Restartovani Pc

[motji]

tak ještě ten skript na combofix, pak poprosím o log.

[Y0G1]

omluva za neaktivnost byl sem mimo republiky


co se tyce toho scriptu mi nemam router nebude to vadit tomu logu?

[motji]

NO mě ne . Nevadí, prostě pokud by Vám pak nešel internet, tak jestli máte kabel, tak ho vytáhnete a zase dáte zpět, tím se resetuje nastavení.

[Y0G1]

zdravim sem tu hodne dlouho nebyl mne po tom combo fixe nejak nechtel nabehnut net ani po vybrani kabla tak sme to s kamosem resili nejakou dobu pak sem to preinstaloval bez vymazani winu a nakonec sem to sprovoznil muzu hodit kontrolny combo fix?

[motji]

Měl jste napsat, vrátili bychom systém před combofix.
ANo, vložte log.

[Y0G1]

ComboFix 11-07-05.03 - Martin 06.07.2011 8:27.20.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.685 [GMT 2:00]
Running from: c:\documents and settings\Martin\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-06 to 2011-07-06 )))))))))))))))))))))))))))))))
.
.
2011-07-02 07:09 . 2011-07-02 07:10 -------- d-----w- c:\program files\Common Files\Adobe
2011-07-02 03:56 . 2011-07-02 03:56 -------- d-----w- c:\windows\Sun
2011-06-30 08:06 . 2011-06-30 08:06 -------- d-----w- c:\documents and settings\Martin\Application Data\Garena
2011-06-21 14:21 . 2011-06-23 06:39 -------- d-----w- c:\program files\DotAlicious Gaming Client
2011-06-20 17:01 . 2011-06-20 17:01 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-06-18 16:34 . 2011-06-18 16:34 -------- d-----w- c:\documents and settings\Martin\Application Data\LolClient
2011-06-18 15:38 . 2011-06-23 07:55 -------- d-----w- c:\documents and settings\Martin\Local Settings\Application Data\PMB Files
2011-06-18 15:38 . 2011-06-23 07:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2011-06-15 20:28 . 2011-06-15 20:28 -------- d-----w- c:\windows\Internet Logs
2011-06-15 20:06 . 2011-06-15 20:06 26624 ----a-w- c:\windows\system32\drivers\fsbts.sys
2011-06-15 20:05 . 2011-06-15 20:05 -------- d-----w- c:\documents and settings\Martin\Application Data\BitDefender Deployment Tool
2011-06-15 17:27 . 2011-06-19 12:18 -------- d-----w- c:\windows\system32\NtmsData
2011-06-15 17:26 . 2011-06-15 17:26 -------- d-----w- c:\documents and settings\Martin\Application Data\Avira
2011-06-15 17:21 . 2011-07-01 07:22 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-15 17:21 . 2011-07-01 07:22 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-15 17:21 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-06-15 17:21 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-06-15 17:21 . 2011-06-15 17:21 -------- d-----w- c:\program files\Avira
2011-06-15 17:21 . 2011-06-15 17:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-06-15 08:14 . 2011-06-15 08:14 -------- d-----w- c:\program files\Common Files\Java
2011-06-15 08:14 . 2011-06-15 08:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-15 08:14 . 2011-06-15 08:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-15 08:13 . 2011-06-15 08:13 -------- d-----w- c:\program files\Java
2011-06-14 16:29 . 2011-06-15 07:26 -------- d-----w- c:\documents and settings\Martin\Application Data\Darer
2011-06-06 10:55 . 2011-06-06 10:55 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-15 18:27 . 2011-05-25 14:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-15 08:52 . 2011-05-29 12:29 1800 ----a-w- C:\UsbFix_Upload_Me_HELL-T2X5CI1VMH.zip
2011-05-28 14:04 . 2010-11-16 14:55 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-05-27 20:23 . 2011-05-27 12:59 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-04 11:54 . 2011-05-18 09:05 302080 ----a-w- C:\gmer.exe
2011-04-26 16:49 . 2011-04-08 19:46 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-26 16:49 . 2011-04-08 19:51 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-26 16:49 . 2011-04-08 19:45 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-26 15:55 . 2011-04-08 19:45 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-04-21 18:59 . 2011-04-08 19:46 22328 ----a-w- c:\documents and settings\Martin\Application Data\PnkBstrK.sys
2011-04-18 12:42 . 2011-04-18 12:39 2829 ----a-w- c:\windows\War3Unin.pif
2011-04-18 12:42 . 2011-04-18 12:39 139264 ----a-w- c:\windows\War3Unin.exe
2011-04-08 05:14 . 2011-05-14 06:48 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-08 05:14 . 2011-05-14 06:48 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-06-15_19.49.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-12-01 23:08 . 2006-12-01 23:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 22:08 . 2006-12-01 22:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
- 2006-12-01 23:08 . 2006-12-01 23:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 22:08 . 2006-12-01 22:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 22:08 . 2006-12-01 22:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
- 2006-12-01 23:08 . 2006-12-01 23:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
- 2006-12-01 23:08 . 2006-12-01 23:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 22:08 . 2006-12-01 22:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
- 2006-12-01 23:08 . 2006-12-01 23:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 22:08 . 2006-12-01 22:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
- 2006-12-01 23:08 . 2006-12-01 23:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 22:08 . 2006-12-01 22:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 22:08 . 2006-12-01 22:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
- 2006-12-01 23:08 . 2006-12-01 23:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 22:08 . 2006-12-01 22:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
- 2006-12-01 23:08 . 2006-12-01 23:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 22:08 . 2006-12-01 22:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
- 2006-12-01 23:08 . 2006-12-01 23:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 22:26 . 2006-12-01 22:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
- 2006-12-01 23:26 . 2006-12-01 23:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-01 22:25 . 2006-12-01 22:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
- 2006-12-01 23:25 . 2006-12-01 23:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2011-07-05 15:58 . 2011-07-05 15:58 16384 c:\windows\temp\Perflib_Perfdata_d8.dat
+ 2011-06-20 17:01 . 2011-06-20 17:01 28160 c:\windows\Installer\156add.msi
+ 2011-07-03 17:35 . 2011-07-03 17:35 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
- 2011-06-09 16:05 . 2011-06-09 16:05 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2006-12-01 20:54 . 2006-12-01 20:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
- 2006-12-01 21:54 . 2006-12-01 21:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
- 2006-12-01 21:54 . 2006-12-01 21:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 20:54 . 2006-12-01 20:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
- 2006-12-01 21:54 . 2006-12-01 21:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 20:54 . 2006-12-01 20:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2010-11-15 17:24 . 2011-06-21 07:04 252080 c:\windows\system32\nvdrsdb1.bin
- 2010-11-15 17:24 . 2011-05-15 13:46 252080 c:\windows\system32\nvdrsdb1.bin
- 2010-11-15 17:24 . 2011-05-15 13:46 252080 c:\windows\system32\nvdrsdb0.bin
+ 2010-11-15 17:24 . 2011-06-21 07:04 252080 c:\windows\system32\nvdrsdb0.bin
+ 2003-02-21 01:42 . 2003-02-21 01:42 348160 c:\windows\system32\msvcr71.dll
+ 2003-03-18 17:14 . 2003-03-18 17:14 499712 c:\windows\system32\msvcp71.dll
+ 2011-05-12 17:11 . 2008-07-12 06:18 467984 c:\windows\system32\d3dx10_39.dll
- 2011-05-12 17:11 . 2008-07-10 09:01 467984 c:\windows\system32\d3dx10_39.dll
- 2006-12-01 23:25 . 2006-12-01 23:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 22:25 . 2006-12-01 22:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 22:25 . 2006-12-01 22:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
- 2006-12-01 23:25 . 2006-12-01 23:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2003-03-18 18:12 . 2003-03-18 18:12 1047552 c:\windows\system32\mfc71u.dll
+ 2003-03-18 18:20 . 2003-03-18 18:20 1060864 c:\windows\system32\mfc71.dll
+ 2011-05-12 17:11 . 2008-07-12 06:18 3851784 c:\windows\system32\D3DX9_39.dll
- 2011-05-12 17:11 . 2008-07-10 09:00 3851784 c:\windows\system32\D3DX9_39.dll
+ 2011-05-12 17:11 . 2008-07-12 06:18 1493528 c:\windows\system32\D3DCompiler_39.dll
- 2011-05-12 17:11 . 2008-07-10 09:00 1493528 c:\windows\system32\D3DCompiler_39.dll
+ 2011-07-02 07:12 . 2011-07-02 07:12 2305536 c:\windows\Installer\b6a6dc.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-06 10:55 35736 ----a-w- c:\programy\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-01-07 17:56 13880424 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-01-07 17:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-11-04 06:51 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-r- c:\windows\SOUNDMAN.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programy\\Skype\\Phone\\Skype.exe"=
"c:\\Programy\\QIP\\qip.exe"=
"c:\\Programy\\Garena\\Garena.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6756:TCP"= 6756:TCP:rvgbebls
"57840:TCP"= 57840:TCP:Pando Media Booster
"57840:UDP"= 57840:UDP:Pando Media Booster
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [15.6.2011 22:06 26624]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [15.6.2011 19:21 136360]
S3 cpuz134;cpuz134;\??\c:\docume~1\Martin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Martin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\programy\Garena\safedrv.sys --> c:\programy\Garena\safedrv.sys [?]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fudxls
.
.
------- Supplementary Scan -------
.
uSearchAssistant =
TCP: DhcpNameServer = 195.12.128.1 195.72.0.3
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\ghya889f.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://www.azet.sk/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-06 08:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
? [16028]
? [19208]
? [24588]
? [24596]
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-07-06 08:32:51
ComboFix-quarantined-files.txt 2011-07-06 06:32
ComboFix2.txt 2011-06-15 19:51
ComboFix3.txt 2011-06-04 22:54
ComboFix4.txt 2011-06-04 06:41
ComboFix5.txt 2011-07-06 06:25
.
Pre-Run: 53 524 652 032 bytes free
Post-Run: 12 adresárov, 53 537 873 920 voľných bajtov
.
- - End Of File - - 65F147574587F7F51D5FA3A05C188CBC

[motji]

Je to tam pořád. Když už jste to přeinstalovával, měl jste to vzít uplným formátem .
Tak ale teď už vážně. Co s tím pc kamaráda? Jinak nemá cenu abych psala další skript, pořád se to vrací.

[Y0G1]

no co sem to kontoroloval pres tu aviru tak mi nic nehazalo a pc se mi zda posledni dobou klidnejsi nezamrza mi a dokaze jit v pohode i dva dni v kuse v patek k nemu jdu rodice mu dou pryc a vsechno to udelam u nej takze pak bychom mohli dat ten script muzeme se tak domluvit?

[motji]

Do pátku je daleko .
Udělejte mi prosím ještě gmer, ať si něco ověřím, v combofixu se mi něco nezdá

[Y0G1]

ok rozumim ale musim ho opat stahnout

[motji]

Ok

[Y0G1]

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-06 16:02:28
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 MAXTOR_6L080L4 rev.A93.0500
Running: gmer.exe; Driver: C:\DOCUME~1\Martin\LOCALS~1\Temp\pfedrfow.sys


---- System - GMER 1.0.15 ----

SSDT F7AF717C ZwClose
SSDT F7AF7136 ZwCreateKey
SSDT F7AF7186 ZwCreateSection
SSDT F7AF712C ZwCreateThread
SSDT F7AF713B ZwDeleteKey
SSDT F7AF7145 ZwDeleteValueKey
SSDT F7AF7177 ZwDuplicateObject
SSDT F7AF714A ZwLoadKey
SSDT F7AF711D ZwOpenThread
SSDT F7AF7154 ZwReplaceKey
SSDT F7AF714F ZwRestoreKey
SSDT F7AF718B ZwSetContextThread
SSDT F7AF7140 ZwSetValueKey
SSDT F7AF7127 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF58483A0, 0x5FE082, 0xE8000020]
? C:\Programy\Garena\safedrv.sys Systém nemôže nájsť zadaný súbor. !

---- User code sections - GMER 1.0.15 ----

.text C:\Programy\Mozilla\plugin-container.exe[316] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 1068EDA6 C:\Programy\Mozilla\xul.dll (Mozilla Foundation)
.text C:\Programy\Mozilla\plugin-container.exe[316] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 1068ED38 C:\Programy\Mozilla\xul.dll (Mozilla Foundation)
.text C:\Programy\Mozilla\plugin-container.exe[316] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104A5451 C:\Programy\Mozilla\xul.dll (Mozilla Foundation)
.text C:\Programy\Mozilla\plugin-container.exe[316] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104A5A99 C:\Programy\Mozilla\xul.dll (Mozilla Foundation)
.text C:\Programy\Mozilla\firefox.exe[3636] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00401410 C:\Programy\Mozilla\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Processes - GMER 1.0.15 ----

Process hidden process (*** hidden *** ) 48216

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programy\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x79 0x10 0x3A 0x69 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x85 0xA8 0xD1 0x3D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA4 0xC8 0x20 0xBD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programy\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x79 0x10 0x3A 0x69 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x85 0xA8 0xD1 0x3D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA4 0xC8 0x20 0xBD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programy\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x79 0x10 0x3A 0x69 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x85 0xA8 0xD1 0x3D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA4 0xC8 0x20 0xBD ...

---- EOF - GMER 1.0.15 ----

[motji]

A můžete mi ještě zopakovat OTL?

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT 

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

[Y0G1]

OTL Extras logfile created on: 7.7.2011 12:29:59 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Martin\My Documents\Preberanie
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

1023,23 Mb Total Physical Memory | 243,33 Mb Available Physical Memory | 23,78% Memory free
2,40 Gb Paging File | 1,56 Gb Available in Paging File | 64,75% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,54 Gb Total Space | 58,41 Gb Free Space | 78,35% Space Free | Partition Type: NTFS

Computer Name: HELL-T2X5CI1VMH | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-789336058-1214440339-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programy\Mozilla\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Programy\Opera\opera.exe" "%1"
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programy\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programy\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programy\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programy\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programy\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57840:TCP" = 57840:TCP:*:Enabled:Pando Media Booster
"57840:UDP" = 57840:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"6756:TCP" = 6756:TCP:*:Enabled:rvgbebls
"57840:TCP" = 57840:TCP:*:Enabled:Pando Media Booster
"57840:UDP" = 57840:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programy\QIP\qip.exe" = C:\Programy\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP)
"C:\Programy\Garena\Garena.exe" = C:\Programy\Garena\Garena.exe:*:Enabled:Garena -- (Garena Online PTE LTD)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Czech
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafický ovládač 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BSPlayer1" = BSPlayer
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Garena" = Garena 2010
"ImgBurn" = ImgBurn
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox 5.0 (x86 sk)" = Mozilla Firefox 5.0 (x86 sk)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Usbfix" = Usbfix By C_XX & El Desaparecido
"VLC media player" = VLC media player 1.1.10
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-789336058-1214440339-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP 2005" = QIP 2005 8095
"Warcraft III" = Warcraft III: All Products
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18.6.2011 12:03:31 | Computer Name = HELL-T2X5CI1VMH | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie ts3client_win32.exe, verzia 1.0.0.0, zlyhanie modulu
fmodex.dll, verzia 0.4.31.2, adresa zlyhania 0x0001ecdb.

Error - 20.6.2011 12:36:05 | Computer Name = HELL-T2X5CI1VMH | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia LeagueofLegends.exe, verzia 0.0.0.0, zablokovaný
modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error - 20.6.2011 12:40:08 | Computer Name = HELL-T2X5CI1VMH | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia firefox.exe, verzia 2.0.1.4120, zablokovaný
modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error - 21.6.2011 10:17:55 | Computer Name = HELL-T2X5CI1VMH | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia Garena.exe, verzia 4.0.1.636, zablokovaný modul
hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error - 22.6.2011 2:43:21 | Computer Name = HELL-T2X5CI1VMH | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia Garena.exe, verzia 4.0.1.636, zablokovaný modul
hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error - 30.6.2011 4:00:16 | Computer Name = HELL-T2X5CI1VMH | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia update.exe, verzia 2.4.0.1070, zablokovaný modul
hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error - 2.7.2011 2:55:59 | Computer Name = HELL-T2X5CI1VMH | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia firefox.exe, verzia 5.0.0.4183, zablokovaný
modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error - 3.7.2011 3:35:16 | Computer Name = HELL-T2X5CI1VMH | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia firefox.exe, verzia 5.0.0.4183, zablokovaný
modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error - 3.7.2011 3:35:33 | Computer Name = HELL-T2X5CI1VMH | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia firefox.exe, verzia 5.0.0.4183, zablokovaný
modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error - 3.7.2011 3:47:27 | Computer Name = HELL-T2X5CI1VMH | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application dotbeer.exe, version 0.9.4.0, stamp 4b18071b,
faulting module kernel32.dll, version 5.1.2600.5512, stamp 4802a12c, debug? 0,
fault address 0x00012aeb.

[ System Events ]
Error - 14.6.2011 14:24:19 | Computer Name = HELL-T2X5CI1VMH | Source = BROWSER | ID = 8032
Description = Služba prehľadávača zlyhala príliš mnohokrát pri pokuse získať záložný
zoznam prenosu \Device\NetBT_Tcpip_{94E93889-41D3-4670-9995-7E74D755D77B}. Záložný
prehľadávač bude ukončený.

Error - 14.6.2011 15:05:47 | Computer Name = HELL-T2X5CI1VMH | Source = Service Control Manager | ID = 7023
Description = Služba Support Helper bola ukončená s nasledujúcou chybou: %%1114

Error - 14.6.2011 15:09:45 | Computer Name = HELL-T2X5CI1VMH | Source = BROWSER | ID = 8032
Description = Služba prehľadávača zlyhala príliš mnohokrát pri pokuse získať záložný
zoznam prenosu \Device\NetBT_Tcpip_{94E93889-41D3-4670-9995-7E74D755D77B}. Záložný
prehľadávač bude ukončený.

Error - 15.6.2011 3:00:17 | Computer Name = HELL-T2X5CI1VMH | Source = Service Control Manager | ID = 7023
Description = Služba Support Helper bola ukončená s nasledujúcou chybou: %%1114

Error - 15.6.2011 3:04:51 | Computer Name = HELL-T2X5CI1VMH | Source = Service Control Manager | ID = 7023
Description = Služba Support Helper bola ukončená s nasledujúcou chybou: %%1114

Error - 20.6.2011 5:10:22 | Computer Name = HELL-T2X5CI1VMH | Source = Service Control Manager | ID = 7009
Description = Časový limit (30000 ms) čakania na pripojenie služby Application Layer
Gateway Service.

Error - 20.6.2011 5:10:22 | Computer Name = HELL-T2X5CI1VMH | Source = Service Control Manager | ID = 7000
Description = Spustenie služby Application Layer Gateway Service zlyhalo kvôli nasledujúcej
chybe: %%1053

Error - 21.6.2011 18:39:23 | Computer Name = HELL-T2X5CI1VMH | Source = Service Control Manager | ID = 7034
Description = Služba PnkBstrB sa neočakávane ukončila. Služba sa týmto spôsobom
ukončila už 1 krát.

Error - 21.6.2011 18:39:25 | Computer Name = HELL-T2X5CI1VMH | Source = Service Control Manager | ID = 7034
Description = Služba PnkBstrA sa neočakávane ukončila. Služba sa týmto spôsobom
ukončila už 1 krát.

Error - 6.7.2011 7:52:29 | Computer Name = HELL-T2X5CI1VMH | Source = atapi | ID = 262153
Description = Zariadenie \Device\Ide\IdePort0 neodpovedá v danom časovom limite.


< End of report >





OTL logfile created on: 7.7.2011 12:29:59 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Martin\My Documents\Preberanie
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

1023,23 Mb Total Physical Memory | 243,33 Mb Available Physical Memory | 23,78% Memory free
2,40 Gb Paging File | 1,56 Gb Available in Paging File | 64,75% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,54 Gb Total Space | 58,41 Gb Free Space | 78,35% Space Free | Partition Type: NTFS

Computer Name: HELL-T2X5CI1VMH | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.07.07 11:43:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Martin\My Documents\Preberanie\OTL.exe
PRC - [2011.07.01 09:22:04 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.23 13:32:32 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programy\Mozilla\firefox.exe
PRC - [2011.06.23 13:32:24 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Programy\Mozilla\plugin-container.exe
PRC - [2011.06.22 01:01:46 | 002,219,008 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\Ranked Gaming Client\rgc.exe
PRC - [2011.05.02 00:04:06 | 000,891,078 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\DotaToolKit.exe
PRC - [2011.03.28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.03.28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.03.18 22:03:55 | 000,471,040 | ---- | M] (Blizzard Entertainment) -- C:\HRY\Warcraft III\war3.exe
PRC - [2010.06.28 15:32:08 | 003,332,608 | ---- | M] (The Author of QIP) -- C:\Programy\QIP\qip.exe
PRC - [2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011.07.07 11:43:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Martin\My Documents\Preberanie\OTL.exe
MOD - [2008.04.14 05:42:52 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.07.01 09:22:04 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)


========== Driver Services (SafeList) ==========

DRV - [2011.07.01 09:22:05 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.01 09:22:05 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.06.15 22:06:46 | 000,026,624 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2011.05.28 16:04:13 | 000,443,448 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011.04.26 18:49:42 | 000,137,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010.06.17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.04.14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.01.15 09:44:12 | 000,109,568 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zebrmdmc.sys -- (zebrmdmc) Sony Ericsson mRouter Port (WDM)
DRV - [2008.01.15 09:44:12 | 000,109,568 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zebrmdm.sys -- (zebrmdm) Sony Ericsson Port (WDM)
DRV - [2008.01.15 09:44:10 | 000,014,848 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zebrmdfl.sys -- (zebrmdfl)
DRV - [2008.01.15 09:44:08 | 000,083,200 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zebrbus.sys -- (zebrbus)
DRV - [2005.05.18 11:50:00 | 002,319,680 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004.05.17 08:00:54 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2004.05.17 08:00:52 | 000,033,280 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004.04.02 16:40:00 | 000,021,760 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-789336058-1214440339-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-789336058-1214440339-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-789336058-1214440339-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.selectedEngine: "QIP Search"
FF - prefs.js..browser.startup.homepage: "http://www.azet.sk/"
FF - prefs.js..keyword.URL: "http://search.qip.ru/search?from=FF&query="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programy\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Programy\Mozilla\components [2011.06.23 13:32:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Programy\Mozilla\plugins [2011.07.02 09:10:44 | 000,000,000 | ---D | M]

[2010.11.15 19:34:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Martin\Application Data\Mozilla\Extensions
[2011.06.17 18:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\ghya889f.default\extensions
[2011.06.17 18:57:41 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\ghya889f.default\extensions\anttoolbar@ant.com
[2011.05.23 14:08:11 | 000,000,000 | ---D | M] ("QipCounter") -- C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\ghya889f.default\extensions\QipCounter@qip(2).ru
[2010.11.16 16:55:12 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\ghya889f.default\searchplugins\daemon-search.xml
[2011.07.04 09:37:33 | 000,001,056 | ---- | M] () -- C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\ghya889f.default\searchplugins\icqplugin.xml
[2011.05.22 22:05:01 | 000,002,062 | ---- | M] () -- C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\ghya889f.default\searchplugins\qip-search.xml
File not found (No name found) --
[2011.06.15 10:13:54 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.06.15 10:14:05 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAMY\MOZILLA\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

O1 HOSTS File: ([2011.07.06 08:30:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-1214440339-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-789336058-1214440339-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-789336058-1214440339-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-789336058-1214440339-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.12.128.1 195.72.0.3
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.05.29 14:29:52 | 000,000,000 | R--D | M] - C:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: ias - File not found
NetSvcs: iprip - File not found
NetSvcs: irmon - File not found
NetSvcs: nwcworkstation - File not found
NetSvcs: nwsapagent - File not found
NetSvcs: wmdmpmsp - File not found
NetSvcs: fudxls - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.07.04 16:29:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Desktop\Ranked Gaming Client
[2011.07.03 19:07:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Martin\Recent
[2011.07.02 19:02:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Desktop\gm
[2011.07.02 09:09:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.07.02 05:56:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011.06.30 10:40:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Start Menu\Programs\Garena
[2011.06.30 10:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Application Data\Garena
[2011.06.29 22:46:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Desktop\Nový priečinok
[2011.06.21 16:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\DotAlicious Gaming Client
[2011.06.20 19:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011.06.20 19:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011.06.18 18:34:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Application Data\LolClient
[2011.06.18 17:38:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Local Settings\Application Data\PMB Files
[2011.06.18 17:38:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011.06.18 10:46:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011.06.15 22:28:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2011.06.15 22:05:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Application Data\BitDefender Deployment Tool
[2011.06.15 20:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011.06.15 19:27:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011.06.15 19:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Application Data\Avira
[2011.06.15 19:21:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011.06.15 19:21:05 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011.06.15 19:21:03 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.06.15 19:21:03 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.06.15 19:21:03 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011.06.15 19:21:03 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011.06.15 19:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.06.15 19:21:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011.06.15 10:14:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011.06.15 10:14:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.06.15 10:14:04 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011.06.15 10:14:04 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.06.15 10:14:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.06.15 10:14:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.06.15 10:14:04 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011.06.15 10:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.06.15 10:13:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Application Data\Sun
[2011.06.14 18:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Application Data\Darer

========== Files - Modified Within 30 Days ==========

[2011.07.07 11:41:51 | 000,001,143 | -HS- | M] () -- C:\Documents and Settings\Martin\Desktop\DTKConfig.ini
[2011.07.07 08:58:44 | 000,098,816 | ---- | M] () -- C:\Documents and Settings\Martin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.07 07:41:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.07.06 10:23:27 | 000,045,202 | ---- | M] () -- C:\Documents and Settings\Martin\Application Data\room_v3.dat
[2011.07.06 08:30:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.07.06 08:22:39 | 004,131,692 | R--- | M] (Swearware) -- C:\Documents and Settings\Martin\Desktop\ComboFix.exe
[2011.07.02 08:56:14 | 000,180,269 | ---- | M] () -- C:\Documents and Settings\Martin\My Documents\TLWSUMMARY1.pdf
[2011.07.01 14:35:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.07.01 09:22:05 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.07.01 09:22:05 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.06.26 08:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011.06.21 09:04:28 | 000,252,080 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011.06.21 09:04:28 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011.06.21 09:04:14 | 000,252,080 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011.06.15 22:06:46 | 000,026,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2011.06.15 20:27:23 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.06.15 19:28:26 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011.06.15 10:52:15 | 000,001,800 | ---- | M] () -- C:\UsbFix_Upload_Me_HELL-T2X5CI1VMH.zip
[2011.06.15 10:13:53 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.06.15 10:13:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.06.15 10:13:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.06.15 10:13:53 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011.06.15 10:13:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

========== Files Created - No Company Name ==========

[2011.07.02 09:10:44 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011.07.02 08:56:14 | 000,180,269 | ---- | C] () -- C:\Documents and Settings\Martin\My Documents\TLWSUMMARY1.pdf
[2011.06.15 22:06:46 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2011.06.15 19:28:26 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011.05.27 14:59:03 | 000,017,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011.05.26 15:30:15 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011.05.25 16:16:30 | 000,045,202 | ---- | C] () -- C:\Documents and Settings\Martin\Application Data\room_v3.dat
[2011.05.17 18:28:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.05.17 18:28:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.05.17 18:28:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.05.17 18:28:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.05.17 18:28:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.04.18 14:39:09 | 000,065,719 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2011.04.16 13:08:16 | 000,046,658 | ---- | C] () -- C:\Documents and Settings\Martin\Application Data\room.dat
[2011.04.08 21:46:10 | 000,137,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011.04.08 21:46:10 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Martin\Application Data\PnkBstrK.sys
[2011.04.08 21:45:52 | 000,214,520 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011.04.08 21:45:50 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011.02.12 17:59:45 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010.11.21 17:02:39 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Martin\Local Settings\Application Data\fusioncache.dat
[2010.11.16 12:35:27 | 000,098,816 | ---- | C] () -- C:\Documents and Settings\Martin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.15 19:55:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.11.15 19:53:52 | 000,095,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.11.15 19:24:41 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010.11.15 19:24:39 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010.11.15 19:24:39 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010.11.15 19:24:29 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010.11.15 19:22:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.11.15 19:22:17 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2010.11.15 19:22:11 | 000,003,078 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2010.11.15 19:14:26 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010.11.15 19:12:18 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2010.11.15 19:11:55 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010.11.15 19:11:39 | 000,001,360 | R--- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2010.11.15 19:09:10 | 000,002,507 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010.11.15 19:09:09 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010.11.15 19:06:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.11.15 19:00:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005.10.14 12:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 12:56:50 | 000,778,240 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005.10.14 12:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 12:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 12:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 12:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005.10.14 12:56:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\MMAVILNG.exe
[2004.08.02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002.08.29 04:57:58 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001.08.23 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.23 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.08.23 14:00:00 | 000,392,872 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.08.23 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.08.23 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.08.23 14:00:00 | 000,058,790 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.08.23 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.08.23 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.08.23 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.08.23 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010.12.10 13:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010.11.15 21:31:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010.11.16 16:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011.05.27 14:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010.11.15 21:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2011.05.15 17:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010.11.15 21:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011.06.23 09:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011.06.05 08:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010.11.15 21:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\AVG10
[2011.06.15 22:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\BitDefender Deployment Tool
[2011.06.28 11:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\DAEMON Tools Lite
[2011.06.15 09:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Darer
[2011.06.30 10:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Garena
[2011.06.04 08:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\GetRightToGo
[2010.12.13 09:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\ImgBurn
[2011.05.15 17:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\IObit
[2011.06.18 18:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\LolClient
[2011.06.05 10:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Opera
[2011.05.12 19:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\RIFT
[2010.11.15 23:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\TeamViewer
[2011.04.05 10:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Teleca
[2010.12.18 19:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\TS3Client

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >
[2011.05.04 13:54:12 | 000,302,080 | ---- | M] () -- C:\gmer.exe

< %ALLUSERSPROFILE%\Application Data\*. >
[2011.07.02 09:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010.12.10 13:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011.06.15 19:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010.11.16 13:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2010.12.28 18:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2010.11.15 21:31:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010.11.16 16:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011.06.05 10:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2011.05.27 14:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010.11.15 21:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2011.05.15 17:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010.11.15 21:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010.11.15 20:56:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011.05.15 15:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2010.11.15 19:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2011.06.23 09:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011.05.15 22:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011.05.15 17:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011.06.15 10:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011.06.05 08:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.06.20 19:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Adobe
[2010.11.15 21:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\AVG10
[2011.06.15 19:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Avira
[2011.06.15 22:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\BitDefender Deployment Tool
[2011.06.28 11:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\DAEMON Tools Lite
[2011.06.15 09:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Darer
[2011.06.30 10:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Garena
[2011.06.04 08:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\GetRightToGo
[2011.04.19 13:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Help
[2010.11.15 19:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Identities
[2010.12.13 09:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\ImgBurn
[2010.12.10 21:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\InstallShield
[2011.05.15 17:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\IObit
[2011.06.18 18:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\LolClient
[2010.11.15 19:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Macromedia
[2011.03.28 16:42:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Martin\Application Data\Microsoft
[2010.11.21 18:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Mozilla
[2011.06.05 10:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Opera
[2011.05.12 19:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\RIFT
[2011.07.05 18:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Skype
[2011.04.05 10:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Sony Ericsson
[2011.06.15 10:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Sun
[2010.11.15 19:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Talkback
[2010.11.15 23:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\TeamViewer
[2011.04.05 10:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Teleca
[2010.12.18 19:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\TS3Client
[2010.11.15 22:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Ventrilo
[2011.05.24 16:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\vlc
[2011.07.05 11:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Winamp
[2010.11.15 19:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\WinRAR

< %APPDATA%\*.exe /s >
[2011.06.20 19:01:16 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\Martin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe


< MD5 for: AGP440.SYS >
[2004.08.04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002.08.29 04:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004.08.04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: CDROM.SYS >
[2002.08.29 04:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys
[2004.08.04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2004.08.04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.03 23:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.04 01:56:42 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 05:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 05:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.04 01:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2002.08.29 04:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:hal.dll
[2004.08.04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2004.08.04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:hal.dll
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.14 00:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.14 00:01:30 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2004.08.03 23:59:10 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2004.08.04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.14 00:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[2004.08.04 00:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\$NtServicePackUninstall$\changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2008.04.14 00:06:42 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 00:06:42 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2001.08.23 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.04 01:56:52 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.04 00:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVGTS.SYS >
[2008.01.25 21:01:06 | 000,132,096 | ---- | M] (NVIDIA Corporation) MD5=A117466B0ACB13288DEEE4F2E936E67F -- C:\NVIDIA\nForceWinXP\15.16\IDE\WinXP\sata_ide\Floppy\Disk1\nvgts.sys
[2008.01.25 21:01:06 | 000,132,096 | ---- | M] (NVIDIA Corporation) MD5=A117466B0ACB13288DEEE4F2E936E67F -- C:\NVIDIA\nForceWinXP\15.16\IDE\WinXP\sata_ide\nvgts.sys
[2008.01.25 21:01:06 | 000,132,096 | ---- | M] (NVIDIA Corporation) MD5=A117466B0ACB13288DEEE4F2E936E67F -- C:\NVIDIA\nForceWinXP\15.16\IDE\WinXP\sataraid\Floppy\Disk1\nvgts.sys
[2008.01.25 21:01:06 | 000,132,096 | ---- | M] (NVIDIA Corporation) MD5=A117466B0ACB13288DEEE4F2E936E67F -- C:\NVIDIA\nForceWinXP\15.16\IDE\WinXP\sataraid\nvgts.sys
[2007.08.09 12:11:00 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=FA740E97A0FE36E368C2299D9F3C01C1 -- C:\NVIDIA\nForceWin2k\9.46\English\IDE\WinXP\sata_ide\nvgts.sys
[2007.08.09 12:11:00 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=FA740E97A0FE36E368C2299D9F3C01C1 -- C:\NVIDIA\nForceWin2k\9.46\English\IDE\WinXP\sataraid\nvgts.sys

< MD5 for: NVRAID.SYS >
[2004.06.03 04:40:50 | 000,068,224 | R--- | M] (NVIDIA Corporation) MD5=A5C77D944410FADEE380FB20B432760D -- C:\WINDOWS\system32\drivers\nvraid.sys

< MD5 for: NVRD32.SYS >
[2007.08.09 12:11:00 | 000,124,928 | ---- | M] (NVIDIA Corporation) MD5=A05ED8F4EC71E2CE84BA3CFEF48E8C9A -- C:\NVIDIA\nForceWin2k\9.46\English\IDE\WinXP\sataraid\nvrd32.sys
[2008.01.25 21:01:00 | 000,125,440 | ---- | M] (NVIDIA Corporation) MD5=B71BFBC2FE958A6DA1E31357E03AD545 -- C:\NVIDIA\nForceWinXP\15.16\IDE\WinXP\sataraid\Floppy\Disk1\nvrd32.sys
[2008.01.25 21:01:00 | 000,125,440 | ---- | M] (NVIDIA Corporation) MD5=B71BFBC2FE958A6DA1E31357E03AD545 -- C:\NVIDIA\nForceWinXP\15.16\IDE\WinXP\sataraid\nvrd32.sys

< MD5 for: SCECLI.DLL >
[2004.08.04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2008.04.14 05:42:38 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:42:38 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\smss.exe
[2004.08.04 01:56:58 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004.08.04 00:56:58 | 000,152,576 | ---- | M] (Microsoft Corporation) MD5=DA5CF1C368B33D75602FD6B3A7F5E0C6 -- C:\cmdcons\SYSTEM32\SMSS.EXE

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004.08.04 01:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.04 00:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys

< MD5 for: USERINIT.EXE >
[2004.08.04 01:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008.04.14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.04 01:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004.08.04 01:56:48 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010.11.15 19:53:07 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010.11.15 19:53:07 | 000,626,688 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010.11.15 19:53:06 | 000,417,792 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

< End of report >

[motji]

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Driver::
fudxls 
48216 
6028
19208
24588
24596

ADS::
C:\Documents and Settings\All Users\Application Data\TEMP

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6756:TCP"=-

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci