PC-HELP.CZ

Prosím o kontrolu logu, jde jen o prevenci

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:10:44, on 12.7.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
D:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 4123 bytes

Ahoj,


Spustíš program HJT
-klikni na tlačítko Do a system scan and save a logfile
-Vyběhne tabulka, na začátku každého řádku je čtvereček.
-U řádku , který jsem označila, dáš do čtverečku
fajfku

-nakonec zmáčkneš tlačítko Fix checked


Log je ok, ale pokud chceš, raději bych udělala podrobnější sken Rsitem

Stahni Rsit http://images.malwareremoval.com/random/RSIT.exe
-spusť, klikni na tlačítko Continue
-po skenu na tebe vyběhne log.txt,obsah vlož zde

Logfile of random's system information tool 1.08 (written by random/random)
Run by PoKaRko at 2010-07-12 10:25:13
Systém Microsoft Windows XP Professional Service Pack 2
System drive D: has 26 GB (68%) free of 38 GB
Total RAM: 2046 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:27:18, on 12.7.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\uTorrent\uTorrent.exe
D:\Documents and Settings\PoKaRko\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\PoKaRko.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\RunOnce: [ScanSpyware] "C:\Program Files\ScanSpyware\3.9.2.0\ScanSpyware.exe" -DBRLDAF
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 3774 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\AppleSoftwareUpdate.job
D:\WINDOWS\tasks\AWC AutoSweep.job
D:\WINDOWS\tasks\SmartDefrag.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ScanSpyware"=C:\Program Files\ScanSpyware\3.9.2.0\ScanSpyware.exe [2010-05-26 4543488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
D:\WINDOWS\system32\Ati2evxx.dll [2009-07-21 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{F552DDE6-2090-4bf4-B924-6141E87789A5}"=C:\PROGRA~1\Greatis\REGRUN~1\RRShell.dll [2009-04-06 335943]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=253
"NoDriveAutoRun"=67108863
"NoDriveAutoRun-"=0
"NoDriveTypeAutoRun-"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=253
"NoDrives"=0
"NoDriveAutoRun-"=0
"NoDriveTypeAutoRun-"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="D:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Metin2_CZ\metin2.bin"="C:\Program Files\Metin2_CZ\metin2.bin:*:Enabled:metin2"
"D:\Program Files\VideoLAN\VLC\vlc.exe"="D:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Autodesk\3dsMax8\3dsmax.exe"="C:\Program Files\Autodesk\3dsMax8\3dsmax.exe:*:Enabled:Autodesk 3ds Max 8"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\hry\Enemy Territory - QUAKE Wars\etqw.exe"="C:\hry\Enemy Territory - QUAKE Wars\etqw.exe:*:Enabled:Enemy Territory: QUAKE Wars"
"C:\xampp\mysql\bin\mysqld.exe"="C:\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server"
"C:\Program Files\PremiumSoft\Navicat Lite 8.2\navicat.exe"="C:\Program Files\PremiumSoft\Navicat Lite 8.2\navicat.exe:*:Enabled:Navicat"
"C:\Program Files\Metin2_CZ\metin2client.bin.exe"="C:\Program Files\Metin2_CZ\metin2client.bin.exe:*:Enabled:metin2client.bin"
"C:\hry\NBA 2K10 RePack by Chikatila\nba2k10.exe"="C:\hry\NBA 2K10 RePack by Chikatila\nba2k10.exe:*:Enabled:2K Sports NBA 2K10"
"C:\Program Files\Metin2_CZ\metin2client.bin"="C:\Program Files\Metin2_CZ\metin2client.bin:*:Enabled:metin2client"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"D:\WINDOWS\system32\dpvsetup.exe"="D:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\hry\Assassin's Creed II\UPlayBrowser.exe"="C:\hry\Assassin's Creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay"
"C:\hry\Metin2_CZ\metin2.bin"="C:\hry\Metin2_CZ\metin2.bin:*:Enabled:metin2"
"C:\hry\Metin2_CZ\metin2client.bin"="C:\hry\Metin2_CZ\metin2client.bin:*:Enabled:metin2client"
"C:\Program Files\Metin2_CZ\metin2 unpatched.exe"="C:\Program Files\Metin2_CZ\metin2 unpatched.exe:*:Enabled:metin2 unpatched"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-07-12 10:25:13 ----D---- D:\rsit
2010-07-12 08:47:45 ----RASHOT---- D:\WINDOWS\winstart.bat
2010-07-12 08:43:20 ----A---- D:\WINDOWS\system32\drivers\regguard.sys
2010-07-12 08:42:54 ----RSHD---- D:\desktop.ini
2010-07-12 08:42:54 ----RSHD---- D:\comment.htt
2010-07-12 08:42:54 ----RSHD---- D:\autorun.inf
2010-07-12 08:42:06 ----A---- D:\WINDOWS\system32\Partizan.exe
2010-07-12 08:42:06 ----A---- D:\WINDOWS\system32\drivers\Partizan.sys
2010-07-12 08:41:41 ----A---- D:\WINDOWS\WinBait.exe
2010-07-12 08:41:41 ----A---- D:\WINDOWS\RunGuard.exe
2010-07-12 08:41:24 ----D---- C:\Program Files\Greatis
2010-07-12 08:35:07 ----A---- D:\WINDOWS\ScanSpyware.INI
2010-07-12 08:26:10 ----D---- D:\Documents and Settings\PoKaRko\Data aplikací\ScanSpyware
2010-07-12 08:26:09 ----A---- D:\WINDOWS\system32\ssbtsr.exe
2010-07-12 08:26:07 ----D---- C:\Program Files\ScanSpyware
2010-07-11 21:51:52 ----D---- D:\Documents and Settings\All Users\Data aplikací\NCH Swift Sound
2010-07-11 21:51:48 ----D---- D:\Documents and Settings\PoKaRko\Data aplikací\NCH Swift Sound
2010-07-11 21:51:48 ----D---- C:\Program Files\NCH Swift Sound
2010-07-03 18:38:53 ----D---- D:\Documents and Settings\PoKaRko\Data aplikací\Ashampoo
2010-07-01 11:40:09 ----D---- C:\Program Files\No-IP
2010-07-01 06:49:42 ----SHD---- D:\RECYCLER
2010-06-30 19:50:34 ----A---- D:\ComboFix.txt
2010-06-30 15:50:05 ----A---- D:\WINDOWS\vncutil.exe
2010-06-30 15:50:03 ----A---- D:\WINDOWS\USB_VIDEO_REG.exe
2010-06-30 15:49:55 ----A---- D:\WINDOWS\snp2uvc.ini
2010-06-30 15:49:55 ----A---- D:\WINDOWS\SkyTel.exe
2010-06-30 15:49:53 ----RA---- D:\WINDOWS\SET8.tmp
2010-06-30 15:49:53 ----RA---- D:\WINDOWS\SET4.tmp
2010-06-30 15:49:53 ----RA---- D:\WINDOWS\SET3.tmp
2010-06-30 15:49:52 ----A---- D:\WINDOWS\RtlUpd.exe
2010-06-30 15:49:50 ----A---- D:\WINDOWS\RtkUpd.exe
2010-06-30 15:49:50 ----A---- D:\WINDOWS\RtkAudioService.exe
2010-06-30 15:49:32 ----A---- D:\WINDOWS\PLFSetL.exe
2010-06-30 15:49:32 ----A---- D:\WINDOWS\PLFSetI.exe
2010-06-30 15:49:31 ----A---- D:\WINDOWS\PidList.ini
2010-06-30 15:49:29 ----A---- D:\WINDOWS\notepad.exe.mui
2010-06-30 15:49:29 ----A---- D:\WINDOWS\notepad.exe.manifest
2010-06-30 15:49:28 ----A---- D:\WINDOWS\NeroDigital.ini
2010-06-30 15:49:25 ----A---- D:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt
2010-06-30 15:49:22 ----A---- D:\WINDOWS\Image.dll
2010-06-30 15:49:18 ----A---- D:\WINDOWS\FixUVC.exe
2010-06-30 15:49:16 ----A---- D:\WINDOWS\DIIUnin.pif
2010-06-30 15:49:16 ----A---- D:\WINDOWS\DIIUnin.exe
2010-06-30 15:49:14 ----A---- D:\WINDOWS\BtwIEProxy.exe
2010-06-30 15:49:13 ----A---- D:\WINDOWS\avisplitter.ini
2010-06-30 15:49:10 ----A---- D:\WINDOWS\arservice.exe
2010-06-30 15:49:10 ----A---- D:\WINDOWS\arpwrmsg.exe
2010-06-30 15:49:10 ----A---- D:\WINDOWS\arpower.dll
2010-06-30 15:49:10 ----A---- D:\WINDOWS\armcex.dll
2010-06-30 15:49:02 ----A---- D:\WINDOWS\agrsmdel.exe
2010-06-30 15:44:24 ----A---- D:\WINDOWS\system32\TWUNK_32.EXE
2010-06-30 15:44:24 ----A---- D:\WINDOWS\system32\TWUNK_16.EXE
2010-06-30 15:42:46 ----A---- D:\WINDOWS\system32\twain_32.dll
2010-06-29 21:21:41 ----A---- D:\WINDOWS\system32\tmp.txt
2010-06-29 21:21:32 ----A---- D:\rapport.txt
2010-06-29 20:33:49 ----A---- D:\WINDOWS\zip.exe
2010-06-29 20:33:49 ----A---- D:\WINDOWS\SWXCACLS.exe
2010-06-29 20:33:49 ----A---- D:\WINDOWS\SWSC.exe
2010-06-29 20:33:49 ----A---- D:\WINDOWS\SWREG.exe
2010-06-29 20:33:49 ----A---- D:\WINDOWS\sed.exe
2010-06-29 20:33:49 ----A---- D:\WINDOWS\PEV.exe
2010-06-29 20:33:49 ----A---- D:\WINDOWS\NIRCMD.exe
2010-06-29 20:33:49 ----A---- D:\WINDOWS\MBR.exe
2010-06-29 20:33:49 ----A---- D:\WINDOWS\grep.exe
2010-06-29 20:33:35 ----D---- D:\WINDOWS\ERDNT
2010-06-29 20:30:59 ----AD---- D:\Qoobox
2010-06-29 16:40:21 ----D---- D:\Documents and Settings\PoKaRko\Data aplikací\FreeFixer
2010-06-29 15:20:35 ----A---- D:\WINDOWS\system32\XAudio2_7.dll
2010-06-29 15:20:35 ----A---- D:\WINDOWS\system32\XAPOFX1_5.dll
2010-06-29 15:20:34 ----A---- D:\WINDOWS\system32\xactengine3_7.dll
2010-06-29 15:20:34 ----A---- D:\WINDOWS\system32\D3DCompiler_43.dll
2010-06-29 15:20:33 ----A---- D:\WINDOWS\system32\d3dx11_43.dll
2010-06-29 15:20:33 ----A---- D:\WINDOWS\system32\d3dcsx_43.dll
2010-06-29 15:20:32 ----A---- D:\WINDOWS\system32\d3dx10_43.dll
2010-06-29 15:20:31 ----A---- D:\WINDOWS\system32\D3DX9_43.dll
2010-06-29 15:19:03 ----D---- D:\Documents and Settings\PoKaRko\Data aplikací\Star Wars - The Force Unleashed
2010-06-28 16:33:26 ----A---- D:\WINDOWS\system32\FontInstaller.dll
2010-06-28 16:33:24 ----D---- C:\Program Files\High-Logic FontCreator6
2010-06-28 16:19:03 ----D---- D:\Documents and Settings\PoKaRko\Data aplikací\FontCreator
2010-06-28 13:37:17 ----A---- D:\WINDOWS\system32\unicows.dll
2010-06-28 13:37:17 ----A---- D:\WINDOWS\system32\pthreadGC2.dll
2010-06-28 13:37:17 ----A---- D:\WINDOWS\system32\ff_vfw.dll.manifest
2010-06-28 13:37:17 ----A---- D:\WINDOWS\system32\ff_vfw.dll
2010-06-27 00:49:00 ----D---- D:\Documents and Settings\All Users\Data aplikací\ALM
2010-06-26 20:15:17 ----D---- C:\Program Files\Adobe Media Player
2010-06-26 20:13:32 ----D---- D:\Program Files\Common Files\Adobe AIR
2010-06-26 20:05:28 ----D---- D:\Documents and Settings\PoKaRko\Data aplikací\CENZURA HD
2010-06-26 20:05:21 ----D---- C:\Program Files\CENZURA HD
2010-06-25 20:36:38 ----D---- C:\Program Files\rgcaudio software
2010-06-20 11:14:53 ----D---- C:\Program Files\Creative Labs
2010-06-20 11:14:53 ----A---- D:\WINDOWS\system32\eax.dll
2010-06-20 11:13:10 ----D---- C:\Program Files\EidosNet
2010-06-20 11:13:10 ----D---- C:\Program Files\Eidos Interactive
2010-06-19 20:07:55 ----N---- D:\WINDOWS\system32\spmsg.dll
2010-06-19 20:06:46 ----D---- D:\WINDOWS\system32\drivers\UMDF
2010-06-19 20:06:41 ----HDC---- D:\WINDOWS\$NtUninstallWudf01000$
2010-06-19 20:05:42 ----A---- D:\WINDOWS\system32\drivers\s1018unic.sys
2010-06-19 20:05:42 ----A---- D:\WINDOWS\system32\drivers\s1018mgmt.sys
2010-06-19 20:05:42 ----A---- D:\WINDOWS\system32\drivers\s1018cr.sys
2010-06-19 20:05:41 ----A---- D:\WINDOWS\system32\drivers\s1018obex.sys
2010-06-19 20:05:41 ----A---- D:\WINDOWS\system32\drivers\s1018nd5.sys
2010-06-19 20:05:40 ----A---- D:\WINDOWS\system32\drivers\s1018mdm.sys
2010-06-19 20:05:40 ----A---- D:\WINDOWS\system32\drivers\s1018mdfl.sys
2010-06-19 20:05:40 ----A---- D:\WINDOWS\system32\drivers\s1018cmnt.sys
2010-06-19 20:05:40 ----A---- D:\WINDOWS\system32\drivers\s1018cm.sys
2010-06-19 20:05:39 ----A---- D:\WINDOWS\system32\drivers\s1018whnt.sys
2010-06-19 20:05:39 ----A---- D:\WINDOWS\system32\drivers\s1018wh.sys
2010-06-19 20:05:39 ----A---- D:\WINDOWS\system32\drivers\s1018bus.sys
2010-06-17 18:48:11 ----A---- D:\WINDOWS\system32\UFS2XXUN.ini
2010-06-17 18:48:11 ----A---- D:\WINDOWS\system32\drivers\UFS2XX.sys
2010-06-17 18:48:10 ----A---- D:\WINDOWS\system32\UFS2XXUN.exe
2010-06-17 18:48:10 ----A---- D:\WINDOWS\system32\UFS2XX.dll
2010-06-17 16:47:24 ----A---- D:\WINDOWS\system32\bassmod.dll
2010-06-16 21:21:06 ----D---- C:\Program Files\Digiarty
2010-06-16 18:31:46 ----D---- D:\Documents and Settings\PoKaRko\Data aplikací\Ubisoft
2010-06-16 18:31:46 ----D---- D:\Documents and Settings\All Users\Data aplikací\Ubisoft
2010-06-16 18:13:05 ----D---- C:\Program Files\Ubisoft
2010-06-16 18:12:32 ----D---- D:\Documents and Settings\All Users\Data aplikací\ICQ
2010-06-16 18:10:50 ----D---- C:\Program Files\ICQ7.2
2010-06-13 16:51:42 ----HDC---- D:\WINDOWS\$NtUninstallXPSEPSCLP$
2010-06-13 16:51:10 ----D---- D:\WINDOWS\system32\cs-CZ
2010-06-13 16:44:03 ----D---- D:\WINDOWS\system32\xlive
2010-06-13 16:44:02 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2010-06-13 16:39:21 ----D---- D:\WINDOWS\system32\NtmsData
2010-06-13 16:25:55 ----D---- D:\Program Files\Common Files\EZB Systems
2010-06-13 16:25:54 ----D---- C:\Program Files\UltraISO
2010-06-13 08:39:34 ----A---- D:\WINDOWS\system32\drivers\ezplay.sys
2010-06-13 08:39:34 ----A---- D:\Documents and Settings\PoKaRko\Data aplikací\TBFUPVCF.ini
2010-06-13 08:39:34 ----A---- D:\Documents and Settings\PoKaRko\Data aplikací\ezplay.sys
2010-06-13 08:39:34 ----A---- D:\Documents and Settings\PoKaRko\Data aplikací\ezpinst.exe
2010-06-13 00:32:09 ----D---- D:\Documents and Settings\PoKaRko\Data aplikací\IDMComp
2010-06-13 00:32:09 ----D---- C:\Program Files\IDM Computer Solutions

======List of files/folders modified in the last 1 months======

2010-07-12 10:26:37 ----D---- D:\Documents and Settings\PoKaRko\Data aplikací\uTorrent
2010-07-12 10:21:46 ----D---- C:\Program Files\Mozilla Firefox
2010-07-12 09:25:26 ----D---- D:\Documents and Settings\PoKaRko\Data aplikací\HLSW
2010-07-12 08:47:45 ----D---- D:\WINDOWS
2010-07-12 08:46:46 ----D---- D:\WINDOWS\system32
2010-07-12 08:43:20 ----D---- D:\WINDOWS\system32\drivers
2010-07-12 08:24:22 ----D---- D:\WINDOWS\system32\CatRoot2
2010-07-12 08:18:26 ----D---- D:\WINDOWS\Prefetch
2010-07-12 08:18:25 ----D---- D:\WINDOWS\Temp
2010-07-12 00:12:03 ----N---- D:\WINDOWS\SchedLgU.Txt
2010-07-12 00:11:32 ----D---- D:\Documents and Settings\PoKaRko\Data aplikací\ICQ
2010-07-11 23:10:08 ----A---- D:\WINDOWS\WINCMD.INI
2010-07-11 22:59:13 ----A---- D:\WINDOWS\wcx_ftp.ini
2010-07-11 22:23:06 ----D---- D:\Documents and Settings\PoKaRko\Data aplikací\Adobe
2010-07-11 22:14:23 ----RSD---- D:\WINDOWS\Fonts
2010-07-10 20:59:15 ----D---- D:\Documents and Settings\PoKaRko\Data aplikací\vlc
2010-07-09 12:03:17 ----D---- D:\WINDOWS\system32\config
2010-07-09 10:43:50 ----D---- D:\Documents and Settings\PoKaRko\Data aplikací\Skype
2010-07-09 10:27:13 ----D---- D:\Documents and Settings\PoKaRko\Data aplikací\skypePM
2010-07-09 01:13:45 ----D---- D:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-07-09 01:13:41 ----D---- D:\WINDOWS\Debug
2010-07-09 01:01:57 ----SD---- D:\WINDOWS\Tasks
2010-07-09 00:48:03 ----D---- D:\WINDOWS\system32\drivers\etc
2010-07-09 00:42:09 ----A---- D:\WINDOWS\WDICT32.INI
2010-07-08 18:15:08 ----A---- D:\WINDOWS\system32\PnkBstrA.exe
2010-07-05 19:08:32 ----D---- D:\Documents and Settings\PoKaRko\Data aplikací\Hamachi
2010-07-04 13:26:52 ----D---- D:\WINDOWS\security
2010-07-04 12:39:14 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-02 12:26:29 ----D---- C:\Program Files\Metin2_CZ
2010-07-01 06:53:34 ----D---- C:\Program Files\CCleaner
2010-07-01 06:16:01 ----RSHDC---- D:\WINDOWS\system32\dllcache
2010-07-01 06:15:52 ----D---- C:\Program Files\internet explorer
2010-06-30 20:28:01 ----D---- D:\WINDOWS\system32\Setup
2010-06-30 20:27:35 ----D---- C:\Program Files\movie maker
2010-06-30 20:27:33 ----D---- D:\WINDOWS\system32\wbem
2010-06-30 20:25:21 ----D---- D:\WINDOWS\system32\Restore
2010-06-30 20:21:39 ----D---- D:\WINDOWS\system32\oobe
2010-06-30 20:16:21 ----D---- D:\WINDOWS\system32\Com
2010-06-30 20:15:19 ----D---- D:\WINDOWS\Help
2010-06-30 20:15:10 ----D---- D:\WINDOWS\system
2010-06-30 19:45:30 ----A---- D:\WINDOWS\system.ini
2010-06-30 19:41:54 ----D---- D:\WINDOWS\AppPatch
2010-06-30 19:29:07 ----SHD---- D:\System Volume Information
2010-06-29 21:31:25 ----HDC---- D:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-06-29 21:20:11 ----A---- D:\WINDOWS\win.ini
2010-06-29 20:45:27 ----D---- C:\Program Files\Cheat Engine
2010-06-29 16:59:49 ----D---- D:\Documents and Settings\PoKaRko\Data aplikací\TeamViewer
2010-06-29 16:52:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-29 16:40:19 ----D---- C:\Program Files\FreeFixer
2010-06-29 15:23:59 ----SHD---- D:\WINDOWS\Installer
2010-06-29 15:23:57 ----D---- D:\WINDOWS\WinSxS
2010-06-29 15:20:36 ----D---- D:\WINDOWS\system32\DirectX
2010-06-29 15:20:35 ----HD---- D:\WINDOWS\inf
2010-06-29 15:20:29 ----HD---- D:\WINDOWS\msdownld.tmp
2010-06-29 15:19:52 ----D---- D:\WINDOWS\Logs
2010-06-28 13:37:13 ----D---- C:\Program Files\Cucusoft
2010-06-27 12:16:59 ----D---- D:\WINDOWS\Microsoft.NET
2010-06-27 12:16:58 ----RSD---- D:\WINDOWS\assembly
2010-06-27 11:58:36 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2010-06-27 01:05:19 ----D---- C:\Program Files\Adobe
2010-06-27 00:47:47 ----D---- D:\Program Files\Common Files\Adobe
2010-06-27 00:43:54 ----D---- D:\Documents and Settings\All Users\Data aplikací\Adobe
2010-06-26 23:07:24 ----D---- D:\Documents and Settings\PoKaRko\Data aplikací\Vso
2010-06-25 20:38:11 ----D---- C:\Program Files\VstPlugins
2010-06-25 20:33:24 ----D---- C:\Program Files\Image-Line
2010-06-22 17:52:59 ----D---- D:\Documents and Settings\PoKaRko\Data aplikací\dvdcss
2010-06-19 20:07:35 ----D---- C:\Program Files\windows media player
2010-06-19 20:06:46 ----D---- D:\WINDOWS\system32\LogFiles
2010-06-19 20:05:46 ----D---- D:\WINDOWS\system32\ReinstallBackups
2010-06-19 20:05:42 ----DC---- D:\WINDOWS\system32\DRVSTORE
2010-06-16 18:51:26 ----A---- D:\WINDOWS\WTRAN32.INI
2010-06-14 16:55:02 ----D---- C:\Program Files\LG PC Suite II
2010-06-13 22:23:45 ----D---- D:\Documents and Settings\PoKaRko\Data aplikací\LG Electronics
2010-06-13 19:01:39 ----D---- D:\Documents and Settings\PoKaRko\Data aplikací\Winamp
2010-06-13 16:51:13 ----D---- D:\WINDOWS\system32\XPSViewer
2010-06-13 16:44:03 ----ASD---- D:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-06-13 08:39:30 ----D---- C:\Program Files\VSO
2010-06-13 00:19:52 ----SD---- D:\WINDOWS\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BootScreen;BootScreen; D:\WINDOWS\System32\drivers\vidstub.sys [2010-01-30 163456]
R0 d347bus;d347bus; D:\WINDOWS\system32\DRIVERS\d347bus.sys [2004-08-22 155136]
R0 d347prt;d347prt; D:\WINDOWS\System32\Drivers\d347prt.sys [2004-08-22 5248]
R0 giveio;giveio; D:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 PxHelp20;PxHelp20; D:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 speedfan;speedfan; D:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 TPkd;TPkd; D:\WINDOWS\system32\drivers\TPkd.sys [2009-05-21 90472]
R0 vax347b;vax347b; D:\WINDOWS\system32\DRIVERS\vax347b.sys [2005-07-08 159616]
R0 vax347s;vax347s; D:\WINDOWS\System32\Drivers\vax347s.sys [2004-04-30 5248]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; D:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; D:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; D:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys []
R1 VBoxDrv;VirtualBox Service; D:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2009-12-17 123280]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; D:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2009-12-17 41616]
R2 adfs;adfs; D:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 aswFsBlk;aswFsBlk; D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; D:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 atksgt;atksgt; D:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-05-08 281760]
R2 lirsgt;lirsgt; D:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-05-08 25888]
R3 aswRdr;aswRdr; D:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; D:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-07-21 3565056]
R3 Egatebus;Egatebus; D:\WINDOWS\system32\drivers\egatebus.sys [2006-05-19 15328]
R3 Egaterdr;Egaterdr; D:\WINDOWS\system32\drivers\egaterdr.sys [2006-05-19 13440]
R3 ezplay;VSO Software ezplay; D:\WINDOWS\System32\Drivers\ezplay.sys [2010-06-13 94080]
R3 hamachi;Hamachi Network Interface; D:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-27 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-11-24 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-07-13 3851264]
R3 mouhid;Ovladač myši standardu HID; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-11-24 12160]
R3 pcouffin;VSO Software pcouffin; D:\WINDOWS\System32\Drivers\pcouffin.sys [2010-03-28 47360]
R3 RegGuard;RegGuard; \??\D:\WINDOWS\system32\Drivers\regguard.sys []
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; D:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; D:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2009-12-17 99152]
R3 VBoxNetFlt;VBoxNetFlt Service; D:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys [2009-12-17 110096]
S0 Partizan;Partizan; D:\WINDOWS\system32\drivers\Partizan.sys [2010-07-12 35816]
S3 catchme;catchme; \??\D:\ComboFix\catchme.sys []
S3 FlashUSB;FlashUSB; D:\WINDOWS\system32\DRIVERS\FlashUSB.sys [2009-05-12 16896]
S3 ggflt;SEMC USB Flash Driver Filter; D:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-09-25 13352]
S3 ggsemc;SEMC USB Flash Driver; D:\WINDOWS\system32\DRIVERS\ggsemc.sys [2007-09-25 20520]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; D:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 NPF;NetGroup Packet Filter Driver; D:\WINDOWS\system32\drivers\npf.sys [2007-06-21 42512]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); D:\WINDOWS\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; D:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; D:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); D:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); D:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; D:\WINDOWS\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); D:\WINDOWS\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
S3 SCREAMINGBDRIVER;Screaming Bee Audio; D:\WINDOWS\system32\drivers\ScreamingBAudio.sys []
S3 usbbus;LGE Mobile Composite USB Device; D:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2008-11-11 13056]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 UsbDiag;LGE Mobile USB Serial Port; D:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2008-11-11 19968]
S3 USBModem;LGE Mobile USB Modem; D:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2008-11-11 24832]
S3 Wdf01000;Wdf01000; D:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; D:\WINDOWS\system32\Ati2evxx.exe [2009-07-21 602112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-06 153376]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
R2 UxTuneUp;TuneUp Theme Extension; D:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 ATI Smart;ATI Smart; D:\WINDOWS\system32\ati2sgag.exe [2009-07-21 593920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-06-26 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; D:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-06-21 92792]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-01-24 435016]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 PnkBstrA;PnkBstrA; D:\WINDOWS\system32\PnkBstrA.exe [2010-07-08 66872]

-----------------EOF-----------------

Combofix jsi použil proč? Kdo Ti ho poradil?

Program ScanSpyware neznám, doporučila bych Ti spíše jiný, třeba SAS nebo Mbam.

Otestuj na http://www.virustotal.com


D:\WINDOWS\WinBait.exe
D:\WINDOWS\RunGuard.exe
D:\WINDOWS\winstart.bat

-Do okénka zkopíruj cestu k souboru , pokud napíše, že soubor byl už testován, dej otestovat znovu.
-Sem vlož link s výsledky.



Stahni Mbam http://download.cnet.com/3001-8022_4-10 ... l-10804572
-nainstaluj, aktualizuj
-udělej uplný sken a vlož sem log

Tak mbam je čistej combofix sem si fixla ty kravinky xD A scanspyware sem viděla že odstraní vir wcdrtc32.dll leží v syystem32 a nechce jít pryč a od tý doby co se ukazuje tak mi skoro u každé aplikace když spouštim přímo nainstalovaný program přes .exe a ne přes zástupce hodí že je to vir :WIN32:Sality-fix nebo jen Win32:Sality.

Nestraš se sality , to by bylo horší. Odkdy Ti tento vir hlásí? jak je to dlouho?
Sality je něco jako virut, pokud ho opravdu máš, většinou to končí reinstalem systému. Pokud by sis dělala zálohu souborů, tak nezálohuj exe soubory, pravděpodobně budou napadeny. Zatím ale počkej, co najde AVPtool, když tak Ti pak upřesním, co dál.




Běž do nouzového režimu ( po restartu mačkej F8 a vyber nouzový režims prací v síti)

Stáhni OTL
http://oldtimer.geekstogo.com/OTL.exe
-do spodního okénka vlož tento skript:


-dej fajfku do čtverečku u řádku Pro všechny uživatele
-nech ostatní položky jak je nastaveno na screenu
- potvrď tlačítko Prohledat.
-provede se sken, log OTL.Txt sem vlož




Stahni AVPtool http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
-nainstaluj, nech provést sken všechn jednotek
-co najde nech léčit
-pak sem vlož log.

OTL logfile created on: 13.7.2010 9:09:32 - Run 4
OTL by OldTimer - Version 3.2.9.0 Folder = D:\Documents and Settings\PoKaRko\Dokumenty\Stažené soubory
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195,32 Gb Total Space | 24,32 Gb Free Space | 12,45% Space Free | Partition Type: NTFS
Drive D: | 37,56 Gb Total Space | 24,42 Gb Free Space | 65,02% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VOJTOVO-PC
Current User Name: PoKaRko
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - D:\Documents and Settings\PoKaRko\Dokumenty\Stažené soubory\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files\Miranda IM\miranda32.exe ( )
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)
PRC - D:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - D:\Documents and Settings\PoKaRko\Dokumenty\Stažené soubory\OTL.exe (OldTimer Tools)
MOD - D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - D:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (wuauserv) -- C:\WINDOWS\system32\wuauserv.dll File not found
SRV - (HidServ) -- D:\WINDOWS\System32\hidserv.dll File not found
SRV - (FLEXnet Licensing Service) -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (aspnet_state) -- D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- D:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (Microsoft Office Groove Audit Service) -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv) -- D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (StarWindService) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)


========== Driver Services (SafeList) ==========

DRV - (SCREAMINGBDRIVER) -- D:\WINDOWS\System32\drivers\ScreamingBAudio.sys File not found
DRV - (catchme) -- D:\ComboFix\catchme.sys File not found
DRV - (RegGuard) -- D:\WINDOWS\system32\drivers\regguard.sys (Greatis Software)
DRV - (Partizan) -- D:\WINDOWS\system32\drivers\Partizan.sys (Greatis Software)
DRV - (ezplay) -- D:\WINDOWS\system32\drivers\ezplay.sys (VSO Software)
DRV - (atksgt) -- D:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- D:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (hamachi) -- D:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (BootScreen) -- D:\WINDOWS\System32\drivers\vidstub.sys ()
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (VBoxDrv) -- D:\WINDOWS\system32\drivers\VBoxDrv.sys (Sun Microsystems, Inc.)
DRV - (VBoxNetFlt) -- D:\WINDOWS\system32\drivers\VBoxNetFlt.sys (Sun Microsystems, Inc.)
DRV - (VBoxNetAdp) -- D:\WINDOWS\system32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)
DRV - (VBoxUSBMon) -- D:\WINDOWS\system32\drivers\VBoxUSBMon.sys (Sun Microsystems, Inc.)
DRV - (aswMon2) -- D:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- D:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- D:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- D:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- D:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- D:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (ati2mtag) -- D:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (TPkd) -- D:\WINDOWS\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (FlashUSB) -- D:\WINDOWS\system32\drivers\FlashUSB.sys (Danish Wireless Design A/S)
DRV - (s1018mdm) -- D:\WINDOWS\system32\drivers\s1018mdm.sys (MCCI Corporation)
DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- D:\WINDOWS\system32\drivers\s1018unic.sys (MCCI Corporation)
DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- D:\WINDOWS\system32\drivers\s1018mgmt.sys (MCCI Corporation)
DRV - (s1018obex) -- D:\WINDOWS\system32\drivers\s1018obex.sys (MCCI Corporation)
DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- D:\WINDOWS\system32\drivers\s1018bus.sys (MCCI Corporation)
DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- D:\WINDOWS\system32\drivers\s1018nd5.sys (MCCI Corporation)
DRV - (s1018mdfl) -- D:\WINDOWS\system32\drivers\s1018mdfl.sys (MCCI Corporation)
DRV - (USBModem) -- D:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- D:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- D:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (adfs) -- D:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (ggsemc) -- D:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- D:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (NPF) -- D:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (speedfan) -- D:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (Egatebus) -- D:\WINDOWS\system32\drivers\egatebus.sys (Axalto)
DRV - (Egaterdr) -- D:\WINDOWS\system32\drivers\egaterdr.sys (Axalto)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- D:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (vax347b) -- D:\WINDOWS\system32\DRIVERS\vax347b.sys ( )
DRV - (HDAudBus) -- D:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (HdAudAddService) -- D:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (d347prt) -- D:\WINDOWS\System32\Drivers\d347prt.sys ( )
DRV - (d347bus) -- D:\WINDOWS\system32\DRIVERS\d347bus.sys ( )
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- D:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (vax347s) -- D:\WINDOWS\System32\Drivers\vax347s.sys ( )
DRV - (giveio) -- D:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-329068152-152049171-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.cz/"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: gemgecko@gemius.com:1.02
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.3


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.23 16:48:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.23 16:48:57 | 000,000,000 | ---D | M]

[2010.02.16 14:44:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\PoKaRko\Data aplikací\Mozilla\Extensions
[2010.07.12 21:21:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\PoKaRko\Data aplikací\Mozilla\Firefox\Profiles\1ii8yyw2.default\extensions
[2010.05.15 11:56:38 | 000,000,000 | ---D | M] (FlashGot) -- D:\Documents and Settings\PoKaRko\Data aplikací\Mozilla\Firefox\Profiles\1ii8yyw2.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010.04.02 22:12:34 | 000,000,000 | ---D | M] (Aero Fox) -- D:\Documents and Settings\PoKaRko\Data aplikací\Mozilla\Firefox\Profiles\1ii8yyw2.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2010.06.20 10:26:05 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\PoKaRko\Data aplikací\Mozilla\Firefox\Profiles\1ii8yyw2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.02.16 14:49:49 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- D:\Documents and Settings\PoKaRko\Data aplikací\Mozilla\Firefox\Profiles\1ii8yyw2.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.04.13 17:10:07 | 000,000,000 | ---D | M] (Download Statusbar) -- D:\Documents and Settings\PoKaRko\Data aplikací\Mozilla\Firefox\Profiles\1ii8yyw2.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.05.22 13:38:46 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\PoKaRko\Data aplikací\Mozilla\Firefox\Profiles\1ii8yyw2.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions
[2010.05.22 13:38:46 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\PoKaRko\Data aplikací\Mozilla\Firefox\Profiles\1ii8yyw2.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
[2010.05.22 13:38:46 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\PoKaRko\Data aplikací\Mozilla\Firefox\Profiles\1ii8yyw2.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions
[2010.04.02 22:12:54 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\PoKaRko\Data aplikací\Mozilla\Firefox\Profiles\1ii8yyw2.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2010.05.05 13:37:38 | 000,002,555 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Data aplikací\Mozilla\Firefox\Profiles\1ii8yyw2.default\searchplugins\askcom.xml
[2010.07.09 09:16:53 | 000,000,956 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Data aplikací\Mozilla\Firefox\Profiles\1ii8yyw2.default\searchplugins\icqplugin.xml
[2010.03.07 02:46:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.02 11:50:18 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.04.02 11:50:18 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.04.02 11:50:18 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.04.02 11:50:18 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.04.02 11:50:18 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.07.09 00:48:03 | 000,371,110 | R--- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12818 more lines...
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-152049171-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O7 - HKU\S-1-5-21-329068152-152049171-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-329068152-152049171-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-329068152-152049171-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O7 - HKU\S-1-5-21-329068152-152049171-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (D:\Documents and Settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe) - D:\Documents and Settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - D:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: D:\Documents and Settings\PoKaRko\Plocha\Pozadí pfflochy.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\PoKaRko\Plocha\Pozadí pfflochy.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {F552DDE6-2090-4bf4-B924-6141E87789A5} - C:\Program Files\Greatis\RegRunSuite\RRShell.dll (Greatis Software, LLC)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.10.17 16:23:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.07.12 08:42:54 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.07.12 08:42:54 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (Partizan) - D:\WINDOWS\System32\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (on\E) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - D:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - D:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - C:\WINDOWS\system32\wuauserv.dll File not found

Drivers32: msacm.divxa32 - D:\WINDOWS\System32\DivXa32.acm (Kristal StudioD
FileDescription)
Drivers32: msacm.iac2 - D:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - D:\WINDOWS\System32\l3codeca.acm (Kristal Studio)
Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - D:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIV3 - D:\WINDOWS\System32\DivXc32.dll (Kristal Studio)
Drivers32: vidc.DIVX - D:\WINDOWS\System32\DivX.dll ()
Drivers32: VIDC.FPS1 - D:\WINDOWS\System32\frapsvid.dll ()
Drivers32: vidc.iv31 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - D:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - D:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - D:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - D:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - D:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - D:\WINDOWS\system32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 30 Days ==========

[2010.07.12 22:03:18 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\PoKaRko\Recent
[2010.07.12 21:11:57 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files
[2010.07.12 16:41:48 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Plocha\Nová složka
[2010.07.12 16:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\TopCD
[2010.07.12 16:08:34 | 001,774,269 | ---- | C] (US-Action, s.r.o. ) -- D:\Documents and Settings\PoKaRko\Plocha\autorun.exe
[2010.07.12 16:08:27 | 000,739,343 | ---- | C] (US-Action, s.r.o. ) -- D:\Documents and Settings\PoKaRko\Plocha\setup.exe
[2010.07.12 16:08:24 | 043,574,864 | ---- | C] (Kaspersky Lab) -- D:\Documents and Settings\PoKaRko\Plocha\kaspersky.exe
[2010.07.12 16:05:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Plocha\Zetor
[2010.07.12 16:05:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Plocha\Zamek
[2010.07.12 16:05:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Plocha\Visaci
[2010.07.12 16:05:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Plocha\Text
[2010.07.12 16:05:35 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Plocha\sdk
[2010.07.12 16:05:32 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Plocha\DirectX
[2010.07.12 16:05:11 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Plocha\data
[2010.07.12 16:04:35 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Plocha\Bonus
[2010.07.12 16:04:34 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Plocha\autorun
[2010.07.12 15:53:52 | 000,000,000 | ---D | C] -- C:\Program Files\Landwirtschafts-Simulator 2009
[2010.07.12 13:27:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Data aplikací\Locktime
[2010.07.12 13:27:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Data aplikací\Locktime
[2010.07.12 10:25:13 | 000,000,000 | ---D | C] -- D:\rsit
[2010.07.12 08:43:20 | 000,024,416 | ---- | C] (Greatis Software) -- D:\WINDOWS\System32\drivers\regguard.sys
[2010.07.12 08:42:54 | 000,000,000 | RHSD | C] -- D:\desktop.ini
[2010.07.12 08:42:54 | 000,000,000 | RHSD | C] -- D:\comment.htt
[2010.07.12 08:42:54 | 000,000,000 | RHSD | C] -- D:\autorun.inf
[2010.07.12 08:42:06 | 000,037,600 | ---- | C] (Greatis Software) -- D:\WINDOWS\System32\Partizan.exe
[2010.07.12 08:42:06 | 000,035,816 | ---- | C] (Greatis Software) -- D:\WINDOWS\System32\drivers\Partizan.sys
[2010.07.12 08:42:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Dokumenty\RegRun2
[2010.07.12 08:41:41 | 001,385,240 | ---- | C] (Greatis Software) -- D:\WINDOWS\RunGuard.exe
[2010.07.12 08:41:41 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dokumenty\regruninfo
[2010.07.12 08:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\Greatis
[2010.07.12 08:26:10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Data aplikací\ScanSpyware
[2010.07.12 08:26:09 | 000,008,704 | ---- | C] (ScanSpyware.net) -- D:\WINDOWS\System32\ssbtsr.exe
[2010.07.12 08:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSpyware
[2010.07.11 22:14:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Dokumenty\bank-gothic-light-bt.ttf
[2010.07.11 21:51:52 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Data aplikací\NCH Swift Sound
[2010.07.11 21:51:48 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Data aplikací\NCH Swift Sound
[2010.07.11 21:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2010.07.03 18:38:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Data aplikací\Ashampoo
[2010.07.01 11:40:09 | 000,000,000 | ---D | C] -- C:\Program Files\No-IP
[2010.07.01 06:49:42 | 000,000,000 | -HSD | C] -- D:\RECYCLER
[2010.07.01 06:15:52 | 000,018,432 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\iedw.exe
[2010.06.30 15:50:05 | 000,358,944 | ---- | C] (Realtek Semiconductor Crop.) -- D:\WINDOWS\vncutil.exe
[2010.06.30 15:49:55 | 001,833,504 | ---- | C] (Realtek Semiconductor Corp.) -- D:\WINDOWS\SkyTel.exe
[2010.06.30 15:49:52 | 001,489,440 | ---- | C] (Realtek Semiconductor Corp.) -- D:\WINDOWS\RtlUpd.exe
[2010.06.30 15:49:50 | 001,200,128 | ---- | C] (Realtek Semiconductor Corp.) -- D:\WINDOWS\RtkUpd.exe
[2010.06.30 15:49:50 | 000,129,568 | ---- | C] (Realtek Semiconductor) -- D:\WINDOWS\RtkAudioService.exe
[2010.06.30 15:49:32 | 000,094,208 | ---- | C] (sonix) -- D:\WINDOWS\PLFSetL.exe
[2010.06.30 15:49:29 | 000,020,480 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\notepad.exe.mui
[2010.06.30 15:49:16 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- D:\WINDOWS\DIIUnin.exe
[2010.06.30 15:49:14 | 000,027,176 | ---- | C] (Broadcom Corporation.) -- D:\WINDOWS\BtwIEProxy.exe
[2010.06.30 15:49:10 | 000,077,312 | ---- | C] (Microsoft) -- D:\WINDOWS\arpwrmsg.exe
[2010.06.30 15:49:10 | 000,069,312 | ---- | C] (Microsoft) -- D:\WINDOWS\arpower.dll
[2010.06.30 15:49:10 | 000,058,880 | ---- | C] (Microsoft) -- D:\WINDOWS\arservice.exe
[2010.06.30 15:49:02 | 000,050,752 | ---- | C] (Agere Systems) -- D:\WINDOWS\agrsmdel.exe
[2010.06.30 15:44:24 | 000,069,632 | ---- | C] (Twain Working Group) -- D:\WINDOWS\System32\TWUNK_32.EXE
[2010.06.30 15:44:24 | 000,048,560 | ---- | C] (Twain Working Group) -- D:\WINDOWS\System32\TWUNK_16.EXE
[2010.06.30 15:42:46 | 000,077,312 | ---- | C] (Twain Working Group) -- D:\WINDOWS\System32\twain_32.dll
[2010.06.29 20:33:49 | 000,212,480 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWXCACLS.exe
[2010.06.29 20:33:49 | 000,161,792 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWREG.exe
[2010.06.29 20:33:49 | 000,136,704 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWSC.exe
[2010.06.29 20:33:49 | 000,031,232 | ---- | C] (NirSoft) -- D:\WINDOWS\NIRCMD.exe
[2010.06.29 20:33:35 | 000,000,000 | ---D | C] -- D:\WINDOWS\ERDNT
[2010.06.29 20:30:59 | 000,000,000 | ---D | C] -- D:\Qoobox
[2010.06.29 16:40:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Local Settings\Data aplikací\FreeFixer
[2010.06.29 16:40:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Data aplikací\FreeFixer
[2010.06.29 16:30:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Local Settings\Data aplikací\Aspyr
[2010.06.29 15:20:35 | 000,527,192 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\XAudio2_7.dll
[2010.06.29 15:20:35 | 000,074,072 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\XAPOFX1_5.dll
[2010.06.29 15:20:34 | 002,106,216 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\D3DCompiler_43.dll
[2010.06.29 15:20:34 | 000,239,960 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\xactengine3_7.dll
[2010.06.29 15:20:33 | 001,868,128 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\d3dcsx_43.dll
[2010.06.29 15:20:33 | 000,248,672 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\d3dx11_43.dll
[2010.06.29 15:20:32 | 000,470,880 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\d3dx10_43.dll
[2010.06.29 15:20:31 | 001,998,168 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\D3DX9_43.dll
[2010.06.29 15:19:03 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Data aplikací\Star Wars - The Force Unleashed
[2010.06.28 16:33:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Local Settings\Data aplikací\FontCreator
[2010.06.28 16:33:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Dokumenty\FontCreator
[2010.06.28 16:33:26 | 000,616,600 | ---- | C] (High-Logic B.V.) -- D:\WINDOWS\System32\FontInstaller.dll
[2010.06.28 16:33:24 | 000,000,000 | ---D | C] -- C:\Program Files\High-Logic FontCreator6
[2010.06.28 16:19:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Dokumenty\Fonts
[2010.06.28 16:19:03 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Data aplikací\FontCreator
[2010.06.28 13:37:26 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Dokumenty\Cucusoft
[2010.06.28 13:37:17 | 000,258,352 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\unicows.dll
[2010.06.28 13:37:17 | 000,060,273 | ---- | C] (Open Source Software community project) -- D:\WINDOWS\System32\pthreadGC2.dll
[2010.06.28 13:37:14 | 000,110,592 | ---- | C] (Cucusoft Inc.) -- D:\WINDOWS\System32\PropListCtrl.ocx
[2010.06.27 00:49:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Data aplikací\ALM
[2010.06.26 20:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010.06.26 20:13:32 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Adobe AIR
[2010.06.26 20:05:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Data aplikací\CENZURA HD
[2010.06.26 20:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\CENZURA HD
[2010.06.25 20:36:38 | 000,000,000 | ---D | C] -- C:\Program Files\rgcaudio software
[2010.06.20 11:14:53 | 000,040,960 | ---- | C] (Creative Technology Ltd.) -- D:\WINDOWS\System32\eax.dll
[2010.06.20 11:14:53 | 000,000,000 | ---D | C] -- C:\Program Files\Creative Labs
[2010.06.20 11:13:10 | 000,000,000 | ---D | C] -- C:\Program Files\EidosNet
[2010.06.20 11:13:10 | 000,000,000 | ---D | C] -- C:\Program Files\Eidos Interactive
[2010.06.19 20:07:55 | 000,014,048 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\spmsg.dll
[2010.06.19 20:06:46 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\drivers\UMDF
[2010.06.19 20:05:42 | 000,109,864 | ---- | C] (MCCI Corporation) -- D:\WINDOWS\System32\drivers\s1018unic.sys
[2010.06.19 20:05:42 | 000,106,208 | ---- | C] (MCCI Corporation) -- D:\WINDOWS\System32\drivers\s1018mgmt.sys
[2010.06.19 20:05:42 | 000,010,792 | ---- | C] (MCCI Corporation) -- D:\WINDOWS\System32\drivers\s1018cr.sys
[2010.06.19 20:05:41 | 000,104,744 | ---- | C] (MCCI Corporation) -- D:\WINDOWS\System32\drivers\s1018obex.sys
[2010.06.19 20:05:41 | 000,026,024 | ---- | C] (MCCI Corporation) -- D:\WINDOWS\System32\drivers\s1018nd5.sys
[2010.06.19 20:05:40 | 000,114,728 | ---- | C] (MCCI Corporation) -- D:\WINDOWS\System32\drivers\s1018mdm.sys
[2010.06.19 20:05:40 | 000,015,016 | ---- | C] (MCCI Corporation) -- D:\WINDOWS\System32\drivers\s1018mdfl.sys
[2010.06.19 20:05:40 | 000,012,200 | ---- | C] (MCCI Corporation) -- D:\WINDOWS\System32\drivers\s1018cmnt.sys
[2010.06.19 20:05:40 | 000,012,200 | ---- | C] (MCCI Corporation) -- D:\WINDOWS\System32\drivers\s1018cm.sys
[2010.06.19 20:05:39 | 000,086,824 | ---- | C] (MCCI Corporation) -- D:\WINDOWS\System32\drivers\s1018bus.sys
[2010.06.19 20:05:39 | 000,012,200 | ---- | C] (MCCI Corporation) -- D:\WINDOWS\System32\drivers\s1018whnt.sys
[2010.06.19 20:05:39 | 000,012,200 | ---- | C] (MCCI Corporation) -- D:\WINDOWS\System32\drivers\s1018wh.sys
[2010.06.17 18:48:11 | 000,034,639 | ---- | C] (FTDI Ltd.) -- D:\WINDOWS\System32\drivers\UFS2XX.sys
[2010.06.17 18:48:10 | 000,081,920 | ---- | C] (SaraSoft) -- D:\WINDOWS\System32\UFS2XX.dll
[2010.06.16 21:21:06 | 000,000,000 | ---D | C] -- C:\Program Files\Digiarty
[2010.06.16 18:31:46 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Data aplikací\Ubisoft
[2010.06.16 18:31:46 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Data aplikací\Ubisoft
[2010.06.16 18:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2010.06.16 18:12:32 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.06.16 18:10:50 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.2
[2010.06.13 16:51:10 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\cs-CZ
[2010.06.13 16:44:03 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\xlive
[2010.06.13 16:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2010.06.13 16:39:21 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\NtmsData
[2010.06.13 16:25:55 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\EZB Systems
[2010.06.13 16:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\UltraISO
[2010.06.13 16:25:54 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Dokumenty\My ISO Files
[2010.05.05 13:25:26 | 000,159,616 | ---- | C] ( ) -- D:\WINDOWS\System32\drivers\vax347b.sys
[2010.05.05 13:25:26 | 000,005,248 | ---- | C] ( ) -- D:\WINDOWS\System32\drivers\vax347s.sys
[2010.01.23 18:57:00 | 000,155,136 | ---- | C] ( ) -- D:\WINDOWS\System32\drivers\d347bus.sys
[2010.01.23 18:57:00 | 000,005,248 | ---- | C] ( ) -- D:\WINDOWS\System32\drivers\d347prt.sys
[4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[2 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.07.13 08:10:02 | 014,680,064 | -H-- | M] () -- D:\Documents and Settings\PoKaRko\NTUSER.DAT
[2010.07.13 08:08:20 | 000,000,380 | ---- | M] () -- D:\WINDOWS\tasks\AWC AutoSweep.job
[2010.07.13 08:08:09 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2010.07.13 08:07:45 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2010.07.13 00:07:31 | 000,000,805 | ---- | M] () -- D:\WINDOWS\ScanSpyware.INI
[2010.07.12 23:29:32 | 000,000,593 | ---- | M] () -- D:\WINDOWS\win.ini
[2010.07.12 23:29:32 | 000,000,305 | ---- | M] () -- D:\WINDOWS\system.ini
[2010.07.12 22:37:08 | 000,017,876 | -H-- | M] () -- D:\WINDOWS\System32\wcdrtc32.dl_
[2010.07.12 21:06:34 | 000,024,416 | ---- | M] (Greatis Software) -- D:\WINDOWS\System32\drivers\regguard.sys
[2010.07.12 17:29:01 | 000,094,752 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Plocha\sexyskater.jpg
[2010.07.12 17:05:50 | 001,455,167 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Plocha\DSC00119.JPG
[2010.07.12 16:51:42 | 000,012,135 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Plocha\email.rar
[2010.07.12 16:49:44 | 000,036,198 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Plocha\DSC00027.JPG
[2010.07.12 16:43:35 | 000,012,135 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Plocha\Script email box.rar
[2010.07.12 16:09:33 | 000,000,749 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Plocha\Traktor Simulátor.lnk
[2010.07.12 15:54:37 | 000,000,804 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Plocha\Landwirtschafts-Simulator 2009.lnk
[2010.07.12 13:32:23 | 358,426,412 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Dokumenty\traktor-zetor-simulator-2009.iso
[2010.07.12 13:27:17 | 002,717,944 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Dokumenty\nl_2011_pro.exe
[2010.07.12 08:47:45 | 000,002,553 | ---- | M] () -- D:\WINDOWS\System32\CONFIG.NT
[2010.07.12 08:47:45 | 000,001,592 | ---- | M] () -- D:\WINDOWS\System32\AUTOEXEC.NT
[2010.07.12 08:47:45 | 000,000,002 | RHS- | M] () -- D:\WINDOWS\winstart.bat
[2010.07.12 08:42:06 | 000,037,600 | ---- | M] (Greatis Software) -- D:\WINDOWS\System32\Partizan.exe
[2010.07.12 08:42:06 | 000,035,816 | ---- | M] (Greatis Software) -- D:\WINDOWS\System32\drivers\Partizan.sys
[2010.07.12 08:41:41 | 000,000,633 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Plocha\RegRun Control Center.lnk
[2010.07.12 08:17:09 | 000,002,323 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Plocha\HiJackThis.lnk
[2010.07.12 07:54:06 | 002,364,360 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2010.07.12 00:12:00 | 000,000,178 | -HS- | M] () -- D:\Documents and Settings\PoKaRko\ntuser.ini
[2010.07.12 00:11:35 | 027,327,680 | -H-- | M] () -- D:\Documents and Settings\PoKaRko\Local Settings\Data aplikací\IconCache.db
[2010.07.12 00:11:32 | 000,000,388 | ---- | M] () -- D:\WINDOWS\tasks\SmartDefrag.job
[2010.07.11 23:49:50 | 000,086,144 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.07.11 23:47:45 | 038,519,167 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Plocha\How_to_make_a_Hip_Hop_RnB_Piano_Beat_in_Fl_Studio.mp4
[2010.07.11 23:32:17 | 000,000,043 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Plocha\How_to_make_a_Hip_Hop_RnB_Piano_Beat_in_Fl_Studio_main_11212.asx
[2010.07.11 23:11:49 | 004,087,007 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Plocha\R-S Clan intro new.mp3
[2010.07.11 23:10:08 | 000,004,287 | ---- | M] () -- D:\WINDOWS\WINCMD.INI
[2010.07.11 22:59:13 | 000,001,066 | ---- | M] () -- D:\WINDOWS\wcx_ftp.ini
[2010.07.11 21:51:51 | 000,000,668 | ---- | M] () -- D:\Documents and Settings\All Users\Plocha\Stamp ID3 Tag Editor.lnk
[2010.07.11 18:30:55 | 000,493,478 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Plocha\R-S Clan intro.mp3
[2010.07.09 22:34:39 | 004,136,469 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Plocha\Pozadí plochy.psd
[2010.07.09 00:48:03 | 000,371,110 | R--- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts
[2010.07.09 00:47:37 | 000,371,110 | R--- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts.20100709-004803.backup
[2010.07.09 00:47:10 | 000,371,110 | R--- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts.20100709-004736.backup
[2010.07.09 00:42:09 | 000,002,192 | ---- | M] () -- D:\WINDOWS\WDICT32.INI
[2010.07.09 00:34:56 | 005,898,296 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Plocha\Pozadí pfflochy.bmp
[2010.07.08 18:07:06 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2010.07.06 16:47:56 | 001,385,240 | ---- | M] (Greatis Software) -- D:\WINDOWS\RunGuard.exe
[2010.07.06 16:47:48 | 000,020,248 | ---- | M] () -- D:\WINDOWS\WinBait.org
[2010.07.06 16:47:48 | 000,020,248 | ---- | M] () -- D:\WINDOWS\WinBait.exe
[2010.07.01 06:53:38 | 000,000,596 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Plocha\CCleaner.lnk
[2010.06.30 19:45:13 | 000,000,027 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts.20100709-004710.backup
[2010.06.30 19:43:40 | 000,000,002 | ---- | M] () -- D:\WINDOWS\Twain001.Mtx
[2010.06.30 15:43:32 | 000,000,000 | ---- | M] () -- D:\WINDOWS\Twunk002.MTX
[2010.06.29 16:40:48 | 000,012,364 | ---- | M] () -- D:\WINDOWS\is-TJ30R.msg
[2010.06.29 16:40:48 | 000,000,396 | ---- | M] () -- D:\WINDOWS\is-TJ30R.lst
[2010.06.28 19:15:07 | 000,061,440 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.28 16:33:41 | 000,000,147 | ---- | M] () -- D:\WINDOWS\fcp5.cfg
[2010.06.27 11:58:36 | 001,143,006 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.27 11:58:36 | 000,495,958 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2010.06.27 11:58:36 | 000,491,064 | ---- | M] () -- D:\WINDOWS\System32\perfh005.dat
[2010.06.27 11:58:36 | 000,098,588 | ---- | M] () -- D:\WINDOWS\System32\perfc005.dat
[2010.06.27 11:58:36 | 000,084,442 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2010.06.26 20:27:50 | 133,667,397 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Dokumenty\Photshop Tutorial Text Effect (HD)_(HD).avi
[2010.06.26 10:03:58 | 000,000,773 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Plocha\TeamViewer 5.lnk
[2010.06.25 21:58:02 | 000,000,284 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.06.19 20:07:41 | 000,316,640 | ---- | M] () -- D:\WINDOWS\WMSysPr9.prx
[2010.06.19 20:06:50 | 000,000,000 | -H-- | M] () -- D:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010.06.17 16:47:24 | 000,034,308 | ---- | M] () -- D:\WINDOWS\System32\bassmod.dll
[2010.06.16 18:51:26 | 000,004,817 | ---- | M] () -- D:\WINDOWS\WTRAN32.INI
[2010.06.16 18:51:26 | 000,000,000 | ---- | M] () -- D:\WINDOWS\XXLGSC
[4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.07.12 23:34:25 | 002,019,328 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\game.exe
[2010.07.12 17:28:58 | 000,094,752 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\sexyskater.jpg
[2010.07.12 17:05:49 | 001,455,167 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\DSC00119.JPG
[2010.07.12 16:51:42 | 000,012,135 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\email.rar
[2010.07.12 16:49:43 | 000,036,198 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\DSC00027.JPG
[2010.07.12 16:43:35 | 000,012,135 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\Script email box.rar
[2010.07.12 16:09:33 | 000,000,749 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\Traktor Simulátor.lnk
[2010.07.12 16:08:34 | 004,214,325 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\Theme.mp3
[2010.07.12 16:08:34 | 000,433,110 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\ZetorHistorie.pdf
[2010.07.12 16:08:27 | 109,274,073 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\setup-1.bin
[2010.07.12 16:08:27 | 002,119,796 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\motor.wav
[2010.07.12 16:08:24 | 000,330,176 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\install.bmp
[2010.07.12 16:08:24 | 000,230,156 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\done.bmp
[2010.07.12 15:54:37 | 000,000,804 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\Landwirtschafts-Simulator 2009.lnk
[2010.07.12 13:26:25 | 002,717,944 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Dokumenty\nl_2011_pro.exe
[2010.07.12 12:29:11 | 358,426,412 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Dokumenty\traktor-zetor-simulator-2009.iso
[2010.07.12 08:47:45 | 000,000,002 | RHS- | C] () -- D:\WINDOWS\winstart.bat
[2010.07.12 08:41:59 | 000,040,253 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Local Settings\Data aplikací\ShLog.txt
[2010.07.12 08:41:41 | 000,057,556 | ---- | C] () -- D:\WINDOWS\guard.bmp
[2010.07.12 08:41:41 | 000,020,248 | ---- | C] () -- D:\WINDOWS\WinBait.org
[2010.07.12 08:41:41 | 000,020,248 | ---- | C] () -- D:\WINDOWS\WinBait.exe
[2010.07.12 08:41:41 | 000,000,633 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\RegRun Control Center.lnk
[2010.07.12 08:35:07 | 000,000,805 | ---- | C] () -- D:\WINDOWS\ScanSpyware.INI
[2010.07.11 23:41:34 | 038,519,167 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\How_to_make_a_Hip_Hop_RnB_Piano_Beat_in_Fl_Studio.mp4
[2010.07.11 23:32:13 | 000,000,043 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\How_to_make_a_Hip_Hop_RnB_Piano_Beat_in_Fl_Studio_main_11212.asx
[2010.07.11 21:51:51 | 000,000,668 | ---- | C] () -- D:\Documents and Settings\All Users\Plocha\Stamp ID3 Tag Editor.lnk
[2010.07.11 19:34:25 | 000,017,876 | -H-- | C] () -- D:\WINDOWS\System32\wcdrtc32.dl_
[2010.07.11 18:32:50 | 004,087,007 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\R-S Clan intro new.mp3
[2010.07.11 18:21:38 | 000,493,478 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\R-S Clan intro.mp3
[2010.07.09 01:01:57 | 000,000,388 | ---- | C] () -- D:\WINDOWS\tasks\SmartDefrag.job
[2010.07.08 21:44:36 | 005,898,296 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\Pozadí pfflochy.bmp
[2010.07.08 21:36:11 | 004,136,469 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\Pozadí plochy.psd
[2010.06.30 19:07:57 | 000,000,002 | ---- | C] () -- D:\WINDOWS\Twain001.Mtx
[2010.06.30 15:50:03 | 000,020,480 | ---- | C] () -- D:\WINDOWS\USB_VIDEO_REG.exe
[2010.06.30 15:50:01 | 000,000,000 | ---- | C] () -- D:\WINDOWS\Twunk002.MTX
[2010.06.30 15:49:56 | 000,006,318 | ---- | C] () -- D:\WINDOWS\Suyin.reg
[2010.06.30 15:49:55 | 000,015,497 | ---- | C] () -- D:\WINDOWS\snp2uvc.ini
[2010.06.30 15:49:55 | 000,013,022 | ---- | C] () -- D:\WINDOWS\snp2uvc.src
[2010.06.30 15:49:32 | 000,200,704 | ---- | C] () -- D:\WINDOWS\PLFSetI.exe
[2010.06.30 15:49:31 | 000,000,036 | ---- | C] () -- D:\WINDOWS\PidList.ini
[2010.06.30 15:49:29 | 000,001,979 | ---- | C] () -- D:\WINDOWS\notepad.exe.manifest
[2010.06.30 15:49:29 | 000,000,000 | ---- | C] () -- D:\WINDOWS\nsreg.dat
[2010.06.30 15:49:28 | 000,000,049 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini
[2010.06.30 15:49:22 | 000,626,688 | ---- | C] () -- D:\WINDOWS\Image.dll
[2010.06.30 15:49:18 | 000,106,496 | ---- | C] () -- D:\WINDOWS\FixUVC.exe
[2010.06.30 15:49:16 | 000,028,712 | ---- | C] () -- D:\WINDOWS\DIIUnin.dat
[2010.06.30 15:49:16 | 000,002,829 | ---- | C] () -- D:\WINDOWS\DIIUnin.pif
[2010.06.30 15:49:13 | 000,000,038 | ---- | C] () -- D:\WINDOWS\avisplitter.ini
[2010.06.30 15:49:10 | 000,050,176 | ---- | C] () -- D:\WINDOWS\armcex.dll
[2010.06.30 15:49:02 | 000,222,382 | ---- | C] () -- D:\WINDOWS\Acer Crystal Eye webcam.ico
[2010.06.29 20:33:49 | 000,256,512 | ---- | C] () -- D:\WINDOWS\PEV.exe
[2010.06.29 20:33:49 | 000,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe
[2010.06.29 20:33:49 | 000,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe
[2010.06.29 20:33:49 | 000,077,312 | ---- | C] () -- D:\WINDOWS\MBR.exe
[2010.06.29 20:33:49 | 000,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe
[2010.06.29 16:40:48 | 000,012,364 | ---- | C] () -- D:\WINDOWS\is-TJ30R.msg
[2010.06.29 16:40:48 | 000,000,396 | ---- | C] () -- D:\WINDOWS\is-TJ30R.lst
[2010.06.28 16:19:13 | 000,000,147 | ---- | C] () -- D:\WINDOWS\fcp5.cfg
[2010.06.28 13:37:17 | 000,094,650 | ---- | C] () -- D:\WINDOWS\System32\HKCU_GNU.reg
[2010.06.28 13:37:17 | 000,057,344 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll
[2010.06.28 13:37:17 | 000,006,144 | ---- | C] () -- D:\WINDOWS\System32\ff_acm.acm
[2010.06.28 13:37:17 | 000,002,004 | ---- | C] () -- D:\WINDOWS\System32\HKLM_GNU.reg
[2010.06.28 13:37:17 | 000,000,547 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll.manifest
[2010.06.28 13:37:15 | 000,372,736 | ---- | C] () -- D:\WINDOWS\System32\xvid.ax
[2010.06.26 20:06:00 | 133,667,397 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Dokumenty\Photshop Tutorial Text Effect (HD)_(HD).avi
[2010.06.26 10:03:58 | 000,000,773 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\TeamViewer 5.lnk
[2010.06.20 07:57:08 | 000,002,528 | ---- | C] () -- D:\Documents and Settings\LocalService\Data aplikací\$_hpcst$.hpc
[2010.06.19 20:06:50 | 000,000,000 | -H-- | C] () -- D:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010.06.17 18:48:11 | 000,000,071 | ---- | C] () -- D:\WINDOWS\System32\UFS2XXUN.ini
[2010.06.17 18:48:10 | 000,077,824 | ---- | C] () -- D:\WINDOWS\System32\UFS2XXUN.exe
[2010.06.17 16:47:24 | 000,034,308 | ---- | C] () -- D:\WINDOWS\System32\bassmod.dll
[2010.06.14 19:29:27 | 000,002,323 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\HiJackThis.lnk
[2010.06.09 21:48:16 | 000,200,704 | ---- | C] () -- D:\WINDOWS\TRNOET.DLL
[2010.06.09 21:48:16 | 000,045,056 | ---- | C] () -- D:\WINDOWS\TRNOEH.DLL
[2010.06.09 21:47:59 | 000,000,041 | ---- | C] () -- D:\WINDOWS\WTRDCTM.INI
[2010.06.09 21:47:15 | 000,002,753 | ---- | C] () -- D:\WINDOWS\UN32P.INI
[2010.06.09 21:32:51 | 000,001,678 | ---- | C] () -- D:\WINDOWS\MAILTRAN.INI
[2010.06.09 21:32:50 | 000,002,476 | ---- | C] () -- D:\WINDOWS\TRNCOM.INI
[2010.06.09 21:32:40 | 000,002,192 | ---- | C] () -- D:\WINDOWS\WDICT32.INI
[2010.06.09 21:32:39 | 000,004,817 | ---- | C] () -- D:\WINDOWS\WTRAN32.INI
[2010.05.17 14:29:30 | 000,000,461 | ---- | C] () -- D:\WINDOWS\EAGRAPH.INI
[2010.05.08 23:53:19 | 000,281,760 | ---- | C] () -- D:\WINDOWS\System32\drivers\atksgt.sys
[2010.05.08 23:53:19 | 000,025,888 | ---- | C] () -- D:\WINDOWS\System32\drivers\lirsgt.sys
[2010.04.08 18:17:48 | 000,151,552 | ---- | C] () -- D:\WINDOWS\System32\nvRegDev.dll
[2010.04.04 17:10:47 | 000,000,286 | ---- | C] () -- D:\WINDOWS\game.ini
[2010.04.01 11:58:29 | 001,589,248 | ---- | C] () -- D:\WINDOWS\System32\libmysql_d.dll
[2010.03.27 20:34:25 | 001,970,176 | ---- | C] () -- D:\WINDOWS\System32\d3dx9.dll
[2010.02.16 13:48:50 | 000,120,200 | ---- | C] () -- D:\WINDOWS\System32\DLLDEV32i.dll
[2010.02.11 13:03:55 | 000,000,155 | ---- | C] () -- D:\WINDOWS\level.ini
[2010.02.11 12:54:59 | 000,138,184 | ---- | C] () -- D:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.01.30 02:46:59 | 000,163,456 | ---- | C] () -- D:\WINDOWS\System32\drivers\vidstub.sys
[2010.01.30 02:42:00 | 000,049,152 | ---- | C] () -- D:\WINDOWS\System32\DirSize.dll
[2010.01.30 00:23:33 | 000,000,325 | ---- | C] () -- D:\WINDOWS\SIERRA.INI
[2010.01.23 14:30:08 | 000,001,066 | ---- | C] () -- D:\WINDOWS\wcx_ftp.ini
[2010.01.22 19:07:33 | 000,004,287 | ---- | C] () -- D:\WINDOWS\WINCMD.INI
[2009.02.25 09:38:22 | 000,249,856 | ---- | C] () -- D:\WINDOWS\System32\DivX.dll
[2008.10.28 17:40:48 | 000,173,552 | ---- | C] () -- D:\WINDOWS\System32\xlive.dll.cat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- D:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelFrench.dll
[2007.06.21 22:55:54 | 000,053,299 | ---- | C] () -- D:\WINDOWS\System32\pthreadVC.dll
[2006.05.19 10:22:58 | 000,053,248 | ---- | C] () -- D:\WINDOWS\System32\slbmgpg.dll
[2005.10.14 12:56:50 | 003,596,288 | ---- | C] () -- D:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- D:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 12:56:50 | 000,761,856 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- D:\WINDOWS\System32\OggDS.dll
[2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- D:\WINDOWS\System32\vorbis.dll
[2005.10.14 12:56:50 | 000,155,136 | ---- | C] () -- D:\WINDOWS\System32\unrar.dll
[2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- D:\WINDOWS\System32\ogg.dll
[2005.03.02 18:44:59 | 000,036,864 | ---- | C] () -- D:\WINDOWS\System32\frapsvid.dll
[2004.08.22 18:04:56 | 000,069,120 | ---- | C] () -- D:\WINDOWS\daemon.dll
[2004.08.17 15:49:10 | 000,081,920 | ---- | C] () -- D:\WINDOWS\System32\ieencode.dll
[2001.01.12 11:49:38 | 000,021,504 | ---- | C] () -- D:\WINDOWS\System32\zlib.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- D:\WINDOWS\System32\giveio.sys

========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = D:\WINDOWS\system32\ctfmon.exe -- [2004.08.17 15:49:24 | 000,015,360 | ---- | M] (Microsoft Corporation)

< c:\windows\*.* /U >


< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\ERDNT\cache\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- D:\WINDOWS\ERDNT\cache\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- D:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- D:\Documents and Settings\PoKaRko\Dokumenty\RegRun2\Files\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- D:\WINDOWS\ERDNT\cache\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- D:\WINDOWS\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.03 22:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- D:\WINDOWS\system32\hal.dll

< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- D:\WINDOWS\ERDNT\cache\lsass.exe
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- D:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- D:\WINDOWS\ERDNT\cache\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- D:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- D:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- D:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- D:\WINDOWS\ERDNT\cache\netlogon.dll
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- D:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- D:\WINDOWS\ERDNT\cache\scecli.dll
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- D:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- D:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- D:\WINDOWS\ERDNT\cache\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- D:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- D:\WINDOWS\ERDNT\cache\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- D:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- D:\WINDOWS\ERDNT\cache\winlogon.exe
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- D:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- D:\Documents and Settings\PoKaRko\Dokumenty\RegRun2\Files\WS2_32.dll
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- D:\WINDOWS\ERDNT\cache\ws2_32.dll
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- D:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< End of report >

Aby nám nic nescházelo tak tady je z toho virustotalu
winbait http://www.virustotal.com/cs/analisis/f ... 1279004760
runguard http://www.virustotal.com/cs/analisis/4 ... 1279005327
winstart.bat http://www.virustotal.com/cs/analisis/7 ... 1279005128

A avast mi hlásil při kontrole otl viry:
trzAD.tmp
trzFF.tmp
Tak sem je zatím dala do karantény, zase sality-fx


No pc je po bráchovi tak nwm no xD

Projed pc tím AVptoolem a uvidíme (v nouzovém režimu)
Najdi soubor winstart.bat, klikni na něj pravým tlačítkem myši, otevřít jako - otevřít v notepadu - text vlož sem.

Jj ten avpot xD 2 hodiny běží a je 7%
a ten winstart normal zmizel xD

4,5 hodiny a 30% xD