Facebook VIR - prosim o kontrolu logu

Zpráva

dovemonkey · #1 Příspěvek od **dovemonkey** » 24 črc 2011 16:54

Mám vir z FB....prosím o kontrolu logu. děkuji

Logfile of random's system information tool 1.09 (written by random/random)
Run by oem at 2011-07-24 17:48:39
Microsoft Windows 7 Professional
System drive C: has 26 GB (52%) free of 50 GB
Total RAM: 1014 MB (56% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-367092564-4290927158-3838574436-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-367092564-4290927158-3838574436-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
&Crawler Toolbar Helper - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2011-07-14 1237240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll []
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2011-07-14 1237240]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-11-24 323640]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"tray_ico"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & DestroyS\TeaTimer.exe [2009-03-05 2260480]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-07-24 3037696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\359043.exe]
C:\Windows\Temp\359043.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4262796.exe]
C:\Users\oem\AppData\Local\Temp\4262796.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\6397467.exe]
C:\Windows\Temp\6397467.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\73022690-loader2.exe]
C:\Windows\Temp\73022690-loader2.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9876910.exe]
C:\Windows\Temp\9876910.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
C:\PROGRA~1\AVG\AVG9\avgtray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlazeServoTool]
C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\oem\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-19 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\l1rezerv.exe]
C:\Windows\l1rezerv.exe [2011-07-24 235520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysdriver32.exe]
C:\Windows\sysdriver32.exe [2011-07-24 252928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysdriver32_.exe]
C:\Windows\sysdriver32_.exe [2011-07-24 247296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\systemup]
C:\Windows\systemup.exe [2011-07-21 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray_ico0]
C:\Windows\update.tray-2-0\svchost.exe [2011-07-21 1180672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray_ico1]
C:\Windows\update.tray-12-0\svchost.exe [2011-07-21 1180672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wxpdrv]
C:\Windows\services32.exe [2011-07-21 1178112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-24 17:47:25 ----D---- C:\Program Files\trend micro
2011-07-24 17:47:24 ----D---- C:\rsit
2011-07-24 17:18:43 ----HD---- C:\Windows\PIF
2011-07-24 17:16:30 ----D---- C:\Program Files\Crawler
2011-07-24 17:16:26 ----D---- C:\Users\oem\AppData\Roaming\Spyware Terminator
2011-07-24 17:16:26 ----A---- C:\Windows\system32\drivers\sp_rsdrv2.sys
2011-07-24 17:16:22 ----D---- C:\ProgramData\Spyware Terminator
2011-07-24 17:16:22 ----D---- C:\Program Files\Spyware Terminator
2011-07-24 17:10:46 ----A---- C:\Windows\ntbtlog.txt
2011-07-24 17:00:39 ----D---- C:\Program Files\Spybot - Search & DestroyS
2011-07-24 16:57:37 ----HD---- C:\Windows\update.tray-12-0-lnk
2011-07-24 16:57:37 ----HD---- C:\Windows\update.tray-12-0
2011-07-24 16:53:20 ----HD---- C:\$AVG
2011-07-24 16:53:18 ----A---- C:\Windows\system32\avgrsstx.dll
2011-07-24 16:53:17 ----A---- C:\Windows\system32\drivers\avgrkx86.sys
2011-07-24 16:53:17 ----A---- C:\Windows\system32\drivers\AVGIDSwx.sys
2011-07-24 16:53:15 ----A---- C:\Windows\system32\drivers\avgtdix.sys
2011-07-24 16:53:09 ----A---- C:\Windows\system32\drivers\avgmfx86.sys
2011-07-24 16:53:09 ----A---- C:\Windows\system32\drivers\avgldx86.sys
2011-07-24 16:53:02 ----D---- C:\Windows\system32\drivers\Avg
2011-07-24 16:49:17 ----A---- C:\Windows\system32\drivers\avgfwd6x.sys
2011-07-24 16:24:30 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2011-07-24 16:24:30 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2011-07-24 16:24:29 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2011-07-24 16:24:29 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2011-07-24 16:21:53 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-07-24 16:21:51 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-07-24 15:56:04 ----D---- C:\Program Files\CCleaner
2011-07-21 12:35:20 ----A---- C:\Windows\ddh_iplist.txt
2011-07-21 12:34:46 ----A---- C:\Windows\l1rezerv.exe
2011-07-21 12:34:38 ----A---- C:\Windows\systemup.exe
2011-07-21 12:33:09 ----A---- C:\Windows\iecheck_iplist.txt
2011-07-21 12:32:50 ----D---- C:\Windows\ufa
2011-07-21 12:32:49 ----D---- C:\Windows\rpcminer
2011-07-21 12:32:49 ----D---- C:\Windows\phoenix
2011-07-21 12:32:48 ----A---- C:\Windows\unrar.exe
2011-07-21 12:32:44 ----HD---- C:\Windows\update.2
2011-07-21 12:32:18 ----A---- C:\Windows\btc_client_iplist.txt
2011-07-21 12:31:56 ----HD---- C:\Windows\update.5.0
2011-07-21 12:31:17 ----A---- C:\Windows\iplist.txt
2011-07-21 12:30:15 ----A---- C:\Windows\sysdriver32_.exe
2011-07-21 12:30:01 ----A---- C:\Windows\sysdriver32.exe
2011-07-21 12:29:48 ----A---- C:\Windows\front_ip_list.txt
2011-07-21 12:29:35 ----D---- C:\Windows\av_ico
2011-07-21 12:28:19 ----HD---- C:\Windows\update.1
2011-07-21 12:28:17 ----HD---- C:\Windows\update.tray-2-0-lnk
2011-07-21 12:28:17 ----HD---- C:\Windows\update.tray-2-0
2011-07-21 12:17:20 ----A---- C:\Windows\winlog-ids.txt
2011-07-21 12:17:20 ----A---- C:\Windows\winlog-dirs.txt
2011-07-21 12:17:15 ----A---- C:\Windows\services32.exe
2011-07-20 12:09:25 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2011-07-20 12:09:09 ----D---- C:\Program Files\DAEMON Tools Lite
2011-07-20 12:08:44 ----D---- C:\Users\oem\AppData\Roaming\DAEMON Tools Lite
2011-07-20 12:08:44 ----D---- C:\ProgramData\DAEMON Tools Lite
2011-07-14 15:35:32 ----D---- C:\Users\oem\AppData\Roaming\WinRAR
2011-07-14 15:35:26 ----D---- C:\Program Files\WinRAR
2011-07-13 09:28:23 ----A---- C:\Windows\system32\drivers\BTHUSB.SYS
2011-07-13 09:28:23 ----A---- C:\Windows\system32\drivers\bthport.sys
2011-07-13 09:28:16 ----A---- C:\Windows\system32\kernel32.dll
2011-07-13 09:28:15 ----A---- C:\Windows\system32\winsrv.dll
2011-07-13 09:28:15 ----A---- C:\Windows\system32\conhost.exe
2011-07-13 09:28:01 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-13 09:27:59 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 09:27:56 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 09:27:56 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 09:27:56 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-13 09:27:56 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 09:27:56 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 09:27:56 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 09:27:56 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 09:27:55 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 09:27:55 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 09:27:55 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 09:27:55 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 09:27:55 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-13 09:27:55 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 09:27:55 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 09:27:54 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 09:27:54 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 09:27:54 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-13 09:27:54 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 09:27:54 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 09:27:54 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 09:27:54 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 09:27:54 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 09:27:53 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-13 09:27:53 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-13 09:27:53 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 09:27:53 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 09:27:52 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-13 09:27:46 ----A---- C:\Windows\system32\win32k.sys
2011-07-04 20:58:03 ----D---- C:\UP2011
2011-07-04 20:57:43 ----D---- C:\Program Files\Common Files\InstallShield
2011-06-29 23:17:11 ----A---- C:\Windows\system32\mshtml.dll
2011-06-29 23:17:05 ----A---- C:\Windows\system32\ieframe.dll
2011-06-29 23:17:04 ----A---- C:\Windows\system32\iertutil.dll
2011-06-29 23:17:01 ----A---- C:\Windows\system32\urlmon.dll
2011-06-29 23:16:52 ----A---- C:\Windows\system32\msfeeds.dll
2011-06-29 23:16:51 ----A---- C:\Windows\system32\wininet.dll
2011-06-29 23:16:51 ----A---- C:\Windows\system32\iedkcs32.dll
2011-06-29 23:16:50 ----A---- C:\Windows\system32\mstime.dll
2011-06-29 23:16:50 ----A---- C:\Windows\system32\ieui.dll
2011-06-29 23:16:50 ----A---- C:\Windows\system32\iepeers.dll
2011-06-29 23:16:49 ----A---- C:\Windows\system32\mshtmled.dll
2011-06-29 23:16:49 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-06-29 23:16:49 ----A---- C:\Windows\system32\licmgr10.dll
2011-06-29 23:16:49 ----A---- C:\Windows\system32\jsproxy.dll
2011-06-29 23:16:48 ----A---- C:\Windows\system32\msfeedssync.exe
2011-06-29 22:35:27 ----A---- C:\Windows\system32\tquery.dll
2011-06-29 22:35:27 ----A---- C:\Windows\system32\mssrch.dll
2011-06-29 22:35:25 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-06-29 22:35:24 ----A---- C:\Windows\system32\mssvp.dll
2011-06-29 22:35:24 ----A---- C:\Windows\system32\mssph.dll
2011-06-29 22:35:23 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-06-29 22:35:23 ----A---- C:\Windows\system32\mssphtb.dll
2011-06-29 22:35:22 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-06-29 22:35:22 ----A---- C:\Windows\system32\msscntrs.dll
2011-06-29 22:34:20 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-06-29 22:34:19 ----A---- C:\Windows\system32\drivers\afd.sys
2011-06-29 22:33:22 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-06-29 22:32:46 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-06-29 22:32:46 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-06-29 22:32:46 ----A---- C:\Windows\system32\drivers\srv.sys
2011-06-29 22:31:14 ----A---- C:\Windows\system32\oleaut32.dll
2011-06-29 22:31:11 ----A---- C:\Windows\system32\drivers\dfsc.sys
2011-06-29 22:31:09 ----A---- C:\Windows\system32\inetcomm.dll
2011-06-29 22:31:07 ----A---- C:\Windows\system32\d3d10_1.dll
2011-06-29 22:28:56 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-06-29 22:28:55 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-06-29 22:28:55 ----A---- C:\Windows\system32\drivers\mrxsmb.sys

======List of files/folders modified in the last 1 month======

2011-07-24 17:48:41 ----D---- C:\Windows\Temp
2011-07-24 17:48:40 ----D---- C:\Windows\System32
2011-07-24 17:48:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-24 17:48:39 ----D---- C:\Windows\inf
2011-07-24 17:47:25 ----RD---- C:\Program Files
2011-07-24 17:43:55 ----AD---- C:\Windows\system32\drivers
2011-07-24 17:18:43 ----D---- C:\Windows
2011-07-24 17:16:22 ----HD---- C:\ProgramData
2011-07-24 17:02:49 ----D---- C:\Windows\system32\drivers\etc
2011-07-24 16:50:24 ----D---- C:\Windows\system32\catroot
2011-07-24 16:50:23 ----D---- C:\Windows\system32\DriverStore
2011-07-24 16:47:05 ----SHD---- C:\System Volume Information
2011-07-24 16:45:09 ----SHD---- C:\Windows\Installer
2011-07-24 16:45:08 ----SHD---- C:\Config.Msi
2011-07-24 16:44:59 ----D---- C:\Windows\winsxs
2011-07-24 16:41:22 ----SD---- C:\Users\oem\AppData\Roaming\Microsoft
2011-07-24 15:54:41 ----D---- C:\Windows\system32\config
2011-07-24 15:51:57 ----D---- C:\Windows\system32\catroot2
2011-07-20 12:08:48 ----D---- C:\Windows\Prefetch
2011-07-19 17:55:38 ----D---- C:\Windows\Tasks
2011-07-19 17:55:38 ----D---- C:\Windows\system32\Tasks
2011-07-13 17:26:10 ----D---- C:\Users\oem\AppData\Roaming\vlc
2011-07-13 14:35:22 ----A---- C:\Windows\system32\MRT.exe
2011-07-13 14:34:55 ----D---- C:\ProgramData\Microsoft Help
2011-07-05 17:08:14 ----D---- C:\Windows\system32\NDF
2011-07-04 21:01:57 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-04 20:57:43 ----D---- C:\Program Files\Common Files
2011-07-01 10:12:22 ----D---- C:\ProgramData\Adobe
2011-06-30 16:19:41 ----D---- C:\Windows\Microsoft.NET
2011-06-30 16:19:37 ----RSD---- C:\Windows\assembly
2011-06-30 09:14:29 ----RSD---- C:\Windows\Fonts
2011-06-30 09:14:28 ----D---- C:\Windows\system32\migration
2011-06-30 09:14:28 ----D---- C:\Program Files\Internet Explorer
2011-06-29 23:33:47 ----D---- C:\Program Files\Common Files\microsoft shared

#2 Příspěvek od **Caroprd111** » 24 črc 2011 16:56

Zdravím.

Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu

Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

/md5start
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
hal.dll
logevent.dll
netlogon.dll
ntelogon.dll
scecli.dll
sceclt.dll
ws2_32.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
cdrom.sys 
Changer.sys
fastfat.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys 
JakNDis.sys
KR10N.sys
mv61xx.sys
ndis.sys
ntfs.sys
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys 
nvrd32.sys 
nvstor.sys
nvstor32.sys
symmpi.sys
tcpip.sys
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
/md5stop

C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X 
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav 
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe


HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

Označte položku Pro všechny uživatele.
Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Klikněte na tlačítko Prohledat
Po dokončení, sem vložte logy OTL.Txt a Extras.txt

dovemonkey · #3 Příspěvek od **dovemonkey** » 24 črc 2011 17:05

A kde najdu ty logy z programu OTL??

....když kliknu na prohledat tak se program vypne (nevim jestli je to dobre, jedu v nouzaku)....

#4 Příspěvek od **Caroprd111** » 24 črc 2011 17:44

To není dobře... Stáhněte http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe a spusťte. Poté stiskněte 2 a poté Enter. Log RKreport.txt mi sem vložte a zkuste znovu spustit OTL.

dovemonkey · #5 Příspěvek od **dovemonkey** » 24 črc 2011 17:49

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Safe mode with network support
User: oem [Admin rights]
Mode: Remove -- Date : 07/24/2011 18:48:47

Bad processes: 0

Registry Entries: 6
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]

Finished : << RKreport[1].txt >>
RKreport[1].txt

#6 Příspěvek od **Caroprd111** » 24 črc 2011 17:52

Ok, jde Vám OTL?

dovemonkey · #7 Příspěvek od **dovemonkey** » 24 črc 2011 18:03

OTL stále po kliknutí na prohledat začne hledat ale hned spadne

(

#8 Příspěvek od **Caroprd111** » 24 črc 2011 18:13

Zkuste spustit ComboFix podle návodu http://www.bleepingcomputer.com/combofi ... t-combofix

dovemonkey · #9 Příspěvek od **dovemonkey** » 24 črc 2011 20:30

Tady je log

ComboFix 11-07-24.01 - oem 24.07.2011 21:02:15.1.1 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.1014.395 [GMT 2:00]
Spuštěný z: c:\users\oem\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.tray-12-0\svchost.exe
c:\windows\update.tray-2-0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
-------\Service_srvbtcclient
-------\Service_srvbtcclient
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-24 do 2011-07-24 )))))))))))))))))))))))))))))))
.
.
2011-07-24 19:17 . 2011-07-24 19:19 -------- d-----w- c:\users\oem\AppData\Local\temp
2011-07-24 19:17 . 2011-07-24 19:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-24 15:47 . 2011-07-24 15:49 -------- d-----w- c:\program files\trend micro
2011-07-24 15:47 . 2011-07-24 15:47 -------- d-----w- C:\rsit
2011-07-24 15:18 . 2011-07-24 15:18 -------- d--h--w- c:\windows\PIF
2011-07-24 15:16 . 2011-07-24 15:16 -------- d-----w- c:\program files\Crawler
2011-07-24 15:16 . 2011-07-24 15:17 -------- d-----w- c:\users\oem\AppData\Roaming\Spyware Terminator
2011-07-24 15:16 . 2011-07-24 15:16 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-07-24 15:16 . 2011-07-24 15:17 -------- d-----w- c:\programdata\Spyware Terminator
2011-07-24 15:16 . 2011-07-24 15:17 -------- d-----w- c:\program files\Spyware Terminator
2011-07-24 14:57 . 2011-07-24 19:15 -------- d--h--w- c:\windows\update.tray-12-0
2011-07-24 14:57 . 2011-07-24 14:57 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-07-24 14:53 . 2011-07-24 14:53 -------- d-----w- C:\$AVG
2011-07-24 14:53 . 2011-07-24 14:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2011-07-24 14:53 . 2011-07-24 14:53 25608 ----a-w- c:\windows\system32\drivers\AVGIDSwx.sys
2011-07-24 14:53 . 2011-07-24 14:53 161672 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-07-24 14:53 . 2011-07-24 14:53 356616 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-24 14:53 . 2011-07-24 14:53 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-07-24 14:53 . 2011-07-24 14:53 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-07-24 14:53 . 2011-07-24 14:53 -------- d-----w- c:\windows\system32\drivers\Avg
2011-07-24 14:49 . 2011-07-24 14:49 23832 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2011-07-24 14:24 . 2011-07-24 14:33 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2011-07-24 14:24 . 2011-07-24 14:24 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2011-07-24 14:24 . 2011-07-24 14:33 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2011-07-24 14:24 . 2011-07-24 14:24 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2011-07-24 14:21 . 2011-07-24 16:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-07-24 14:21 . 2011-07-24 15:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-24 13:56 . 2011-07-24 13:56 -------- d-----w- c:\program files\CCleaner
2011-07-21 10:32 . 2011-07-21 10:32 -------- d-----w- c:\windows\ufa
2011-07-21 10:32 . 2011-07-21 10:32 -------- d-----w- c:\windows\rpcminer
2011-07-21 10:32 . 2011-07-21 10:32 -------- d-----w- c:\windows\phoenix
2011-07-21 10:32 . 2011-07-21 10:33 246272 ----a-w- c:\windows\unrar.exe
2011-07-21 10:29 . 2011-07-21 10:29 -------- d-----w- c:\windows\av_ico
2011-07-21 10:28 . 2011-07-24 19:15 -------- d--h--w- c:\windows\update.tray-2-0
2011-07-21 10:28 . 2011-07-21 10:28 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-07-20 10:09 . 2011-07-20 10:09 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-07-20 10:09 . 2011-07-20 10:09 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-07-20 10:08 . 2011-07-20 10:16 -------- d-----w- c:\users\oem\AppData\Roaming\DAEMON Tools Lite
2011-07-20 10:08 . 2011-07-20 10:08 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-07-19 15:55 . 2011-07-19 15:56 -------- d-----w- c:\users\oem\AppData\Local\Google
2011-07-19 09:48 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{77B4C4AA-9E74-4D23-9248-4CB84132CA42}\mpengine.dll
2011-07-13 11:57 . 2011-07-13 11:57 -------- d-----w- c:\users\oem\AppData\Local\Apps
2011-07-13 11:57 . 2011-07-24 14:16 -------- d-----w- c:\users\oem\AppData\Local\Deployment
2011-07-13 07:28 . 2011-04-28 03:29 60416 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-13 07:28 . 2011-04-28 03:29 393216 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-07-13 07:28 . 2011-06-02 05:59 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 07:28 . 2011-06-02 05:55 271872 ----a-w- c:\windows\system32\conhost.exe
2011-07-13 07:28 . 2011-06-02 05:58 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-04 19:04 . 2011-07-04 19:04 -------- d-----w- c:\users\oem\AppData\Local\Adobe
2011-07-04 18:58 . 2011-07-04 19:04 -------- d-----w- C:\UP2011
2011-07-04 18:57 . 2011-07-04 18:57 -------- d-----w- c:\program files\Common Files\InstallShield
2011-06-29 20:35 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 20:35 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 20:35 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 20:35 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 20:35 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 20:35 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 20:35 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-29 20:35 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 20:35 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 20:34 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-29 20:34 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-29 20:33 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 20:32 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-29 20:32 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-29 20:32 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-29 20:31 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-29 20:31 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-29 20:31 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-29 20:31 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-29 20:31 . 2011-04-29 05:08 759296 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-29 20:28 . 2011-05-04 02:43 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-29 20:28 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-29 20:28 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-24 14:28 . 2009-07-13 23:50 217088 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2011-07-24 14:06 . 2011-05-11 23:02 517120 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-24 17:14 . 2010-11-30 13:54 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & DestroyS\TeaTimer.exe" [2009-03-05 2260480]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-07-24 3037696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-07-19 15:55 136176 ----atw- c:\users\oem\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-16 22:11 49152 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [x]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [x]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys [x]
R3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys [x]
R3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-30 1343400]
S0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSwx.sys [2011-07-24 25608]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2011-07-24 161672]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2011-07-24 23832]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2011-07-24 333192]
S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2011-07-24 356616]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-20 218688]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-11-16 95896]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-367092564-4290927158-3838574436-1000Core.job
- c:\users\oem\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-19 15:55]
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-367092564-4290927158-3838574436-1000UA.job
- c:\users\oem\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-19 15:55]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.16.32.250 153.19.250.100 0.0.0.0 208.67.222.222
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
SafeBoot-Wdf01000.sys
MSConfigStartUp-359043 - c:\windows\Temp\359043.exe
MSConfigStartUp-4262796 - c:\users\oem\AppData\Local\Temp\4262796.exe
MSConfigStartUp-6397467 - c:\windows\Temp\6397467.exe
MSConfigStartUp-73022690-loader2 - c:\windows\Temp\73022690-loader2.exe
MSConfigStartUp-9876910 - c:\windows\Temp\9876910.exe
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-BlazeServoTool - c:\program files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
MSConfigStartUp-l1rezerv - c:\windows\l1rezerv.exe
MSConfigStartUp-sysdriver32 - c:\windows\sysdriver32.exe
MSConfigStartUp-sysdriver32_ - c:\windows\sysdriver32_.exe
MSConfigStartUp-systemup - c:\windows\systemup.exe
MSConfigStartUp-tray_ico0 - c:\windows\update.tray-2-0\svchost.exe
MSConfigStartUp-tray_ico1 - c:\windows\update.tray-12-0\svchost.exe
MSConfigStartUp-wxpdrv - c:\windows\services32.exe
AddRemove-AVG9Uninstall - c:\program files\AVG\AVG9\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\.1394ohci]
"ImagePath"="\*"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\.HDAudBus]
"ImagePath"="\*"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\.usbhub]
"ImagePath"="\*"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2011-07-24 21:27:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-24 19:27
.
Před spuštěním: Volných bajtů: 30 071 197 696
Po spuštění: Volných bajtů: 29 831 176 192
.
- - End Of File - - 51E8F056C00CAAF898225A39AE48146A

#10 Příspěvek od **Caroprd111** » 24 črc 2011 20:44

Jde Vám OTL?

dovemonkey · #11 Příspěvek od **dovemonkey** » 24 črc 2011 21:19

Áno, log přikládám

...

OTL logfile created on: 24.7.2011 21:57:15 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\oem\Downloads
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1014,43 Mb Total Physical Memory | 284,39 Mb Available Physical Memory | 28,03% Memory free
1,99 Gb Paging File | 1,16 Gb Available in Paging File | 58,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,73 Gb Total Space | 29,85 Gb Free Space | 61,27% Space Free | Partition Type: NTFS
Drive D: | 100,21 Gb Total Space | 36,09 Gb Free Space | 36,01% Space Free | Partition Type: NTFS
Drive F: | 3,69 Gb Total Space | 2,67 Gb Free Space | 72,51% Space Free | Partition Type: FAT32

Computer Name: OEM-PC | User Name: oem | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.07.24 21:56:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\oem\Downloads\OTL (8).exe
PRC - [2011.07.24 17:16:26 | 003,037,696 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2011.07.24 17:16:26 | 000,498,176 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

========== Modules (SafeList) ==========

MOD - [2011.07.24 21:56:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\oem\Downloads\OTL (8).exe
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AVGIDSAgent)
SRV - File not found [Auto | Stopped] -- -- (avgfws9)
SRV - File not found [Auto | Stopped] -- -- (avg9wd)
SRV - [2011.07.24 17:16:26 | 000,498,176 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2010.11.30 17:12:16 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011.07.24 16:53:17 | 000,161,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2011.07.24 16:53:17 | 000,025,608 | ---- | M] (AVG Technologies ) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\AVGIDSwx.sys -- (AVGIDSErHrw7x)
DRV - [2011.07.24 16:53:16 | 000,356,616 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2011.07.24 16:53:09 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2011.07.24 16:53:09 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011.07.24 16:49:17 | 000,023,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2011.07.24 16:06:19 | 000,517,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbhub.sys -- (usbhub)
DRV - [2011.07.20 12:09:25 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.01.13 23:08:01 | 000,483,200 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2010.11.20 12:01:12 | 000,164,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009.11.16 10:06:52 | 000,095,896 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2009.11.16 10:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.11.16 09:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 01:12:21 | 000,187,904 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\netbt.sys -- (NetBT)
DRV - [2009.07.14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009.04.29 09:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009.04.20 10:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2007.05.11 04:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007.05.09 02:59:40 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007.03.05 07:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007.03.05 06:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT)
DRV - [2007.03.05 06:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2007.03.05 06:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2007.03.05 06:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)
DRV - [2007.03.05 06:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
DRV - [2006.11.16 10:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006.11.16 05:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.16 03:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-367092564-4290927158-3838574436-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-367092564-4290927158-3838574436-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\oem\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\oem\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

O1 HOSTS File: ([2011.07.24 21:19:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O4 - HKU\S-1-5-21-367092564-4290927158-3838574436-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & DestroyS\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-367092564-4290927158-3838574436-1000..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-367092564-4290927158-3838574436-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-367092564-4290927158-3838574436-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.32.250 153.19.250.100 0.0.0.0 208.67.222.222
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011.07.24 21:26:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.07.24 21:17:14 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Local\temp
[2011.07.24 20:59:08 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.07.24 19:27:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.07.24 19:27:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.07.24 19:27:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.07.24 19:26:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.07.24 19:26:27 | 004,151,589 | R--- | C] (Swearware) -- C:\Users\oem\Desktop\ComboFix.exe
[2011.07.24 19:16:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.07.24 18:48:47 | 000,000,000 | ---D | C] -- C:\Users\oem\Desktop\RK_Quarantine
[2011.07.24 18:01:45 | 000,000,000 | ---D | C] -- C:\Users\oem\Desktop\OTL
[2011.07.24 17:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.07.24 17:47:24 | 000,000,000 | ---D | C] -- C:\rsit
[2011.07.24 17:18:43 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011.07.24 17:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler lišta
[2011.07.24 17:16:30 | 000,000,000 | ---D | C] -- C:\Program Files\Crawler
[2011.07.24 17:16:26 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\Spyware Terminator
[2011.07.24 17:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2011.07.24 17:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator
[2011.07.24 17:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2011.07.24 17:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & DestroyS
[2011.07.24 16:57:37 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-12-0-lnk
[2011.07.24 16:57:37 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-12-0
[2011.07.24 16:53:20 | 000,000,000 | ---D | C] -- C:\$AVG
[2011.07.24 16:53:18 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2011.07.24 16:53:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 9.0
[2011.07.24 16:53:17 | 000,161,672 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2011.07.24 16:53:17 | 000,025,608 | ---- | C] (AVG Technologies ) -- C:\Windows\System32\drivers\AVGIDSwx.sys
[2011.07.24 16:53:15 | 000,356,616 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2011.07.24 16:53:09 | 000,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2011.07.24 16:53:09 | 000,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2011.07.24 16:53:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2011.07.24 16:49:17 | 000,023,832 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2011.07.24 16:24:50 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\oem\Desktop\setup-spybotsd162.exe
[2011.07.24 16:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2011.07.24 16:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2011.07.24 16:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2011.07.24 16:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2011.07.24 16:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.07.24 16:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.07.24 16:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.07.24 16:21:23 | 000,000,000 | ---D | C] -- C:\Users\oem\Desktop\AVG Internet Security 9.0.663 serial cz-sk-eng
[2011.07.24 15:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.07.24 15:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.07.21 12:32:50 | 000,000,000 | ---D | C] -- C:\Windows\ufa
[2011.07.21 12:32:49 | 000,000,000 | ---D | C] -- C:\Windows\rpcminer
[2011.07.21 12:32:49 | 000,000,000 | ---D | C] -- C:\Windows\phoenix
[2011.07.21 12:29:35 | 000,000,000 | ---D | C] -- C:\Windows\av_ico
[2011.07.21 12:28:17 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-2-0-lnk
[2011.07.21 12:28:17 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-2-0
[2011.07.20 16:31:17 | 000,000,000 | ---D | C] -- C:\Users\oem\Documents\18 WoS Extreme Trucker 2
[2011.07.20 12:21:14 | 000,000,000 | ---D | C] -- C:\Users\oem\Desktop\X-Men_-__First_Class_(2011_R5_XviD)_+_CZ_titulky
[2011.07.20 12:09:25 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011.07.20 12:09:09 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011.07.20 12:08:44 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\DAEMON Tools Lite
[2011.07.20 12:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011.07.19 17:57:04 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.07.19 17:55:34 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Local\Google
[2011.07.14 15:46:46 | 000,000,000 | ---D | C] -- C:\Users\oem\Desktop\IronClad
[2011.07.14 15:40:53 | 000,000,000 | R--D | C] -- C:\Users\oem\Desktop\Hudba
[2011.07.14 15:35:32 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\WinRAR
[2011.07.14 15:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.07.14 15:35:31 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.07.14 15:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011.07.13 13:57:21 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CZShare
[2011.07.13 13:57:08 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Local\Apps
[2011.07.13 13:57:07 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Local\Deployment
[2011.07.13 13:56:50 | 000,000,000 | ---D | C] -- C:\Users\oem\Desktop\CZShareManager
[2011.07.13 09:28:15 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011.07.13 09:28:15 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.07.13 09:27:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.13 09:27:56 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011.07.13 09:27:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.07.13 09:27:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011.07.13 09:27:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.07.13 09:27:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011.07.13 09:27:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.07.13 09:27:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011.07.13 09:27:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011.07.13 09:27:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011.07.13 09:27:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.07.13 09:27:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011.07.13 09:27:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011.07.13 09:27:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011.07.13 09:27:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011.07.13 09:27:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011.07.13 09:27:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011.07.13 09:27:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011.07.13 09:27:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011.07.13 09:27:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.07.13 09:27:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011.07.13 09:27:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011.07.13 09:27:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011.07.13 09:27:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011.07.13 09:27:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011.07.13 09:27:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011.07.13 09:27:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011.07.13 09:27:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011.07.13 09:27:46 | 002,332,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.07.04 21:04:59 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Local\Adobe
[2011.07.04 21:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP-Soft
[2011.07.04 20:58:03 | 000,000,000 | ---D | C] -- C:\UP2011
[2011.07.04 20:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011.06.29 23:16:52 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.06.29 23:16:51 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.06.29 23:16:50 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.06.29 23:16:50 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.06.29 23:16:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.06.29 23:16:49 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.06.29 23:16:49 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.06.29 23:16:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.06.29 23:16:48 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.06.29 23:16:48 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.06.29 23:16:47 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.06.29 22:35:27 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011.06.29 22:35:27 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011.06.29 22:35:24 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011.06.29 22:35:24 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011.06.29 22:35:23 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011.06.29 22:35:22 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011.06.29 22:31:07 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

========== Files - Modified Within 30 Days ==========

[2011.07.24 22:00:03 | 000,000,954 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-367092564-4290927158-3838574436-1000UA.job
[2011.07.24 21:58:23 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.07.24 21:30:25 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.24 21:30:25 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.24 21:25:48 | 000,656,624 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2011.07.24 21:25:48 | 000,624,802 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.24 21:25:48 | 000,130,620 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2011.07.24 21:25:48 | 000,114,798 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.07.24 21:19:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.07.24 21:19:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.24 21:18:58 | 797,777,920 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.24 19:26:45 | 004,151,589 | R--- | M] (Swearware) -- C:\Users\oem\Desktop\ComboFix.exe
[2011.07.24 18:22:20 | 000,579,584 | ---- | M] () -- C:\Users\oem\Desktop\OTL.exe
[2011.07.24 18:06:24 | 000,579,584 | ---- | M] () -- C:\Users\oem\Desktop\OTL (1).exe
[2011.07.24 17:17:05 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2011.07.24 17:16:26 | 000,142,592 | ---- | M] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011.07.24 17:00:46 | 000,001,223 | ---- | M] () -- C:\Users\oem\Desktop\Spybot - Search & Destroy.lnk
[2011.07.24 17:00:15 | 000,203,160 | -H-- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110724-170249.backup
[2011.07.24 16:53:18 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2011.07.24 16:53:17 | 000,161,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2011.07.24 16:53:17 | 000,025,608 | ---- | M] (AVG Technologies ) -- C:\Windows\System32\drivers\AVGIDSwx.sys
[2011.07.24 16:53:16 | 000,356,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2011.07.24 16:53:09 | 000,568,130 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2011.07.24 16:53:09 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2011.07.24 16:53:09 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2011.07.24 16:53:09 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2011.07.24 16:53:08 | 041,948,701 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011.07.24 16:53:03 | 006,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2011.07.24 16:53:03 | 000,463,779 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2011.07.24 16:53:03 | 000,113,263 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2011.07.24 16:49:17 | 000,023,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2011.07.24 16:25:18 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\oem\Desktop\setup-spybotsd162.exe
[2011.07.24 16:06:19 | 000,517,120 | ---- | M] () -- C:\Windows\System32\drivers\usbhub.sys
[2011.07.24 15:56:07 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.07.21 12:33:21 | 000,904,792 | ---- | M] () -- C:\Windows\geoiplist.rar
[2011.07.21 12:33:21 | 000,246,272 | ---- | M] () -- C:\Windows\unrar.exe
[2011.07.20 12:09:25 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011.07.20 12:09:14 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011.07.19 18:20:24 | 468,647,061 | ---- | M] () -- C:\Users\oem\Desktop\Soul.Surfer.2011.480p.BRRip.x264.AAC-mitu420.mkv
[2011.07.19 18:00:02 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-367092564-4290927158-3838574436-1000Core.job
[2011.07.19 17:57:10 | 000,002,300 | ---- | M] () -- C:\Users\oem\Desktop\Internet Google Chrome.lnk
[2011.07.17 03:24:20 | 004,636,907 | ---- | M] () -- C:\Windows\geoiplist
[2011.07.14 15:27:26 | 000,000,634 | ---- | M] () -- C:\Users\oem\Desktop\Filmy.lnk
[2011.07.13 23:01:19 | 000,023,774 | ---- | M] () -- C:\Users\oem\Desktop\11455.jpg
[2011.07.13 22:55:58 | 000,029,597 | ---- | M] () -- C:\Users\oem\Desktop\12037.jpg
[2011.07.13 22:55:44 | 000,029,230 | ---- | M] () -- C:\Users\oem\Desktop\12035.jpg
[2011.07.13 22:48:25 | 000,019,933 | ---- | M] () -- C:\Users\oem\Desktop\12712.jpg
[2011.07.13 22:46:59 | 000,020,297 | ---- | M] () -- C:\Users\oem\Desktop\12661.jpg
[2011.07.13 14:46:27 | 000,410,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.07.13 13:57:21 | 000,000,318 | ---- | M] () -- C:\Users\oem\Desktop\CZShare Manager.appref-ms
[2011.07.04 21:04:50 | 000,001,415 | ---- | M] () -- C:\Users\Public\Desktop\Licenční podmínky.lnk
[2011.07.04 21:04:50 | 000,001,408 | ---- | M] () -- C:\Users\Public\Desktop\Doplňující informace.lnk
[2011.07.04 21:04:50 | 000,001,391 | ---- | M] () -- C:\Users\Public\Desktop\Majetek a cenové předpisy, stav k 1.5.2011.lnk
[2011.07.04 21:04:50 | 000,001,389 | ---- | M] () -- C:\Users\Public\Desktop\Účetní poradce, stav k 1.5.2011.lnk
[2011.07.04 21:04:50 | 000,001,383 | ---- | M] () -- C:\Users\Public\Desktop\Poslední stav programu Quickbook.lnk
[2011.07.03 13:25:54 | 000,000,507 | ---- | M] () -- C:\Users\oem\Desktop\Default.aspx - Používá technologii Dokumenty Google.url
[2011.06.26 08:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe

========== Files Created - No Company Name ==========

[2011.07.24 21:58:23 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.07.24 19:30:20 | 000,164,864 | ---- | C] () -- C:\Windows\System32\drivers\1394ohci.svs
[2011.07.24 19:27:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.07.24 19:27:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.07.24 19:27:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.07.24 19:27:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.07.24 19:27:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.07.24 18:22:18 | 000,579,584 | ---- | C] () -- C:\Users\oem\Desktop\OTL.exe
[2011.07.24 18:06:24 | 000,579,584 | ---- | C] () -- C:\Users\oem\Desktop\OTL (1).exe
[2011.07.24 17:17:05 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2011.07.24 17:16:26 | 000,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011.07.24 16:53:09 | 000,568,130 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2011.07.24 16:53:08 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2011.07.24 16:53:03 | 041,948,701 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011.07.24 16:53:03 | 000,463,779 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2011.07.24 16:53:03 | 000,113,263 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2011.07.24 16:53:02 | 006,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2011.07.24 16:22:10 | 000,001,223 | ---- | C] () -- C:\Users\oem\Desktop\Spybot - Search & Destroy.lnk
[2011.07.24 15:56:07 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.07.21 12:33:12 | 004,636,907 | ---- | C] () -- C:\Windows\geoiplist
[2011.07.21 12:33:11 | 000,904,792 | ---- | C] () -- C:\Windows\geoiplist.rar
[2011.07.21 12:32:48 | 000,246,272 | ---- | C] () -- C:\Windows\unrar.exe
[2011.07.20 12:09:14 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011.07.19 18:04:19 | 468,647,061 | ---- | C] () -- C:\Users\oem\Desktop\Soul.Surfer.2011.480p.BRRip.x264.AAC-mitu420.mkv
[2011.07.19 17:57:10 | 000,002,300 | ---- | C] () -- C:\Users\oem\Desktop\Internet Google Chrome.lnk
[2011.07.19 17:55:38 | 000,000,954 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-367092564-4290927158-3838574436-1000UA.job
[2011.07.19 17:55:36 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-367092564-4290927158-3838574436-1000Core.job
[2011.07.14 15:27:26 | 000,000,634 | ---- | C] () -- C:\Users\oem\Desktop\Filmy.lnk
[2011.07.13 23:01:26 | 000,023,774 | ---- | C] () -- C:\Users\oem\Desktop\11455.jpg
[2011.07.13 22:56:05 | 000,029,597 | ---- | C] () -- C:\Users\oem\Desktop\12037.jpg
[2011.07.13 22:55:50 | 000,029,230 | ---- | C] () -- C:\Users\oem\Desktop\12035.jpg
[2011.07.13 22:48:39 | 000,019,933 | ---- | C] () -- C:\Users\oem\Desktop\12712.jpg
[2011.07.13 22:47:17 | 000,020,297 | ---- | C] () -- C:\Users\oem\Desktop\12661.jpg
[2011.07.13 13:57:21 | 000,000,318 | ---- | C] () -- C:\Users\oem\Desktop\CZShare Manager.appref-ms
[2011.07.04 21:04:50 | 000,001,415 | ---- | C] () -- C:\Users\Public\Desktop\Licenční podmínky.lnk
[2011.07.04 21:04:50 | 000,001,408 | ---- | C] () -- C:\Users\Public\Desktop\Doplňující informace.lnk
[2011.07.04 21:04:50 | 000,001,391 | ---- | C] () -- C:\Users\Public\Desktop\Majetek a cenové předpisy, stav k 1.5.2011.lnk
[2011.07.04 21:04:50 | 000,001,389 | ---- | C] () -- C:\Users\Public\Desktop\Účetní poradce, stav k 1.5.2011.lnk
[2011.07.04 21:04:50 | 000,001,383 | ---- | C] () -- C:\Users\Public\Desktop\Poslední stav programu Quickbook.lnk
[2011.07.03 13:25:53 | 000,000,507 | ---- | C] () -- C:\Users\oem\Desktop\Default.aspx - Používá technologii Dokumenty Google.url
[2011.05.12 01:02:37 | 000,517,120 | ---- | C] () -- C:\Windows\System32\drivers\usbhub.sys
[2011.01.07 21:20:45 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo.dll
[2011.01.07 21:17:49 | 000,000,140 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin
[2010.11.30 16:23:44 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009.09.23 20:16:08 | 002,050,952 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2009.07.14 10:44:22 | 000,656,624 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2009.07.14 10:44:22 | 000,292,004 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2009.07.14 10:44:22 | 000,130,620 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2009.07.14 10:44:22 | 000,036,232 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,410,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,624,802 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,114,798 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:52:00 | 000,164,864 | ---- | C] () -- C:\Windows\System32\drivers\1394ohci.sys
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:50:56 | 000,217,088 | ---- | C] () -- C:\Windows\System32\drivers\hdaudbus.sys
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.14 01:12:21 | 000,187,904 | ---- | C] () -- C:\Windows\System32\drivers\netbt.sys
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.05.08 05:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== LOP Check ==========

[2010.12.01 12:11:18 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Ashampoo
[2010.12.10 10:07:53 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\AVG10
[2011.07.20 12:16:45 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\DAEMON Tools Lite
[2010.12.01 12:05:48 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\ESET
[2011.07.24 17:17:39 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Spyware Terminator
[2011.05.20 02:30:18 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & DestroyS\TeaTimer.exe -- [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.)
"SpywareTerminatorUpdate" = "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" -- [2011.07.24 17:16:26 | 003,037,696 | ---- | M] (Crawler.com)

< >

< MD5 for: AGP440.SYS >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\ERDNT\cache\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\System32\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010.11.20 14:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll

< MD5 for: CSRSS.EXE >
[2009.07.14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe
[2009.07.14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\ERDNT\cache\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: FASTFAT.SYS >
[2009.07.14 01:14:02 | 000,148,480 | ---- | M] (Microsoft Corporation) MD5=7E0AB74553476622FB6AE36F73D97D35 -- C:\Windows\System32\drivers\fastfat.sys
[2009.07.14 01:14:02 | 000,148,480 | ---- | M] (Microsoft Corporation) MD5=7E0AB74553476622FB6AE36F73D97D35 -- C:\Windows\winsxs\x86_microsoft-windows-fat_31bf3856ad364e35_6.1.7600.16385_none_ae8981a3b8b7be50\fastfat.sys

< MD5 for: HAL.DLL >
[2010.11.20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: IASTORV.SYS >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\isapnp.sys
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\ERDNT\cache\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\System32\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\ERDNT\cache\ndis.sys
[2009.07.14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009.07.14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys
[2010.11.20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys

< MD5 for: NETLOGON.DLL >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NTFS.SYS >
[2011.03.11 07:44:01 | 001,210,240 | ---- | M] (Microsoft Corporation) MD5=187002CE05693C306F43C873F821381F -- C:\Windows\ERDNT\cache\ntfs.sys
[2011.03.11 07:44:01 | 001,210,240 | ---- | M] (Microsoft Corporation) MD5=187002CE05693C306F43C873F821381F -- C:\Windows\System32\drivers\ntfs.sys
[2011.03.11 07:44:01 | 001,210,240 | ---- | M] (Microsoft Corporation) MD5=187002CE05693C306F43C873F821381F -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16778_none_a65558427e3453b4\ntfs.sys
[2010.11.20 14:30:06 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=33C3093D09017CFE2E219F2472BFF6EB -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_a87893a87b2db29e\ntfs.sys
[2009.07.14 03:20:44 | 001,210,432 | ---- | M] (Microsoft Corporation) MD5=3795DCD21F740EE799FB7223234215AF -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_a6477fe07e3f2f04\ntfs.sys
[2011.03.11 07:39:00 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=81189C3D7763838E55C397759D49007A -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_a83ab4fe7b5ba649\ntfs.sys
[2011.03.11 07:52:25 | 001,210,752 | ---- | M] (Microsoft Corporation) MD5=A7266D82DB9675AFBDED39695B69EDAC -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20921_none_a70e0489972fb38f\ntfs.sys
[2011.03.11 07:28:10 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=E2EDE3F02F95B896A1C7C6F0CC0C4083 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_a8b27fd79487b0a3\ntfs.sys

< MD5 for: NVRAID.SYS >
[2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys
[2010.11.20 14:30:06 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvraid.sys
[2011.03.11 07:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvraid.sys
[2011.03.11 07:28:10 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=E3B840350A72CA6F39BD2BEF85A2BCFB -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvraid.sys
[2011.03.11 07:44:01 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=F1B0BED906F97E16F6D0C3629D2F21C6 -- C:\Windows\System32\drivers\nvraid.sys
[2011.03.11 07:44:01 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=F1B0BED906F97E16F6D0C3629D2F21C6 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvraid.sys
[2011.03.11 07:44:01 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=F1B0BED906F97E16F6D0C3629D2F21C6 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvraid.sys
[2011.03.11 07:52:25 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=FCD5C3542A85EEBA7D0833B7E5086C10 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2007.04.20 05:12:58 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=615D79A1D2C98817FF2FDEB1B167D808 -- C:\swsetup\SP36079\WinVista32\IDE\WinVista\sata_ide\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SMSS.EXE >
[2009.07.14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\System32\smss.exe
[2009.07.14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe

< MD5 for: SPOOLSV.EXE >
[2010.08.20 06:25:14 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=2FB4CE429488156B19C0D8E5C4552043 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_d6ab9bc23bf9f1c6\spoolsv.exe
[2009.07.14 03:14:41 | 000,316,416 | ---- | M] (Microsoft Corporation) MD5=49B6DD6AB3715B7A67965F17194E98A9 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_d621f94522dc5a87\spoolsv.exe
[2010.11.20 14:17:45 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=866A43013535DC8587C258E43579C764 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_d8530d0d1fcade21\spoolsv.exe
[2010.08.21 07:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\ERDNT\cache\spoolsv.exe
[2010.08.21 07:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\System32\spoolsv.exe
[2010.08.21 07:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_d6339da722cfb4be\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011.07.21 12:17:03 | 001,180,672 | -H-- | M] () MD5=E9AB1B94129B06A6FD92C25CC412025E -- C:\Windows\update.tray-12-0-lnk\svchost.exe
[2011.07.21 12:17:03 | 001,180,672 | -H-- | M] () MD5=E9AB1B94129B06A6FD92C25CC412025E -- C:\Windows\update.tray-2-0-lnk\svchost.exe

< MD5 for: TCPIP.SYS >
[2011.04.25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\ERDNT\cache\tcpip.sys
[2011.04.25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\System32\drivers\tcpip.sys
[2011.04.25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011.04.25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010.11.20 14:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011.04.25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2011.04.25 06:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2010.06.14 08:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2010.06.14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WS2_32.DLL >
[2010.11.20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\ERDNT\cache\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< >

< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2009.07.14 03:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006.10.26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009.07.14 03:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll
[2009.07.14 10:43:31 | 000,003,584 | ---- | M] (Lexmark International Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\cs-CZ\LXKPTPRC.DLL.mui

< %systemroot%\system32\drivers\*.sys /5 >
[2011.07.24 16:49:17 | 000,023,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgfwd6x.sys
[2011.07.24 16:53:17 | 000,025,608 | ---- | M] (AVG Technologies ) -- C:\Windows\system32\drivers\AVGIDSwx.sys
[2011.07.24 16:53:09 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgldx86.sys
[2011.07.24 16:53:09 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgmfx86.sys
[2011.07.24 16:53:17 | 000,161,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgrkx86.sys
[2011.07.24 16:53:16 | 000,356,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgtdix.sys
[2011.07.20 12:09:25 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\system32\drivers\dtsoftbus01.sys
[2011.07.24 16:28:56 | 000,217,088 | ---- | M] () -- C:\Windows\system32\drivers\hdaudbus.sys
[2011.07.24 17:16:26 | 000,142,592 | ---- | M] () -- C:\Windows\system32\drivers\sp_rsdrv2.sys
[2011.07.24 16:06:19 | 000,517,120 | ---- | M] () -- C:\Windows\system32\drivers\usbhub.sys

< %systemroot%\system32\drivers\*.sys /X >
[2010.11.20 12:01:12 | 000,164,864 | ---- | M] () -- C:\Windows\system32\drivers\1394ohci.svs
[2009.06.10 23:14:29 | 003,440,660 | ---- | M] () -- C:\Windows\system32\drivers\gm.dls
[2009.06.10 23:14:29 | 000,000,646 | ---- | M] () -- C:\Windows\system32\drivers\gmreadme.txt
[2009.06.10 23:27:38 | 000,000,003 | ---- | M] () -- C:\Windows\system32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2010.12.01 12:01:45 | 000,000,000 | -H-- | M] () -- C:\Windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.12.16 20:21:32 | 000,000,000 | -H-- | M] () -- C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2000.11.19 09:56:14 | 000,014,380 | ---- | M] () -- C:\Windows\system32\drivers\OXSER.VXD
[2003.08.04 00:05:14 | 000,073,728 | ---- | M] (Socket Communications Inc.) -- C:\Windows\system32\drivers\SCBaud.cpl
[2002.12.12 15:35:46 | 000,086,016 | ---- | M] (Socket Communications Inc.) -- C:\Windows\system32\drivers\SCBaud.w9x
[2001.07.12 00:19:40 | 000,005,787 | ---- | M] () -- C:\Windows\system32\drivers\SCTB.VXD
[2007.01.12 06:22:10 | 000,040,960 | ---- | M] (Socket Communications Inc.) -- C:\Windows\system32\drivers\SCTray.exe
[2002.09.17 17:11:02 | 000,077,824 | ---- | M] (Socket Communications Inc.) -- C:\Windows\system32\drivers\SioUi2k.dll
[2004.03.02 22:04:38 | 000,016,486 | ---- | M] () -- C:\Windows\system32\drivers\sktsio9x.vxd
[2006.11.02 07:09:50 | 001,419,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\wdfcoinstaller01005.dll

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.* /5 >
[2011.07.24 21:30:25 | 000,014,256 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.24 21:30:25 | 000,014,256 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.24 16:53:18 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\avgrsstx.dll
[2011.07.24 21:25:48 | 000,130,620 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2011.07.24 21:25:48 | 000,114,798 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2011.07.24 21:25:48 | 000,656,624 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2011.07.24 21:25:48 | 000,624,802 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2011.07.24 21:25:48 | 001,522,792 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\config\*.sav >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\*.* /U /s >
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\a21e6b2afa668bcf5cca9a97187a34ed\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a21e6b2afa668bcf5cca9a97187a34ed\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\cb985c93a969aed0a2fd7e4ddc64cd02\*.tmp files -> C:\Windows\SoftwareDistribution\Download\cb985c93a969aed0a2fd7e4ddc64cd02\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %ALLUSERSPROFILE%\Data Aplikací\*.* >

< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.* >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s >

< %APPDATA%\*. >
[2011.01.05 14:15:17 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Adobe
[2010.12.01 12:11:18 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Ashampoo
[2010.12.10 10:07:53 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\AVG10
[2011.07.20 12:16:45 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\DAEMON Tools Lite
[2010.12.01 12:05:48 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\ESET
[2010.12.01 12:02:32 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\hpqLog
[2010.11.29 21:19:22 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Identities
[2010.11.30 15:59:13 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\InstallShield
[2010.12.10 11:09:09 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Macromedia
[2009.07.14 11:20:15 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Media Center Programs
[2011.07.24 16:41:22 | 000,000,000 | --SD | M] -- C:\Users\oem\AppData\Roaming\Microsoft
[2011.07.24 17:17:39 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Spyware Terminator
[2011.07.13 17:26:10 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\vlc
[2011.07.14 15:35:47 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\WinRAR

< %APPDATA%\*.* >

< %APPDATA%\*.exe /s >

< %SYSTEMDRIVE%\*.exe >

< >

< >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-19 09:49:10

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s >
"JobInactivityTimeout" = 7776000
"JobMinimumRetryDelay" = 600
"JobNoProgressTimeout" = 1209600
"LogFileFlags" = 0
"LogFileMinMemory" = 120
"LogFileSize" = 1
"TimeQuantaLength" = 300
"UseLmCompat" = 2
"IGDSearcherDLL" = bitsigd.dll -- [2009.07.14 03:14:59 | 000,039,936 | ---- | M] (Microsoft Corporation)
"StateIndex" = 1

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.07.24 21:58:23 | 000,000,512 | ---- | M] () MD5=C06C53E9D5BD3C16D1AC68C21A58F666 -- C:\PhysicalMBR.bin

< End of report >

dovemonkey · #12 Příspěvek od **dovemonkey** » 24 črc 2011 21:21

á tady log extras ...

OTL Extras logfile created on: 24.7.2011 21:57:15 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\oem\Downloads
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1014,43 Mb Total Physical Memory | 284,39 Mb Available Physical Memory | 28,03% Memory free
1,99 Gb Paging File | 1,16 Gb Available in Paging File | 58,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,73 Gb Total Space | 29,85 Gb Free Space | 61,27% Space Free | Partition Type: NTFS
Drive D: | 100,21 Gb Total Space | 36,09 Gb Free Space | 36,01% Space Free | Partition Type: NTFS
Drive F: | 3,69 Gb Total Space | 2,67 Gb Free Space | 72,51% Space Free | Partition Type: FAT32

Computer Name: OEM-PC | User Name: oem | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallOverride" = 1
"DisableThumbnailCache" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2BE1DE38-5B5D-433E-BB92-B055AD540530}" = Účetní poradce
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{438BB9B4-65FE-4626-91D9-A8F57B18001D}" = Bluesoleil2.6.0.8 Release 070517
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1029-7B44-A92000000001}" = Adobe Reader 9.2 - Czech
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Burning Studio 8_is1" = Ashampoo Burning Studio 8.04
"CCleaner" = CCleaner
"CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Spyware Terminator_is1" = Spyware Terminator
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 1.1.9
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-367092564-4290927158-3838574436-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"75c0e0ceac8ef0d4" = CZShare Manager
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24.7.2011 15:49:45 | Computer Name = oem-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\program files\hewlett-packard\hp
quick launch buttons\RollBackDr64.exe se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 24.7.2011 15:50:10 | Computer Name = oem-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files\spybot - search
& destroys\DelZip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files\spybot - search & destroys\DelZip179.dll na řádku 8. Hodnota * atributu language
v prvku assemblyIdentity je neplatná.

Error - 24.7.2011 15:50:14 | Computer Name = oem-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files\spybot - search
& destroys\DelZip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files\spybot - search & destroys\DelZip179.dll na řádku 8. Hodnota * atributu language
v prvku assemblyIdentity je neplatná.

Error - 24.7.2011 15:50:21 | Computer Name = oem-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files\spybot - search
& destroys\DelZip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files\spybot - search & destroys\DelZip179.dll na řádku 8. Hodnota * atributu language
v prvku assemblyIdentity je neplatná.

Error - 24.7.2011 15:50:29 | Computer Name = oem-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Windows\system32\conhost.exe se
nezdařilo. Závislé sestavení Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 24.7.2011 16:14:52 | Computer Name = oem-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Windows\system32\conhost.exe se
nezdařilo. Závislé sestavení Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 24.7.2011 16:14:52 | Computer Name = oem-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Windows\system32\conhost.exe se
nezdařilo. Závislé sestavení Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 24.7.2011 16:14:53 | Computer Name = oem-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Windows\system32\conhost.exe se
nezdařilo. Závislé sestavení Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 24.7.2011 16:14:53 | Computer Name = oem-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Windows\system32\conhost.exe se
nezdařilo. Závislé sestavení Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 24.7.2011 16:14:53 | Computer Name = oem-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Windows\system32\conhost.exe se
nezdařilo. Závislé sestavení Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

[ System Events ]
Error - 24.7.2011 15:17:46 | Computer Name = oem-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 24.7.2011 15:19:05 | Computer Name = oem-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (21:17:50, ?24.?7.?2011) bylo neočekávané.

Error - 24.7.2011 15:19:13 | Computer Name = oem-PC | Source = Service Control Manager | ID = 7000
Description = Služba AVG9IDSShim neuspěla při spuštění v důsledku následující chyby:
%%3

Error - 24.7.2011 15:19:13 | Computer Name = oem-PC | Source = Service Control Manager | ID = 7001
Description = Služba AVG9IDSFilter závisí na službě AVG9IDSShim, která neuspěla
při spuštění v důsledku následující chyby: %%3

Error - 24.7.2011 15:19:13 | Computer Name = oem-PC | Source = Service Control Manager | ID = 7001
Description = Služba AVG9IDSDriver závisí na službě AVG9IDSFilter, která neuspěla
při spuštění v důsledku následující chyby: %%1068

Error - 24.7.2011 15:19:13 | Computer Name = oem-PC | Source = Service Control Manager | ID = 7002
Description = Služba AVG9IDSAgent závisí na skupině AVGIDSDriver a žádný člen této
skupiny nebyl spuštěn.

Error - 24.7.2011 15:19:14 | Computer Name = oem-PC | Source = Service Control Manager | ID = 7000
Description = Služba AVG WatchDog neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 24.7.2011 15:19:14 | Computer Name = oem-PC | Source = Service Control Manager | ID = 7000
Description = Služba AVG Firewall neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 24.7.2011 15:20:17 | Computer Name = oem-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 24.7.2011 15:47:17 | Computer Name = oem-PC | Source = volsnap | ID = 393252
Description = Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného
uživatelem se nepodařilo zvětšit úložiště stínové kopie.

< End of report >

#13 Příspěvek od **Caroprd111** » 24 črc 2011 21:55

Co uděláme s těmi nelegálními programy?

dovemonkey · #14 Příspěvek od **dovemonkey** » 24 črc 2011 22:56

No a to jsou které?

.....samozřejmě nelegální software odstraním....
...je to NTB přítelkyně, která prej "byla jen na FB a to samo "....měla tam tuším free NOD a já jsem jí tam potom naivně zkoušel ve snaze odstranit vira naistalovat AVG, ale v půlce instalace se vypl PC a ted tam asi figuruje ale odstranit nejde (nikde nejde odinstalovat)

btw: jak mam odstranit spyware programy, které díky viru nejdou spustit? když je chci smazat ručně, tak to napíše že nemám práva...děkuji

dovemonkey · #15 Příspěvek od **dovemonkey** » 25 črc 2011 01:41

.....pročetl jsem forum a zkusil jsem oddělat zbytky nenainstalovaného nelegálního AVG a naistalovat AVAST.....přikládám log ...děkuji

OTL logfile created on: 25.7.2011 2:29:11 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\oem\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1014,43 Mb Total Physical Memory | 307,00 Mb Available Physical Memory | 30,26% Memory free
1,99 Gb Paging File | 1,14 Gb Available in Paging File | 57,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,73 Gb Total Space | 29,38 Gb Free Space | 60,30% Space Free | Partition Type: NTFS
Drive D: | 100,21 Gb Total Space | 36,09 Gb Free Space | 36,01% Space Free | Partition Type: NTFS

Computer Name: OEM-PC | User Name: oem | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.07.25 02:03:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\oem\Desktop\OTL.exe
PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.07.04 13:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011.07.04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

========== Modules (SafeList) ==========

MOD - [2011.07.25 02:03:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\oem\Desktop\OTL.exe
MOD - [2011.07.04 13:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Stopped] -- -- (sp_rssrv)
SRV - File not found [Unknown | Stopped] -- -- (hpqwmiex)
SRV - File not found [Unknown | Stopped] -- -- (Com4QLBEx)
SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.11.30 17:12:16 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Unknown | Running] -- -- (NetBT)
DRV - [2011.07.20 12:09:25 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.07.04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.07.04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.07.04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.07.04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.07.04 13:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.07.04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.01.13 23:08:01 | 000,483,200 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2010.11.20 12:01:12 | 000,164,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009.11.16 10:06:52 | 000,095,896 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2009.11.16 10:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.11.16 09:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009.04.29 09:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009.04.20 10:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2007.05.11 04:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007.05.09 02:59:40 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007.03.05 07:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007.03.05 06:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT)
DRV - [2007.03.05 06:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2007.03.05 06:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2007.03.05 06:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)
DRV - [2007.03.05 06:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
DRV - [2006.11.16 10:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006.11.16 05:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.16 03:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-367092564-4290927158-3838574436-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-367092564-4290927158-3838574436-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\oem\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\oem\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

O1 HOSTS File: ([2011.07.24 21:19:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-367092564-4290927158-3838574436-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-367092564-4290927158-3838574436-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.32.250 153.19.250.100 0.0.0.0 208.67.222.222
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.07.25 02:02:47 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\oem\Desktop\OTL.exe
[2011.07.25 02:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011.07.25 02:02:31 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011.07.25 02:02:30 | 000,309,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011.07.25 02:02:28 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011.07.25 02:02:25 | 000,043,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011.07.25 02:02:24 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011.07.25 02:02:20 | 000,054,104 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011.07.25 02:01:32 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.07.25 02:01:32 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.07.25 02:01:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011.07.25 02:01:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011.07.25 00:20:29 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\Malwarebytes
[2011.07.25 00:20:15 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.07.25 00:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.07.25 00:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.07.25 00:20:10 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.07.25 00:20:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.07.25 00:10:47 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & DestroyY
[2011.07.24 21:26:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.07.24 21:17:14 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Local\temp
[2011.07.24 19:26:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.07.24 19:16:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.07.24 17:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.07.24 17:18:43 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011.07.24 17:16:26 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\Spyware Terminator
[2011.07.24 17:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2011.07.24 17:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2011.07.24 17:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & DestroyS
[2011.07.24 16:57:37 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-12-0-lnk
[2011.07.24 16:57:37 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-12-0
[2011.07.24 16:53:20 | 000,000,000 | ---D | C] -- C:\$AVG
[2011.07.24 16:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2011.07.24 16:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2011.07.24 16:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2011.07.24 16:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2011.07.24 16:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.07.24 16:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.07.24 15:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.07.24 15:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.07.21 12:32:50 | 000,000,000 | ---D | C] -- C:\Windows\ufa
[2011.07.21 12:32:49 | 000,000,000 | ---D | C] -- C:\Windows\phoenix
[2011.07.21 12:29:35 | 000,000,000 | ---D | C] -- C:\Windows\av_ico
[2011.07.21 12:28:17 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-2-0-lnk
[2011.07.21 12:28:17 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-2-0
[2011.07.20 16:31:17 | 000,000,000 | ---D | C] -- C:\Users\oem\Documents\18 WoS Extreme Trucker 2
[2011.07.20 12:21:14 | 000,000,000 | ---D | C] -- C:\Users\oem\Desktop\X-Men_-__First_Class_(2011_R5_XviD)_+_CZ_titulky
[2011.07.20 12:09:25 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011.07.20 12:09:09 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011.07.20 12:08:44 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\DAEMON Tools Lite
[2011.07.20 12:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011.07.19 17:57:04 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.07.19 17:55:34 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Local\Google
[2011.07.14 15:46:46 | 000,000,000 | ---D | C] -- C:\Users\oem\Desktop\IronClad
[2011.07.14 15:40:53 | 000,000,000 | R--D | C] -- C:\Users\oem\Desktop\Hudba
[2011.07.14 15:35:32 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\WinRAR
[2011.07.14 15:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.07.14 15:35:31 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.07.14 15:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011.07.13 13:57:21 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CZShare
[2011.07.13 13:57:08 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Local\Apps
[2011.07.13 13:57:07 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Local\Deployment
[2011.07.13 13:56:50 | 000,000,000 | ---D | C] -- C:\Users\oem\Desktop\CZShareManager
[2011.07.13 09:28:15 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011.07.13 09:28:15 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.07.13 09:27:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.13 09:27:56 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011.07.13 09:27:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.07.13 09:27:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011.07.13 09:27:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.07.13 09:27:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011.07.13 09:27:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.07.13 09:27:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011.07.13 09:27:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011.07.13 09:27:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011.07.13 09:27:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.07.13 09:27:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011.07.13 09:27:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011.07.13 09:27:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011.07.13 09:27:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011.07.13 09:27:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011.07.13 09:27:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011.07.13 09:27:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011.07.13 09:27:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011.07.13 09:27:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.07.13 09:27:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011.07.13 09:27:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011.07.13 09:27:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011.07.13 09:27:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011.07.13 09:27:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011.07.13 09:27:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011.07.13 09:27:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011.07.13 09:27:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011.07.13 09:27:46 | 002,332,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.07.04 21:04:59 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Local\Adobe
[2011.07.04 21:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP-Soft
[2011.07.04 20:58:03 | 000,000,000 | ---D | C] -- C:\UP2011
[2011.07.04 20:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011.06.29 23:16:52 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.06.29 23:16:51 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.06.29 23:16:50 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.06.29 23:16:50 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.06.29 23:16:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.06.29 23:16:49 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.06.29 23:16:49 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.06.29 23:16:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.06.29 23:16:48 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.06.29 23:16:48 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.06.29 23:16:47 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.06.29 22:35:27 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011.06.29 22:35:27 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011.06.29 22:35:24 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011.06.29 22:35:24 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011.06.29 22:35:23 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011.06.29 22:35:22 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011.06.29 22:31:07 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

========== Files - Modified Within 30 Days ==========

[2011.07.25 02:22:12 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.25 02:22:12 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.25 02:19:58 | 000,656,624 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2011.07.25 02:19:58 | 000,624,802 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.25 02:19:58 | 000,130,620 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2011.07.25 02:19:58 | 000,114,798 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.07.25 02:12:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.25 02:12:22 | 797,777,920 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.25 02:03:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\oem\Desktop\OTL.exe
[2011.07.25 02:02:32 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.07.25 02:02:20 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011.07.25 02:00:03 | 000,000,954 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-367092564-4290927158-3838574436-1000UA.job
[2011.07.25 00:20:15 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.24 21:58:23 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.07.24 21:19:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.07.24 17:16:26 | 000,142,592 | ---- | M] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011.07.24 17:00:15 | 000,203,160 | -H-- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110724-170249.backup
[2011.07.24 15:56:07 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.07.21 12:33:21 | 000,904,792 | ---- | M] () -- C:\Windows\geoiplist.rar
[2011.07.21 12:33:21 | 000,246,272 | ---- | M] () -- C:\Windows\unrar.exe
[2011.07.20 12:09:25 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011.07.20 12:09:14 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011.07.19 18:20:24 | 468,647,061 | ---- | M] () -- C:\Users\oem\Desktop\Soul.Surfer.2011.480p.BRRip.x264.AAC-mitu420.mkv
[2011.07.19 18:00:02 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-367092564-4290927158-3838574436-1000Core.job
[2011.07.19 17:57:10 | 000,002,300 | ---- | M] () -- C:\Users\oem\Desktop\Internet Google Chrome.lnk
[2011.07.17 03:24:20 | 004,636,907 | ---- | M] () -- C:\Windows\geoiplist
[2011.07.14 15:27:26 | 000,000,634 | ---- | M] () -- C:\Users\oem\Desktop\Filmy.lnk
[2011.07.13 23:01:19 | 000,023,774 | ---- | M] () -- C:\Users\oem\Desktop\11455.jpg
[2011.07.13 22:55:58 | 000,029,597 | ---- | M] () -- C:\Users\oem\Desktop\12037.jpg
[2011.07.13 22:55:44 | 000,029,230 | ---- | M] () -- C:\Users\oem\Desktop\12035.jpg
[2011.07.13 22:48:25 | 000,019,933 | ---- | M] () -- C:\Users\oem\Desktop\12712.jpg
[2011.07.13 22:46:59 | 000,020,297 | ---- | M] () -- C:\Users\oem\Desktop\12661.jpg
[2011.07.13 14:46:27 | 000,410,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.07.13 13:57:21 | 000,000,318 | ---- | M] () -- C:\Users\oem\Desktop\CZShare Manager.appref-ms
[2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.07.04 21:04:50 | 000,001,415 | ---- | M] () -- C:\Users\Public\Desktop\Licenční podmínky.lnk
[2011.07.04 21:04:50 | 000,001,408 | ---- | M] () -- C:\Users\Public\Desktop\Doplňující informace.lnk
[2011.07.04 21:04:50 | 000,001,391 | ---- | M] () -- C:\Users\Public\Desktop\Majetek a cenové předpisy, stav k 1.5.2011.lnk
[2011.07.04 21:04:50 | 000,001,389 | ---- | M] () -- C:\Users\Public\Desktop\Účetní poradce, stav k 1.5.2011.lnk
[2011.07.04 21:04:50 | 000,001,383 | ---- | M] () -- C:\Users\Public\Desktop\Poslední stav programu Quickbook.lnk
[2011.07.04 13:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.07.04 13:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.07.04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011.07.04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011.07.04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011.07.04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011.07.04 13:32:20 | 000,054,104 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011.07.04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011.07.03 13:25:54 | 000,000,507 | ---- | M] () -- C:\Users\oem\Desktop\Default.aspx - Používá technologii Dokumenty Google.url

========== Files Created - No Company Name ==========

[2011.07.25 02:02:32 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.07.25 00:20:15 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.24 21:58:23 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.07.24 19:30:20 | 000,164,864 | ---- | C] () -- C:\Windows\System32\drivers\1394ohci.svs
[2011.07.24 17:16:26 | 000,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011.07.24 15:56:07 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.07.21 12:33:12 | 004,636,907 | ---- | C] () -- C:\Windows\geoiplist
[2011.07.21 12:33:11 | 000,904,792 | ---- | C] () -- C:\Windows\geoiplist.rar
[2011.07.21 12:32:48 | 000,246,272 | ---- | C] () -- C:\Windows\unrar.exe
[2011.07.20 12:09:14 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011.07.19 18:04:19 | 468,647,061 | ---- | C] () -- C:\Users\oem\Desktop\Soul.Surfer.2011.480p.BRRip.x264.AAC-mitu420.mkv
[2011.07.19 17:57:10 | 000,002,300 | ---- | C] () -- C:\Users\oem\Desktop\Internet Google Chrome.lnk
[2011.07.19 17:55:38 | 000,000,954 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-367092564-4290927158-3838574436-1000UA.job
[2011.07.19 17:55:36 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-367092564-4290927158-3838574436-1000Core.job
[2011.07.14 15:27:26 | 000,000,634 | ---- | C] () -- C:\Users\oem\Desktop\Filmy.lnk
[2011.07.13 23:01:26 | 000,023,774 | ---- | C] () -- C:\Users\oem\Desktop\11455.jpg
[2011.07.13 22:56:05 | 000,029,597 | ---- | C] () -- C:\Users\oem\Desktop\12037.jpg
[2011.07.13 22:55:50 | 000,029,230 | ---- | C] () -- C:\Users\oem\Desktop\12035.jpg
[2011.07.13 22:48:39 | 000,019,933 | ---- | C] () -- C:\Users\oem\Desktop\12712.jpg
[2011.07.13 22:47:17 | 000,020,297 | ---- | C] () -- C:\Users\oem\Desktop\12661.jpg
[2011.07.13 13:57:21 | 000,000,318 | ---- | C] () -- C:\Users\oem\Desktop\CZShare Manager.appref-ms
[2011.07.04 21:04:50 | 000,001,415 | ---- | C] () -- C:\Users\Public\Desktop\Licenční podmínky.lnk
[2011.07.04 21:04:50 | 000,001,408 | ---- | C] () -- C:\Users\Public\Desktop\Doplňující informace.lnk
[2011.07.04 21:04:50 | 000,001,391 | ---- | C] () -- C:\Users\Public\Desktop\Majetek a cenové předpisy, stav k 1.5.2011.lnk
[2011.07.04 21:04:50 | 000,001,389 | ---- | C] () -- C:\Users\Public\Desktop\Účetní poradce, stav k 1.5.2011.lnk
[2011.07.04 21:04:50 | 000,001,383 | ---- | C] () -- C:\Users\Public\Desktop\Poslední stav programu Quickbook.lnk
[2011.07.03 13:25:53 | 000,000,507 | ---- | C] () -- C:\Users\oem\Desktop\Default.aspx - Používá technologii Dokumenty Google.url
[2011.01.07 21:20:45 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo.dll
[2011.01.07 21:17:49 | 000,000,140 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin
[2010.11.30 16:23:44 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009.09.23 20:16:08 | 002,050,952 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2009.07.14 10:44:22 | 000,656,624 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2009.07.14 10:44:22 | 000,292,004 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2009.07.14 10:44:22 | 000,130,620 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2009.07.14 10:44:22 | 000,036,232 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,410,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,624,802 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,114,798 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:52:00 | 000,164,864 | ---- | C] () -- C:\Windows\System32\drivers\1394ohci.sys
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.05.08 05:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== LOP Check ==========

[2010.12.01 12:11:18 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Ashampoo
[2011.07.25 01:34:40 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\DAEMON Tools Lite
[2010.12.01 12:05:48 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\ESET
[2011.07.24 17:17:39 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Spyware Terminator
[2011.05.20 02:30:18 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

< End of report >

VIRY.CZ

Facebook VIR - prosim o kontrolu logu

Facebook VIR - prosim o kontrolu logu

Re: Facebook VIR - prosim o kontrolu logu

Re: Facebook VIR - prosim o kontrolu logu

Re: Facebook VIR - prosim o kontrolu logu

Re: Facebook VIR - prosim o kontrolu logu

Re: Facebook VIR - prosim o kontrolu logu

Re: Facebook VIR - prosim o kontrolu logu

Re: Facebook VIR - prosim o kontrolu logu

Re: Facebook VIR - prosim o kontrolu logu

Re: Facebook VIR - prosim o kontrolu logu

Re: Facebook VIR - prosim o kontrolu logu

Re: Facebook VIR - prosim o kontrolu logu

Re: Facebook VIR - prosim o kontrolu logu

Re: Facebook VIR - prosim o kontrolu logu

Re: Facebook VIR - prosim o kontrolu logu