainbow Six Lockdown\data\map\m12_sec_01_pc\M12_s1_PC_ceilingcrack01.rsb
[2006.01.26 18:13:48 | 000,349,613 | R--- | M] () -- \Program Files\Ubisoft\Red Storm Entertainment\Rainbow Six Lockdown\data\map\m12_sec_03_pc\m12_s3_PC_conwallcracked.rsb
[2006.01.26 18:15:26 | 000,011,077 | R--- | M] () -- \Program Files\Ubisoft\Red Storm Entertainment\Rainbow Six Lockdown\data\map\mp07_rt_syria\mp07_jvm_ceiling_cracked.rsb
[2006.01.26 18:16:12 | 000,087,469 | R--- | M] () -- \Program Files\Ubisoft\Red Storm Entertainment\Rainbow Six Lockdown\data\map\mpcl_03_bunkers\mpcl_03_cracks1.rsb
[2006.01.26 18:18:50 | 000,032,933 | ---- | M] () -- \Program Files\Ubisoft\Red Storm Entertainment\Rainbow Six Lockdown\data\textures\cracked_glass.rsb
[2006.01.26 18:19:08 | 000,349,613 | ---- | M] () -- \Program Files\Ubisoft\Red Storm Entertainment\Rainbow Six Lockdown\data\textures\object\obj_d_crack01.rsb
[2006.01.26 18:19:08 | 001,398,189 | ---- | M] () -- \Program Files\Ubisoft\Red Storm Entertainment\Rainbow Six Lockdown\data\textures\object\obj_d_crack02_faint.rsb

< *keygen* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:54997B77

< End of report >

[)aguar]

Tentokrát "extras" nevyskočil
Lze ho někde najít? Provedl jsem kontrolu i se scriptem co byl prvně.

[Danstahr]

Extras se tvoří jen při první kontrole, to je v pořádku. Zkuste aplikovat skript v nouzovém režimu (restartujte PC, při startu mačkejte F8 a z nabídky vyberte Režim nouze s prací v síti).

[)aguar]

script č 1 nebo č 2?

[Danstahr]

Skript č. 2 (ten opravný - http://www.viry.cz/forum/viewtopic.php? ... 8#p1027028)

[)aguar]

Nejde. Hodí to nějakou rychlou chybu po kliknutí na "ano" po načtení nouzového režimu.. Vypadá jako tabulka když se ptá jestli chci odeslat zprávu o chybě a PC se začne vypínat. Pokusil bych se to natočit co je tam psáno. Ale nevím nevím

edit: tak natocit taky nejde. Tabulka se ukazala jen 1x.

[Danstahr]

Prosím o chvíli strpení...

[)aguar]

čekám

[Danstahr]

Proskenujte PC pomocí AVPTool (http://www.viry.cz/forum/viewtopic.php?t=58179).

[)aguar]

Udělal jsem vše podle návodu, ale napoprvé to za chvíli jakmile našel nějaký win32trojan chtěl "ano" nebo "ne" A teď nevím pořádně už co. Každopádně jsem dal napřed 2x ne. a Potom mě napadlo že bude zastavovat scan pokaždé když něco najde, tak jsem dal ano a proběhla jakýsi další scan a restart. Potom jsem spustil podruhé kaspersky a nakonci vyskočili tyto logy

DELETED:
Status: Deleted (events: 39)
29.8.2011 15:03:22 Deleted Trojan program Backdoor.Win32.Gbot.mjf C:\Documents and Settings\Jakub Máša\Data aplikací\dwmu.exe High
29.8.2011 15:06:46 Deleted Trojan program Backdoor.Win32.Gbot.ndz C:\Documents and Settings\Jakub Máša\Data aplikací\Microsoft\conhost.exe High
29.8.2011 15:17:37 Deleted Trojan program Trojan.VBS.TudaSuda.c C:\Documents and Settings\Jakub Máša\Dokumenty\ICQ Lite\219272721\=()_248396822\Zajic ve vane.vbs High
29.8.2011 15:17:37 Deleted Trojan program Trojan.VBS.TudaSuda.c C:\Documents and Settings\Jakub Máša\Dokumenty\ICQ Lite\219272721\Erl_359407178\autii.vbs High
29.8.2011 15:17:38 Deleted Trojan program Trojan.VBS.TudaSuda.c C:\Documents and Settings\Jakub Máša\Dokumenty\ICQ Lite\219272721\klárča_275656823\medvidek.vbs High
29.8.2011 15:17:39 Deleted Trojan program Trojan.VBS.TudaSuda.c C:\Documents and Settings\Jakub Máša\Dokumenty\ICQ Lite\219272721\pepa14_323172321\evička a lucinka.vbs High
29.8.2011 15:17:40 Deleted Trojan program Trojan.VBS.TudaSuda.c C:\Documents and Settings\Jakub Máša\Dokumenty\ICQ Lite\219272721\pepa14_323172321\fotka evy.vbs High
29.8.2011 15:17:39 Deleted Trojan program Trojan.VBS.TudaSuda.c C:\Documents and Settings\Jakub Máša\Dokumenty\ICQ Lite\219272721\pepa14_323172321\Vtipy.vbs High
29.8.2011 15:30:51 Deleted Trojan program Backdoor.Win32.Wisdoor.iw C:\Documents and Settings\Jakub Máša\Plocha\ATEAM\kubiček-pupiček\pičoviny\tip_dne.exe High
29.8.2011 15:30:51 Deleted Trojan program Backdoor.Win32.Wisdoor.iw C:\Documents and Settings\Jakub Máša\Plocha\ATEAM\kubiček-pupiček\pičoviny\tip_dne.exe//PE_Patch High
29.8.2011 15:30:51 Deleted Trojan program Backdoor.Win32.Wisdoor.iw C:\Documents and Settings\Jakub Máša\Plocha\ATEAM\kubiček-pupiček\pičoviny\tip_dne.exe//PE_Patch//Molebox High
29.8.2011 15:35:47 Deleted Trojan program Backdoor.Win32.Gbot.ndz C:\Documents and Settings\Jana Mášová\Data aplikací\Microsoft\conhost.exe High
29.8.2011 15:51:23 Deleted adware not-a-virus:AdWare.Win32.Agent.bic C:\Documents and Settings\Jana Mášová\Local Settings\Temp\tmp15.tmp Medium
29.8.2011 15:51:23 Deleted adware not-a-virus:AdWare.Win32.Agent.bic C:\Documents and Settings\Jana Mášová\Local Settings\Temp\tmp15.tmp//data0003 Medium
29.8.2011 15:51:26 Deleted adware not-a-virus:AdWare.Win32.Agent.aoa C:\Documents and Settings\Jana Mášová\Local Settings\Temp\tmp19.tmp Medium
29.8.2011 15:51:26 Deleted adware not-a-virus:AdWare.Win32.Agent.aoa C:\Documents and Settings\Jana Mášová\Local Settings\Temp\tmp19.tmp//data0003 Medium
29.8.2011 15:51:52 Deleted adware not-a-virus:AdWare.Win32.Agent.bds C:\Documents and Settings\Jana Mášová\Local Settings\Temp\tmp20.tmp Medium
29.8.2011 15:51:52 Deleted adware not-a-virus:AdWare.Win32.Agent.bds C:\Documents and Settings\Jana Mášová\Local Settings\Temp\tmp20.tmp//data0003 Medium
29.8.2011 16:03:54 Deleted Trojan program Trojan-Downloader.WMA.Wimad.m C:\Documents and Settings\Markéta Mášová\Dokumenty\Morpheus Shared\Downloads\cotton eye joy.wm High
29.8.2011 16:04:07 Deleted Trojan program Trojan-Downloader.WMA.Wimad.l C:\Documents and Settings\Markéta Mášová\Dokumenty\Morpheus Shared\Downloads\03 Track 3.wma High
29.8.2011 16:06:05 Deleted Trojan program Trojan-Downloader.WMA.Wimad.t C:\Documents and Settings\Markéta Mášová\Dokumenty\Morpheus Shared\Downloads\čarodějky z eastwiku.wma High
29.8.2011 16:56:18 Deleted Trojan program Backdoor.Win32.Gbot.mgs C:\Program Files\Internet Explorer\conhost.exe High
29.8.2011 17:19:39 Deleted Trojan program Trojan.Win32.Menti.hisf C:\RECYCLER\S-1-5-21-1847444920-2511039311-3333254768-1007\Dc27.exe High
29.8.2011 17:19:40 Deleted Trojan program Trojan.Win32.Menti.hisf C:\RECYCLER\S-1-5-21-1847444920-2511039311-3333254768-1007\Dc28.exe High
29.8.2011 17:20:22 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0005040.exe High
29.8.2011 17:20:23 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006040.exe High
29.8.2011 17:20:24 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006041.exe High
29.8.2011 17:20:26 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006048.exe High
29.8.2011 17:20:27 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006049.exe High
29.8.2011 17:20:28 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006056.exe High
29.8.2011 17:20:29 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006057.exe High
29.8.2011 17:20:31 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006064.exe High
29.8.2011 17:20:32 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006065.exe High
29.8.2011 17:20:33 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006072.exe High
29.8.2011 17:20:34 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006073.exe High
29.8.2011 17:23:43 Deleted Trojan program Backdoor.Win32.Gbot.mgs C:\WINDOWS\gbot111.exe High
29.8.2011 17:42:41 Deleted adware not-a-virus:AdWare.Win32.WurldMedia.b C:\WINDOWS\system32\mos.exe Medium
29.8.2011 17:42:41 Deleted adware not-a-virus:AdWare.Win32.WurldMedia.c C:\WINDOWS\system32\mos.exe//WISE0015.BIN Medium
29.8.2011 17:42:41 Deleted adware not-a-virus:AdWare.Win32.WurldMedia.b C:\WINDOWS\system32\mos.exe//WISE0017.BIN Medium
Status: Quarantined (events: 4)
29.8.2011 16:03:16 Quarantined virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\Markéta Mášová\Data aplikací\Microsoft\conhost.exe High
29.8.2011 16:03:16 Quarantined virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\Markéta Mášová\Data aplikací\Microsoft\conhost.exe High
29.8.2011 17:20:40 Quarantined virus HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006092.exe High
29.8.2011 17:20:40 Quarantined virus HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006092.exe High
Status: Disinfected (events: 5)
29.8.2011 16:04:13 Disinfected Trojan program Trojan-Downloader.WMA.GetCodec.w C:\Documents and Settings\Markéta Mášová\Dokumenty\Morpheus Shared\Downloads\ka- chen.mp3 High
29.8.2011 16:04:26 Disinfected Trojan program Trojan-Downloader.WMA.GetCodec.r C:\Documents and Settings\Markéta Mášová\Dokumenty\Morpheus Shared\Downloads\guess who batman .mp3 High
29.8.2011 16:04:45 Disinfected Trojan program Trojan-Downloader.WMA.GetCodec.c C:\Documents and Settings\Markéta Mášová\Dokumenty\Morpheus Shared\Downloads\čarodějky z eastwiku.mp3 High
29.8.2011 17:18:50 Disinfected Trojan program Trojan-Downloader.WMA.GetCodec.c C:\RECYCLER\S-1-5-21-1847444920-2511039311-3333254768-1006\Dc149.mp3 High
29.8.2011 17:18:57 Disinfected Trojan program Trojan-Downloader.WMA.GetCodec.c C:\RECYCLER\S-1-5-21-1847444920-2511039311-3333254768-1006\Dc150.mp3 High


QUARANTINED:
Status: Deleted (events: 39)
29.8.2011 15:03:22 Deleted Trojan program Backdoor.Win32.Gbot.mjf C:\Documents and Settings\Jakub Máša\Data aplikací\dwmu.exe High
29.8.2011 15:06:46 Deleted Trojan program Backdoor.Win32.Gbot.ndz C:\Documents and Settings\Jakub Máša\Data aplikací\Microsoft\conhost.exe High
29.8.2011 15:17:37 Deleted Trojan program Trojan.VBS.TudaSuda.c C:\Documents and Settings\Jakub Máša\Dokumenty\ICQ Lite\219272721\=()_248396822\Zajic ve vane.vbs High
29.8.2011 15:17:37 Deleted Trojan program Trojan.VBS.TudaSuda.c C:\Documents and Settings\Jakub Máša\Dokumenty\ICQ Lite\219272721\Erl_359407178\autii.vbs High
29.8.2011 15:17:38 Deleted Trojan program Trojan.VBS.TudaSuda.c C:\Documents and Settings\Jakub Máša\Dokumenty\ICQ Lite\219272721\klárča_275656823\medvidek.vbs High
29.8.2011 15:17:39 Deleted Trojan program Trojan.VBS.TudaSuda.c C:\Documents and Settings\Jakub Máša\Dokumenty\ICQ Lite\219272721\pepa14_323172321\evička a lucinka.vbs High
29.8.2011 15:17:40 Deleted Trojan program Trojan.VBS.TudaSuda.c C:\Documents and Settings\Jakub Máša\Dokumenty\ICQ Lite\219272721\pepa14_323172321\fotka evy.vbs High
29.8.2011 15:17:39 Deleted Trojan program Trojan.VBS.TudaSuda.c C:\Documents and Settings\Jakub Máša\Dokumenty\ICQ Lite\219272721\pepa14_323172321\Vtipy.vbs High
29.8.2011 15:30:51 Deleted Trojan program Backdoor.Win32.Wisdoor.iw C:\Documents and Settings\Jakub Máša\Plocha\ATEAM\kubiček-pupiček\pičoviny\tip_dne.exe High
29.8.2011 15:30:51 Deleted Trojan program Backdoor.Win32.Wisdoor.iw C:\Documents and Settings\Jakub Máša\Plocha\ATEAM\kubiček-pupiček\pičoviny\tip_dne.exe//PE_Patch High
29.8.2011 15:30:51 Deleted Trojan program Backdoor.Win32.Wisdoor.iw C:\Documents and Settings\Jakub Máša\Plocha\ATEAM\kubiček-pupiček\pičoviny\tip_dne.exe//PE_Patch//Molebox High
29.8.2011 15:35:47 Deleted Trojan program Backdoor.Win32.Gbot.ndz C:\Documents and Settings\Jana Mášová\Data aplikací\Microsoft\conhost.exe High
29.8.2011 15:51:23 Deleted adware not-a-virus:AdWare.Win32.Agent.bic C:\Documents and Settings\Jana Mášová\Local Settings\Temp\tmp15.tmp Medium
29.8.2011 15:51:23 Deleted adware not-a-virus:AdWare.Win32.Agent.bic C:\Documents and Settings\Jana Mášová\Local Settings\Temp\tmp15.tmp//data0003 Medium
29.8.2011 15:51:26 Deleted adware not-a-virus:AdWare.Win32.Agent.aoa C:\Documents and Settings\Jana Mášová\Local Settings\Temp\tmp19.tmp Medium
29.8.2011 15:51:26 Deleted adware not-a-virus:AdWare.Win32.Agent.aoa C:\Documents and Settings\Jana Mášová\Local Settings\Temp\tmp19.tmp//data0003 Medium
29.8.2011 15:51:52 Deleted adware not-a-virus:AdWare.Win32.Agent.bds C:\Documents and Settings\Jana Mášová\Local Settings\Temp\tmp20.tmp Medium
29.8.2011 15:51:52 Deleted adware not-a-virus:AdWare.Win32.Agent.bds C:\Documents and Settings\Jana Mášová\Local Settings\Temp\tmp20.tmp//data0003 Medium
29.8.2011 16:03:54 Deleted Trojan program Trojan-Downloader.WMA.Wimad.m C:\Documents and Settings\Markéta Mášová\Dokumenty\Morpheus Shared\Downloads\cotton eye joy.wm High
29.8.2011 16:04:07 Deleted Trojan program Trojan-Downloader.WMA.Wimad.l C:\Documents and Settings\Markéta Mášová\Dokumenty\Morpheus Shared\Downloads\03 Track 3.wma High
29.8.2011 16:06:05 Deleted Trojan program Trojan-Downloader.WMA.Wimad.t C:\Documents and Settings\Markéta Mášová\Dokumenty\Morpheus Shared\Downloads\čarodějky z eastwiku.wma High
29.8.2011 16:56:18 Deleted Trojan program Backdoor.Win32.Gbot.mgs C:\Program Files\Internet Explorer\conhost.exe High
29.8.2011 17:19:39 Deleted Trojan program Trojan.Win32.Menti.hisf C:\RECYCLER\S-1-5-21-1847444920-2511039311-3333254768-1007\Dc27.exe High
29.8.2011 17:19:40 Deleted Trojan program Trojan.Win32.Menti.hisf C:\RECYCLER\S-1-5-21-1847444920-2511039311-3333254768-1007\Dc28.exe High
29.8.2011 17:20:22 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0005040.exe High
29.8.2011 17:20:23 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006040.exe High
29.8.2011 17:20:24 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006041.exe High
29.8.2011 17:20:26 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006048.exe High
29.8.2011 17:20:27 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006049.exe High
29.8.2011 17:20:28 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006056.exe High
29.8.2011 17:20:29 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006057.exe High
29.8.2011 17:20:31 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006064.exe High
29.8.2011 17:20:32 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006065.exe High
29.8.2011 17:20:33 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006072.exe High
29.8.2011 17:20:34 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006073.exe High
29.8.2011 17:23:43 Deleted Trojan program Backdoor.Win32.Gbot.mgs C:\WINDOWS\gbot111.exe High
29.8.2011 17:42:41 Deleted adware not-a-virus:AdWare.Win32.WurldMedia.b C:\WINDOWS\system32\mos.exe Medium
29.8.2011 17:42:41 Deleted adware not-a-virus:AdWare.Win32.WurldMedia.c C:\WINDOWS\system32\mos.exe//WISE0015.BIN Medium
29.8.2011 17:42:41 Deleted adware not-a-virus:AdWare.Win32.WurldMedia.b C:\WINDOWS\system32\mos.exe//WISE0017.BIN Medium
Status: Quarantined (events: 4)
29.8.2011 16:03:16 Quarantined virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\Markéta Mášová\Data aplikací\Microsoft\conhost.exe High
29.8.2011 16:03:16 Quarantined virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\Markéta Mášová\Data aplikací\Microsoft\conhost.exe High
29.8.2011 17:20:40 Quarantined virus HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006092.exe High
29.8.2011 17:20:40 Quarantined virus HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006092.exe High
Status: Disinfected (events: 5)
29.8.2011 16:04:13 Disinfected Trojan program Trojan-Downloader.WMA.GetCodec.w C:\Documents and Settings\Markéta Mášová\Dokumenty\Morpheus Shared\Downloads\ka- chen.mp3 High
29.8.2011 16:04:26 Disinfected Trojan program Trojan-Downloader.WMA.GetCodec.r C:\Documents and Settings\Markéta Mášová\Dokumenty\Morpheus Shared\Downloads\guess who batman .mp3 High
29.8.2011 16:04:45 Disinfected Trojan program Trojan-Downloader.WMA.GetCodec.c C:\Documents and Settings\Markéta Mášová\Dokumenty\Morpheus Shared\Downloads\čarodějky z eastwiku.mp3 High
29.8.2011 17:18:50 Disinfected Trojan program Trojan-Downloader.WMA.GetCodec.c C:\RECYCLER\S-1-5-21-1847444920-2511039311-3333254768-1006\Dc149.mp3 High
29.8.2011 17:18:57 Disinfected Trojan program Trojan-Downloader.WMA.GetCodec.c C:\RECYCLER\S-1-5-21-1847444920-2511039311-3333254768-1006\Dc150.mp3 High


DISINFECTED:
Status: Deleted (events: 39)
29.8.2011 15:03:22 Deleted Trojan program Backdoor.Win32.Gbot.mjf C:\Documents and Settings\Jakub Máša\Data aplikací\dwmu.exe High
29.8.2011 15:06:46 Deleted Trojan program Backdoor.Win32.Gbot.ndz C:\Documents and Settings\Jakub Máša\Data aplikací\Microsoft\conhost.exe High
29.8.2011 15:17:37 Deleted Trojan program Trojan.VBS.TudaSuda.c C:\Documents and Settings\Jakub Máša\Dokumenty\ICQ Lite\219272721\=()_248396822\Zajic ve vane.vbs High
29.8.2011 15:17:37 Deleted Trojan program Trojan.VBS.TudaSuda.c C:\Documents and Settings\Jakub Máša\Dokumenty\ICQ Lite\219272721\Erl_359407178\autii.vbs High
29.8.2011 15:17:38 Deleted Trojan program Trojan.VBS.TudaSuda.c C:\Documents and Settings\Jakub Máša\Dokumenty\ICQ Lite\219272721\klárča_275656823\medvidek.vbs High
29.8.2011 15:17:39 Deleted Trojan program Trojan.VBS.TudaSuda.c C:\Documents and Settings\Jakub Máša\Dokumenty\ICQ Lite\219272721\pepa14_323172321\evička a lucinka.vbs High
29.8.2011 15:17:40 Deleted Trojan program Trojan.VBS.TudaSuda.c C:\Documents and Settings\Jakub Máša\Dokumenty\ICQ Lite\219272721\pepa14_323172321\fotka evy.vbs High
29.8.2011 15:17:39 Deleted Trojan program Trojan.VBS.TudaSuda.c C:\Documents and Settings\Jakub Máša\Dokumenty\ICQ Lite\219272721\pepa14_323172321\Vtipy.vbs High
29.8.2011 15:30:51 Deleted Trojan program Backdoor.Win32.Wisdoor.iw C:\Documents and Settings\Jakub Máša\Plocha\ATEAM\kubiček-pupiček\pičoviny\tip_dne.exe High
29.8.2011 15:30:51 Deleted Trojan program Backdoor.Win32.Wisdoor.iw C:\Documents and Settings\Jakub Máša\Plocha\ATEAM\kubiček-pupiček\pičoviny\tip_dne.exe//PE_Patch High
29.8.2011 15:30:51 Deleted Trojan program Backdoor.Win32.Wisdoor.iw C:\Documents and Settings\Jakub Máša\Plocha\ATEAM\kubiček-pupiček\pičoviny\tip_dne.exe//PE_Patch//Molebox High
29.8.2011 15:35:47 Deleted Trojan program Backdoor.Win32.Gbot.ndz C:\Documents and Settings\Jana Mášová\Data aplikací\Microsoft\conhost.exe High
29.8.2011 15:51:23 Deleted adware not-a-virus:AdWare.Win32.Agent.bic C:\Documents and Settings\Jana Mášová\Local Settings\Temp\tmp15.tmp Medium
29.8.2011 15:51:23 Deleted adware not-a-virus:AdWare.Win32.Agent.bic C:\Documents and Settings\Jana Mášová\Local Settings\Temp\tmp15.tmp//data0003 Medium
29.8.2011 15:51:26 Deleted adware not-a-virus:AdWare.Win32.Agent.aoa C:\Documents and Settings\Jana Mášová\Local Settings\Temp\tmp19.tmp Medium
29.8.2011 15:51:26 Deleted adware not-a-virus:AdWare.Win32.Agent.aoa C:\Documents and Settings\Jana Mášová\Local Settings\Temp\tmp19.tmp//data0003 Medium
29.8.2011 15:51:52 Deleted adware not-a-virus:AdWare.Win32.Agent.bds C:\Documents and Settings\Jana Mášová\Local Settings\Temp\tmp20.tmp Medium
29.8.2011 15:51:52 Deleted adware not-a-virus:AdWare.Win32.Agent.bds C:\Documents and Settings\Jana Mášová\Local Settings\Temp\tmp20.tmp//data0003 Medium
29.8.2011 16:03:54 Deleted Trojan program Trojan-Downloader.WMA.Wimad.m C:\Documents and Settings\Markéta Mášová\Dokumenty\Morpheus Shared\Downloads\cotton eye joy.wm High
29.8.2011 16:04:07 Deleted Trojan program Trojan-Downloader.WMA.Wimad.l C:\Documents and Settings\Markéta Mášová\Dokumenty\Morpheus Shared\Downloads\03 Track 3.wma High
29.8.2011 16:06:05 Deleted Trojan program Trojan-Downloader.WMA.Wimad.t C:\Documents and Settings\Markéta Mášová\Dokumenty\Morpheus Shared\Downloads\čarodějky z eastwiku.wma High
29.8.2011 16:56:18 Deleted Trojan program Backdoor.Win32.Gbot.mgs C:\Program Files\Internet Explorer\conhost.exe High
29.8.2011 17:19:39 Deleted Trojan program Trojan.Win32.Menti.hisf C:\RECYCLER\S-1-5-21-1847444920-2511039311-3333254768-1007\Dc27.exe High
29.8.2011 17:19:40 Deleted Trojan program Trojan.Win32.Menti.hisf C:\RECYCLER\S-1-5-21-1847444920-2511039311-3333254768-1007\Dc28.exe High
29.8.2011 17:20:22 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0005040.exe High
29.8.2011 17:20:23 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006040.exe High
29.8.2011 17:20:24 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006041.exe High
29.8.2011 17:20:26 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006048.exe High
29.8.2011 17:20:27 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006049.exe High
29.8.2011 17:20:28 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006056.exe High
29.8.2011 17:20:29 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006057.exe High
29.8.2011 17:20:31 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006064.exe High
29.8.2011 17:20:32 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006065.exe High
29.8.2011 17:20:33 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006072.exe High
29.8.2011 17:20:34 Deleted Trojan program Trojan.Win32.Menti.hisf C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006073.exe High
29.8.2011 17:23:43 Deleted Trojan program Backdoor.Win32.Gbot.mgs C:\WINDOWS\gbot111.exe High
29.8.2011 17:42:41 Deleted adware not-a-virus:AdWare.Win32.WurldMedia.b C:\WINDOWS\system32\mos.exe Medium
29.8.2011 17:42:41 Deleted adware not-a-virus:AdWare.Win32.WurldMedia.c C:\WINDOWS\system32\mos.exe//WISE0015.BIN Medium
29.8.2011 17:42:41 Deleted adware not-a-virus:AdWare.Win32.WurldMedia.b C:\WINDOWS\system32\mos.exe//WISE0017.BIN Medium
Status: Quarantined (events: 4)
29.8.2011 16:03:16 Quarantined virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\Markéta Mášová\Data aplikací\Microsoft\conhost.exe High
29.8.2011 16:03:16 Quarantined virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\Markéta Mášová\Data aplikací\Microsoft\conhost.exe High
29.8.2011 17:20:40 Quarantined virus HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006092.exe High
29.8.2011 17:20:40 Quarantined virus HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{106AD663-1E9E-415B-A789-09B515C49F48}\RP3\A0006092.exe High
Status: Disinfected (events: 5)
29.8.2011 16:04:13 Disinfected Trojan program Trojan-Downloader.WMA.GetCodec.w C:\Documents and Settings\Markéta Mášová\Dokumenty\Morpheus Shared\Downloads\ka- chen.mp3 High
29.8.2011 16:04:26 Disinfected Trojan program Trojan-Downloader.WMA.GetCodec.r C:\Documents and Settings\Markéta Mášová\Dokumenty\Morpheus Shared\Downloads\guess who batman .mp3 High
29.8.2011 16:04:45 Disinfected Trojan program Trojan-Downloader.WMA.GetCodec.c C:\Documents and Settings\Markéta Mášová\Dokumenty\Morpheus Shared\Downloads\čarodějky z eastwiku.mp3 High
29.8.2011 17:18:50 Disinfected Trojan program Trojan-Downloader.WMA.GetCodec.c C:\RECYCLER\S-1-5-21-1847444920-2511039311-3333254768-1006\Dc149.mp3 High
29.8.2011 17:18:57 Disinfected Trojan program Trojan-Downloader.WMA.GetCodec.c C:\RECYCLER\S-1-5-21-1847444920-2511039311-3333254768-1006\Dc150.mp3 High