Facebook klik..upgrade Adobe Flash Player..osudové kliknutí

Zpráva

#16 Příspěvek od **Caroprd111** » 25 črc 2011 23:07

Je problém přehodit diisk do jiného PC?

Lujgi · #17 Příspěvek od **Lujgi** » 25 črc 2011 23:15

ano, je to novej noťas, ještě v záruce, bych ho musel celej rozkuchat což by nebylo dobře...

#18 Příspěvek od **Caroprd111** » 25 črc 2011 23:16

Zkuste vypálit http://www.vrtulex.net/download/ostatni ... annecd.exe a nabootovat

Lujgi · #19 Příspěvek od **Lujgi** » 25 črc 2011 23:45

tak i tato operace má za výsledek modré okénko

Lujgi · #20 Příspěvek od **Lujgi** » 26 črc 2011 00:03

No nic nechám to na zítřek..teda už na dnešek..jde se spát ... mockrát děkuji za snahu a já se ozvu kdyby se fatálně nedařilo.. s pozdravem a dobrou

Lujgi · #21 Příspěvek od **Lujgi** » 26 črc 2011 00:42

takže se povedlo...
Logfile of random's system information tool 1.09 (written by random/random)
Run by user at 2011-07-26 03:37:16
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 249 GB (87%) free of 288 GB
Total RAM: 2806 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:37:23, on 26.7.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files\trend micro\user.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [SMART Board Service] C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
O4 - HKLM\..\Run: [SMART SNMP Agent] C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe -e
O4 - HKLM\..\Run: [wxpdrv] C:\windows\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\windows\update.tray-15-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico1] C:\windows\update.tray-2-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico2] C:\windows\update.tray-14-0\svchost.exe
O4 - HKLM\..\Run: [1547454.exe] "C:\Users\user\AppData\Local\Temp\1547454.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\windows\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\windows\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [2669966.exe] "C:\Users\user\AppData\Local\Temp\2669966.exe"
O4 - HKLM\..\Run: [9065639.exe] "C:\Windows\Temp\9065639.exe"
O4 - HKLM\..\Run: [1419158.exe] "C:\Windows\Temp\1419158.exe"
O4 - HKLM\..\Run: [73241553-loader2.exe] "C:\Windows\Temp\73241553-loader2.exe"
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\windows\l1rezerv.exe"
O4 - HKLM\..\Run: [systemup] "C:\windows\systemup.exe" stand
O4 - HKLM\..\Run: [2495759.exe] "C:\Windows\Temp\2495759.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Nástroje aplikace Notebook.lnk = C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: DEBridge - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243 (NisSrv) - Unknown owner - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: srvbtcclient - Unknown owner - C:\windows\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\windows\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\windows\sysdriver32.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\system\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: wxpdrivers - Unknown owner - C:\windows\update.1\svchost.exe

--
End of file - 14117 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
"c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe"
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\svchost.exe -k NetworkService
/QuitInfo:0000000000000594;0000000000000598; /AddRef;
C:\windows\System32\spoolsv.exe
/QuitInfo:00000000000007CC;00000000000007D0; /AddRef;
/QuitInfo:00000000000007C0;00000000000007D8;
"taskhost.exe"
"C:\windows\system32\Dwm.exe"
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe"
"c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
"c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
C:\windows\sysdriver32.exe srv
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system\uArcCapture.exe
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\wbem\wmiprvse.exe
WLIDSvcM.exe 608
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
"c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe"
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\servicing\TrustedInstaller.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\WLANExt.exe 23726128
\??\C:\windows\system32\conhost.exe "13586130192022122454-1443448873-1960473394-507674360-6583533822064684975-1380966914
C:\windows\system32\svchost.exe -k bthsvcs
"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"
C:\windows\system32\sppsvc.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\msiexec.exe /V
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-0ce42340-110b-43c5-9de4-00dd289d2630 -SystemEventPortName:HostProcess-4e04839a-8c18-4e86-83a3-111fd25a0b6f -IoCancelEventPortName:HostProcess-e1c9f887-5abf-4720-a749-dd9a5221d3a6 -NonStateChangingEventPortName:HostProcess-096345f4-23e3-4222-9fdc-0e8785c09ab9 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:5695b153-50b3-44ad-844e-b9d7f81c061a
C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\windows\system32\SearchIndexer.exe /Embedding
C:\windows\system32\vssvc.exe
"LogonUI.exe" /flags:0x0
"C:\windows\system32\wuauclt.exe"
C:\windows\update.5.0\svchost.exe srv
"C:\windows\update.5.0\svchost.exe" stand
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Users\user\Desktop\RSITx64 (1).exe"

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2010-01-23 2132232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
File Sanitizer for HP ProtectTools - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2010-01-19 117248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2010-01-23 1471752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar BHO - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll [2010-06-25 609544]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll,-100 - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll [2010-06-25 609544]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"=C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2010-08-23 1691192]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-05-14 2095912]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-01-28 8192]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2010-01-29 487424]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice []
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-01-22 2363392]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [2010-03-01 256056]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2010-01-12 563736]
"Microsoft Default Manager"=C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2010-05-11 439568]
"File Sanitizer"=C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [2010-01-19 11266048]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-08-05 98304]
"DTRun"=c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [2009-11-19 518656]
"NortonOnlineBackupReminder"=C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe [2009-12-03 3331944]
"SMART Board Service"=C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe [2011-01-25 5893488]
"SMART SNMP Agent"=C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe [2011-01-25 1678704]
"wxpdrv"=C:\windows\services32.exe [2011-07-25 1185280]
"tray_ico"= []
"tray_ico0"=C:\windows\update.tray-15-0\svchost.exe [2011-07-25 1185280]
"tray_ico1"=C:\windows\update.tray-2-0\svchost.exe [2011-07-25 1185280]
"tray_ico2"=C:\windows\update.tray-14-0\svchost.exe [2011-07-25 1185280]
"tray_ico3"= []
"tray_ico4"= []
"1547454.exe"=C:\Users\user\AppData\Local\Temp\1547454.exe []
"sysdriver32.exe"=C:\windows\sysdriver32.exe [2011-07-25 256000]
"sysdriver32_.exe"=C:\windows\sysdriver32_.exe [2011-07-25 256000]
"2669966.exe"=C:\Users\user\AppData\Local\Temp\2669966.exe []
"9065639.exe"=C:\Windows\Temp\9065639.exe []
"1419158.exe"=C:\Windows\Temp\1419158.exe []
"73241553-loader2.exe"=C:\Windows\Temp\73241553-loader2.exe []
"l1rezerv.exe"=C:\windows\l1rezerv.exe [2011-07-25 232960]
"systemup"=C:\windows\systemup.exe [2011-07-25 114176]
"2495759.exe"=C:\Windows\Temp\2495759.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Nástroje aplikace Notebook.lnk - C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-26 03:37:16 ----D---- C:\rsit
2011-07-26 03:37:16 ----D---- C:\Program Files\trend micro
2011-07-25 21:35:25 ----A---- C:\windows\ntbtlog.txt
2011-07-25 20:47:16 ----HD---- C:\windows\update.tray-14-0-lnk
2011-07-25 20:47:16 ----HD---- C:\windows\update.tray-14-0
2011-07-25 20:45:11 ----A---- C:\windows\SYSWOW64\PerfStringBackup.INI
2011-07-25 20:45:08 ----D---- C:\Program Files (x86)\Microsoft Security Client
2011-07-25 20:44:49 ----D---- C:\Program Files\Microsoft Security Client
2011-07-25 20:22:33 ----D---- C:\windows\ufa
2011-07-25 20:22:33 ----D---- C:\windows\rpcminer
2011-07-25 20:22:33 ----D---- C:\windows\phoenix
2011-07-25 19:55:53 ----A---- C:\windows\ddh_iplist.txt
2011-07-25 19:55:30 ----A---- C:\windows\systemup.exe
2011-07-25 19:54:16 ----A---- C:\windows\btc_client_iplist.txt
2011-07-25 19:53:50 ----HD---- C:\windows\update.5.0
2011-07-25 19:42:41 ----A---- C:\windows\iecheck_iplist.txt
2011-07-25 19:42:28 ----A---- C:\windows\l1rezerv.exe
2011-07-25 19:38:37 ----HD---- C:\windows\update.2
2011-07-25 19:36:12 ----A---- C:\windows\unrar.exe
2011-07-25 19:35:05 ----A---- C:\windows\iplist.txt
2011-07-25 19:33:35 ----A---- C:\windows\sysdriver32_.exe
2011-07-25 19:33:20 ----A---- C:\windows\sysdriver32.exe
2011-07-25 19:33:02 ----A---- C:\windows\front_ip_list.txt
2011-07-25 19:32:58 ----D---- C:\windows\av_ico
2011-07-25 19:29:51 ----HD---- C:\windows\update.1
2011-07-25 19:29:48 ----HD---- C:\windows\update.tray-2-0-lnk
2011-07-25 19:29:48 ----HD---- C:\windows\update.tray-2-0
2011-07-25 19:29:48 ----HD---- C:\windows\update.tray-15-0-lnk
2011-07-25 19:29:48 ----HD---- C:\windows\update.tray-15-0
2011-07-25 19:18:57 ----A---- C:\windows\winlog-ids.txt
2011-07-25 19:18:57 ----A---- C:\windows\winlog-dirs.txt
2011-07-25 19:18:53 ----A---- C:\windows\services32.exe
2011-07-20 01:41:34 ----A---- C:\windows\system32\KernelBase.dll
2011-07-20 01:41:33 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-20 01:41:33 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-20 01:41:33 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-20 01:41:33 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-20 01:41:33 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-20 01:41:33 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-20 01:41:33 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-20 01:41:33 ----AH---- C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-20 01:41:33 ----AH---- C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-20 01:41:33 ----AH---- C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-20 01:41:33 ----AH---- C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-20 01:41:33 ----AH---- C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-20 01:41:33 ----AH---- C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-20 01:41:33 ----AH---- C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-20 01:41:33 ----AH---- C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-20 01:41:33 ----AH---- C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-20 01:41:33 ----A---- C:\windows\SYSWOW64\KernelBase.dll
2011-07-20 01:41:32 ----AH---- C:\windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-20 01:41:32 ----AH---- C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-20 01:41:21 ----A---- C:\windows\system32\win32k.sys
2011-07-20 01:41:17 ----A---- C:\windows\system32\wow64win.dll
2011-07-20 01:41:17 ----A---- C:\windows\system32\winsrv.dll
2011-07-20 01:41:17 ----A---- C:\windows\system32\kernel32.dll
2011-07-20 01:41:17 ----A---- C:\windows\system32\conhost.exe
2011-07-20 01:41:16 ----A---- C:\windows\SYSWOW64\setup16.exe
2011-07-20 01:41:16 ----A---- C:\windows\SYSWOW64\ntvdm64.dll
2011-07-20 01:41:16 ----A---- C:\windows\SYSWOW64\kernel32.dll
2011-07-20 01:41:16 ----A---- C:\windows\system32\wow64.dll
2011-07-20 01:41:16 ----A---- C:\windows\system32\ntvdm64.dll
2011-07-20 01:41:15 ----A---- C:\windows\SYSWOW64\wow32.dll
2011-07-20 01:41:15 ----A---- C:\windows\SYSWOW64\instnm.exe
2011-07-20 01:41:15 ----A---- C:\windows\system32\wow64cpu.dll
2011-07-20 01:41:14 ----A---- C:\windows\SYSWOW64\user.exe
2011-07-07 13:13:39 ----A---- C:\windows\SYSWOW64\drvinst.exe
2011-07-07 13:13:39 ----A---- C:\windows\SYSWOW64\devrtl.dll
2011-07-07 13:13:39 ----A---- C:\windows\SYSWOW64\devobj.dll
2011-07-07 13:13:39 ----A---- C:\windows\SYSWOW64\cfgmgr32.dll
2011-07-07 13:13:39 ----A---- C:\windows\system32\umpnpmgr.dll
2011-07-07 13:13:37 ----A---- C:\windows\system32\tquery.dll
2011-07-07 13:13:37 ----A---- C:\windows\system32\mssrch.dll
2011-07-07 13:13:36 ----A---- C:\windows\SYSWOW64\tquery.dll
2011-07-07 13:13:36 ----A---- C:\windows\SYSWOW64\mssrch.dll
2011-07-07 13:13:36 ----A---- C:\windows\system32\SearchProtocolHost.exe
2011-07-07 13:13:36 ----A---- C:\windows\system32\SearchIndexer.exe
2011-07-07 13:13:35 ----A---- C:\windows\SYSWOW64\SearchProtocolHost.exe
2011-07-07 13:13:35 ----A---- C:\windows\SYSWOW64\SearchIndexer.exe
2011-07-07 13:13:35 ----A---- C:\windows\SYSWOW64\mssph.dll
2011-07-07 13:13:34 ----A---- C:\windows\SYSWOW64\SearchFilterHost.exe
2011-07-07 13:13:34 ----A---- C:\windows\SYSWOW64\mssvp.dll
2011-07-07 13:13:34 ----A---- C:\windows\SYSWOW64\mssphtb.dll
2011-07-07 13:13:34 ----A---- C:\windows\system32\SearchFilterHost.exe
2011-07-07 13:13:34 ----A---- C:\windows\system32\mssvp.dll
2011-07-07 13:13:34 ----A---- C:\windows\system32\mssphtb.dll
2011-07-07 13:13:34 ----A---- C:\windows\system32\mssph.dll
2011-07-07 13:13:34 ----A---- C:\windows\system32\msscntrs.dll
2011-07-07 13:13:33 ----A---- C:\windows\SYSWOW64\msscntrs.dll
2011-07-07 13:11:49 ----A---- C:\windows\SYSWOW64\poqexec.exe
2011-07-07 13:11:49 ----A---- C:\windows\system32\poqexec.exe
2011-07-07 13:09:35 ----D---- C:\windows\SYSWOW64\Wat
2011-07-07 13:09:35 ----D---- C:\windows\system32\Wat

======List of files/folders modified in the last 1 month======

2011-07-26 03:37:22 ----D---- C:\windows\Temp
2011-07-26 03:37:16 ----RD---- C:\Program Files
2011-07-26 03:34:59 ----D---- C:\windows\winsxs
2011-07-26 03:34:52 ----SHD---- C:\windows\Installer
2011-07-26 03:34:46 ----D---- C:\windows\System32
2011-07-26 03:34:46 ----D---- C:\windows\inf
2011-07-26 03:34:46 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-07-26 03:34:07 ----D---- C:\ProgramData\Microsoft Help
2011-07-26 03:33:39 ----RSD---- C:\windows\assembly
2011-07-26 03:32:50 ----D---- C:\windows\SysWOW64
2011-07-26 03:30:57 ----A---- C:\windows\win.ini
2011-07-26 03:28:42 ----SHD---- C:\System Volume Information
2011-07-26 03:28:18 ----D---- C:\windows\system32\config
2011-07-26 03:27:14 ----D---- C:\ProgramData\HPQLOG
2011-07-25 21:44:27 ----D---- C:\windows\system32\catroot2
2011-07-25 21:35:25 ----D---- C:\Windows
2011-07-25 21:33:52 ----D---- C:\windows\system32\LogFiles
2011-07-25 20:45:10 ----D---- C:\windows\system32\drivers
2011-07-25 20:45:10 ----D---- C:\windows\system32\catroot
2011-07-25 20:45:08 ----SD---- C:\ProgramData\Microsoft
2011-07-25 20:45:08 ----RD---- C:\Program Files (x86)
2011-07-25 19:39:01 ----D---- C:\windows\system32\drivers\etc
2011-07-25 19:29:54 ----D---- C:\windows\SYSWOW64\en-US
2011-07-25 19:29:54 ----D---- C:\windows\SYSWOW64\cs-CZ
2011-07-25 19:29:54 ----D---- C:\windows\system32\en-US
2011-07-25 19:29:54 ----D---- C:\windows\system32\DriverStore
2011-07-25 19:29:54 ----D---- C:\windows\system32\cs-CZ
2011-07-20 22:08:32 ----D---- C:\windows\system32\wdi
2011-07-20 11:49:15 ----D---- C:\windows\Microsoft.NET
2011-07-20 11:14:22 ----D---- C:\windows\AppPatch
2011-07-20 10:56:29 ----A---- C:\windows\system32\MRT.exe
2011-07-20 10:52:28 ----D---- C:\ProgramData\PDFC
2011-07-20 02:00:38 ----RSD---- C:\windows\Fonts
2011-07-20 01:42:52 ----D---- C:\windows\system32\Tasks
2011-07-07 16:25:34 ----D---- C:\windows\Prefetch
2011-07-07 13:45:04 ----D---- C:\ProgramData\Norton
2011-07-07 13:35:16 ----SD---- C:\Users\user\AppData\Roaming\Microsoft
2011-07-07 13:03:35 ----D---- C:\Program Files (x86)\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\windows\system32\DRIVERS\AtiPcie64.sys [2010-03-09 16440]
R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2009-07-08 30008]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 SafeBoot;SafeBoot; C:\windows\system32\drivers\SafeBoot.sys [2010-01-26 56648]
R0 SbAlg;SbAlg; C:\windows\system32\drivers\SbAlg.sys [2009-06-04 60160]
R0 SbFsLock;SbFsLock; C:\windows\system32\drivers\SbFsLock.sys [2010-01-26 15688]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 ehdrv;ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264]
R1 MpFilter;Microsoft Malware Protection Driver; C:\windows\system32\DRIVERS\MpFilter.sys [2011-04-18 189440]
R1 RsvLock;RsvLock; C:\windows\system32\drivers\RsvLock.sys [2010-01-26 58184]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 59392]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\windows\system32\drivers\vpcvmm.sys [2010-11-20 360832]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640]
R2 epfwwfpr;epfwwfpr; C:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 125296]
R3 Accelerometer;HP Accelerometer; C:\windows\system32\DRIVERS\Accelerometer.sys [2009-07-08 41272]
R3 Afc;PPdus ASPI Shell; C:\windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2010-08-05 6859776]
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2010-08-05 264192]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver; C:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2009-12-04 32640]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\windows\system32\drivers\AtiHdmi.sys [2010-08-11 125456]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl664.sys [2011-05-31 3060800]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2010-11-20 80384]
R3 btwampfl;Bluetooth AMP USB Filter; C:\windows\system32\drivers\btwampfl.sys [2010-06-10 342056]
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2010-06-10 102952]
R3 btwavdt;Bluetooth AVDT; C:\windows\system32\DRIVERS\btwavdt.sys [2010-06-10 135720]
R3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-10 39464]
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2010-06-10 21544]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2010-02-16 25912]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 rtsuvc;HP Webcam [2 MP Fixed]; C:\windows\system32\DRIVERS\rtsuvc.sys [2010-12-30 8200296]
R3 SMARTMouseFilterx64;HID-compliant mouse; C:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys [2011-01-25 13168]
R3 SMARTVHidMiniVistaAmd64;SMART HID Device; C:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [2011-01-25 16368]
R3 SMARTVTabletPCx64;SMART Virtual TabletPC; C:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys [2011-01-25 24944]
R3 STHDA;IDT High Definition Audio CODEC; C:\windows\system32\DRIVERS\stwrt64.sys [2010-01-29 505856]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-05-14 319536]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\windows\system32\DRIVERS\vpchbus.sys [2010-11-20 194944]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\windows\system32\DRIVERS\vpcusb.sys [2010-11-20 95232]
R3 WinUSB;WinUSB Service; C:\windows\system32\DRIVERS\WinUSB.sys [2010-11-20 41984]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2010-11-20 552448]
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista; C:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
S3 NisDrv;Microsoft Network Inspection System; C:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2010-02-08 239136]
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2010-01-13 325152]
S3 s3cap;s3cap; C:\windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 sdbus;sdbus; C:\windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 storvsc;storvsc; C:\windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 VMBusHID;VMBusHID; C:\windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [2009-03-03 89600]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2010-08-05 203264]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-06-09 952096]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\windows\System32\svchost.exe [2009-07-14 27136]
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2010-01-23 462088]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2010-07-01 121344]
R2 HP Power Assistant Service;HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-08-23 103992]
R2 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-01-12 36864]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-28 102968]
R2 HPDayStarterService;HP DayStarter Service; c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-05-10 90112]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-06-16 92216]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-01-26 281192]
R2 hpHotkeyMonitor;HP Hotkey Monitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2009-07-08 30520]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-01-22 73728]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-01-12 635416]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]
R2 srvbtcclient;srvbtcclient; C:\windows\update.5.0\svchost.exe [2011-07-26 348672]
R2 srvsysdriver32;srvsysdriver32; C:\windows\sysdriver32.exe [2011-07-25 256000]
R2 STacSV;Audio Service; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe [2010-01-29 244736]
R2 uArcCapture;ArcCapture; C:\windows\system\uArcCapture.exe [2009-12-04 506472]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 DEBridge;DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-01-26 704512]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2010-06-16 660536]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe []
S2 HPFSService;File Sanitizer for HP ProtectTools; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2010-01-19 297984]
S2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]
S2 srviecheck;srviecheck; C:\windows\update.2\svchost.exe [2011-07-25 495616]
S2 vcsFPService;Validity VCS Fingerprint Service; C:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S3 AppMgmt;@appmgmts.dll,-3250; C:\windows\system32\svchost.exe [2009-07-14 27136]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe []
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe []
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-07-07 1255736]

-----------------EOF-----------------

#22 Příspěvek od **Caroprd111** » 26 črc 2011 10:25

Zdravím

Už jsem tu.Jde vám OTL http://oldtimer.geekstogo.com/OTL.exe

Lujgi · #23 Příspěvek od **Lujgi** » 26 črc 2011 10:34

Momentálně jsem v pracovním procesu, tudíž nejsem schopen reagovat.. děkuji za pochopení...ale poslední poznatek s NB je takový že se opět začal restartovat do kolečka jako splašený .. cca kolem 15:00 hod budu doma a začnu experimentovat nanovo....
díky za trpělivost

#24 Příspěvek od **Caroprd111** » 26 črc 2011 10:36

Ok, já tu zase budu až večer.

Lujgi · #25 Příspěvek od **Lujgi** » 26 črc 2011 15:02

Tak jsem na to sel jinak nabutoval jsem si z usb flesh OS LINUX UBUNTU a ted patram po tom zda by nebylo mozne tu havet vystrnadit odtud

#26 Příspěvek od **Caroprd111** » 26 črc 2011 15:14

No jo, to je problém, že na Linuxu nespustím žádný nástroj...

Jste pokročilejší uživatel, tak pokud chcete něco zkusit v Linuxu, tak můžete zkusi odstřelit následující soubory, složky. nemusí tam být všechny, ale mohl oyb to pomoct.

2011-07-19 21:00:29 ----D---- C:\Windows\ufa
2011-07-19 21:00:29 ----D---- C:\Windows\rpcminer
2011-07-19 21:00:29 ----D---- C:\Windows\phoenix
2011-07-19 20:50:44 ----A---- C:\Windows\sysdriver32_.exe
2011-07-19 20:50:29 ----A---- C:\Windows\sysdriver32.exe
2011-07-19 20:52:09 ----HD---- C:\Windows\update.2
2011-07-19 20:52:02 ----HD---- C:\Windows\update.5.0
2011-07-25 20:52:24 ----HD---- C:\Windows\update.3
2011-07-24 15:48:24 ----HD---- C:\Windows\update.tray-3-0-lnk
2011-07-24 15:48:24 ----HD---- C:\Windows\update.tray-3-0
2011-07-21 11:17:25 ----HD---- C:\Windows\update.tray-14-0-lnk
2011-07-21 11:17:25 ----HD---- C:\Windows\update.tray-14-0
2011-07-19 20:48:47 ----HD---- C:\Windows\update.1
2011-07-19 20:48:21 ----HD---- C:\Windows\update.tray-9-0-lnk
2011-07-19 20:48:21 ----HD---- C:\Windows\update.tray-9-0
2011-07-19 20:37:57 ----A---- C:\Windows\services32.exe

Lujgi · #27 Příspěvek od **Lujgi** » 26 črc 2011 15:28

toz jsem to maznul..jde se na reboot

tak jsem zvedav.. takze uno momento

hanchatko · #28 Příspěvek od **hanchatko** » 26 črc 2011 15:38

Zdravím, nechala jsem PC projet OTL a vyhodilo mi to tenhle odkaz. Ale nevím co s tím dál... =o(

OTL logfile created on: 26.7.2011 10:08:45 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Buddy\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,99 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 67,95% Memory free
4,21 Gb Paging File | 3,73 Gb Available in Paging File | 88,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 132,70 Gb Total Space | 75,40 Gb Free Space | 56,82% Space Free | Partition Type: NTFS
Drive D: | 88,46 Gb Total Space | 87,61 Gb Free Space | 99,03% Space Free | Partition Type: NTFS
Drive F: | 982,11 Mb Total Space | 220,78 Mb Free Space | 22,48% Space Free | Partition Type: FAT

Computer Name: BUDDY-PC | User Name: Buddy | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.07.26 10:08:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Buddy\Downloads\OTL (1).exe
PRC - [2008.10.29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011.07.26 10:08:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Buddy\Downloads\OTL (1).exe
MOD - [2010.08.31 11:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.02.23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.09.06 12:56:38 | 000,247,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.03.31 05:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Stopped] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2008.01.20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.03 00:53:00 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2007.08.08 03:08:40 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)

========== Driver Services (SafeList) ==========

DRV - [2011.02.23 09:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.02.23 09:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.02.23 09:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.02.23 09:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.02.23 09:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.02.23 09:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.09.29 17:13:46 | 000,020,088 | ---- | M] (REALiX(tm)) [Kernel | System | Stopped] -- D:\Program Files\HWiNFO32\HWiNFO32.SYS -- (HWiNFO32)
DRV - [2008.04.04 15:56:08 | 000,908,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.08.10 23:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.07.24 14:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.01.23 23:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2006.12.13 05:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.02 03:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 03:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3675954743-2087846928-2681678318-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKU\S-1-5-21-3675954743-2087846928-2681678318-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-3675954743-2087846928-2681678318-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3675954743-2087846928-2681678318-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-3675954743-2087846928-2681678318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2006.09.18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [avast] D:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zshutdown2] File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Buddy\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Buddy\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011.07.26 09:57:14 | 000,000,000 | ---D | C] -- C:\Users\Buddy\Desktop\RK_Quarantine
[2011.07.18 16:06:35 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.07.13 12:16:38 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.07.13 12:16:38 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.07.13 12:16:35 | 002,042,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.07.05 23:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.07.05 12:48:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.07.05 02:20:32 | 000,000,000 | ---D | C] -- C:\Users\Buddy\Documents\ZPS12
[2011.07.05 02:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\Zoner(0)
[2011.07.05 01:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoner Photo Studio 13
[2011.07.05 01:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\Zoner
[2011.05.08 16:50:47 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

========== Files - Modified Within 30 Days ==========

[2011.07.26 15:23:46 | 001,008,041 | ---- | M] () -- C:\Users\Buddy\Desktop\rkill(2).scr
[2011.07.26 15:18:44 | 001,008,041 | ---- | M] () -- C:\Users\Buddy\Desktop\rkill.scr
[2011.07.26 15:08:44 | 001,008,041 | ---- | M] () -- C:\Users\Buddy\Desktop\rkill.com
[2011.07.26 10:09:49 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.07.26 10:00:07 | 000,606,478 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2011.07.26 10:00:07 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.26 10:00:07 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.07.26 10:00:06 | 000,117,512 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2011.07.26 09:49:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.26 09:44:15 | 000,001,356 | ---- | M] () -- C:\Users\Buddy\AppData\Local\d3d9caps.dat
[2011.07.25 18:26:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.25 18:26:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.21 23:57:36 | 000,002,395 | ---- | M] () -- C:\Users\Buddy\Desktop\Skype.lnk
[2011.07.18 16:06:35 | 211,565,929 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.07.15 07:04:21 | 000,253,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011.07.26 10:04:15 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.07.26 09:26:07 | 001,008,041 | ---- | C] () -- C:\Users\Buddy\Desktop\rkill(2).scr
[2011.07.26 09:19:38 | 001,008,041 | ---- | C] () -- C:\Users\Buddy\Desktop\rkill.scr
[2011.07.26 09:13:22 | 001,008,041 | ---- | C] () -- C:\Users\Buddy\Desktop\rkill.com
[2011.07.18 16:06:20 | 211,565,929 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.07.17 08:45:38 | 000,002,395 | ---- | C] () -- C:\Users\Buddy\Desktop\Skype.lnk
[2011.07.05 23:40:36 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.06.10 10:53:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.10 04:10:42 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.05.10 04:10:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.05.09 12:19:56 | 000,001,356 | ---- | C] () -- C:\Users\Buddy\AppData\Local\d3d9caps.dat
[2011.05.08 17:44:30 | 000,017,408 | ---- | C] () -- C:\Users\Buddy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.08 16:57:40 | 001,498,564 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2011.05.08 16:34:56 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2008.04.17 06:37:47 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008.04.17 06:34:43 | 000,606,478 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2008.04.17 06:34:43 | 000,286,912 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2008.04.17 06:34:43 | 000,117,512 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2008.04.17 06:34:43 | 000,034,724 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2006.11.02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 08:47:37 | 000,253,480 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 06:33:01 | 000,595,386 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 06:33:01 | 000,103,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 06:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011.05.24 11:12:32 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Audacity
[2011.05.20 06:19:03 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Dropbox
[2011.07.25 16:31:50 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\ICQ
[2011.05.08 18:50:50 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\IDOS
[2011.05.11 05:55:31 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\OpenCandy
[2011.05.08 17:34:07 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\OpenOffice.org
[2011.07.05 02:20:13 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Zoner
[2011.07.22 00:00:08 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2008.01.20 22:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation)
"ehTray.exe" = C:\Windows\ehome\ehTray.exe -- [2008.01.20 22:25:11 | 000,125,952 | ---- | M] (Microsoft Corporation)

< >

< MD5 for: AGP440.SYS >
[2008.01.20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.04.11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\3bd8fe73c6fda64a95e9e60ac46184d4\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.04.11 02:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\SoftwareDistribution\Download\3bd8fe73c6fda64a95e9e60ac46184d4\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008.01.20 22:24:45 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\System32\autochk.exe
[2008.01.20 22:24:45 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe

< MD5 for: CDROM.SYS >
[2008.01.20 22:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\drivers\cdrom.sys
[2008.01.20 22:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008.01.20 22:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009.04.11 00:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\SoftwareDistribution\Download\3bd8fe73c6fda64a95e9e60ac46184d4\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006.11.02 04:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2008.01.20 22:24:35 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\System32\cryptsvc.dll
[2008.01.20 22:24:35 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll
[2009.04.11 02:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\SoftwareDistribution\Download\3bd8fe73c6fda64a95e9e60ac46184d4\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_77eb127097f11935\cryptsvc.dll

< MD5 for: CSRSS.EXE >
[2008.01.20 22:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\System32\csrss.exe
[2008.01.20 22:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008.10.29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008.10.29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\3bd8fe73c6fda64a95e9e60ac46184d4\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.20 22:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: FASTFAT.SYS >
[2009.04.11 00:13:52 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=1E9B9A70D332103C52995E957DC09EF8 -- C:\Windows\SoftwareDistribution\Download\3bd8fe73c6fda64a95e9e60ac46184d4\x86_microsoft-windows-fat_31bf3856ad364e35_6.0.6002.18005_none_b09ea48c5485f42b\fastfat.sys
[2008.01.20 22:24:13 | 000,143,360 | ---- | M] (Microsoft Corporation) MD5=3C489390C2E2064563727752AF8EAB9E -- C:\Windows\System32\drivers\fastfat.sys
[2008.01.20 22:24:13 | 000,143,360 | ---- | M] (Microsoft Corporation) MD5=3C489390C2E2064563727752AF8EAB9E -- C:\Windows\winsxs\x86_microsoft-windows-fat_31bf3856ad364e35_6.0.6001.18000_none_aeb32b80576428df\fastfat.sys

< MD5 for: HAL.DLL >
[2008.01.20 22:23:01 | 000,177,208 | ---- | M] (Microsoft Corporation) MD5=A00B0EDD048786E30EBB2DA65D9A8F74 -- C:\Windows\System32\hal.dll

< MD5 for: IASTOR.SYS >
[2007.09.28 20:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007.09.28 20:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008.01.20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2006.11.02 05:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\isapnp.sys
[2008.01.20 22:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\drivers\isapnp.sys
[2008.01.20 22:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\isapnp.sys
[2008.01.20 22:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\isapnp.sys
[2008.01.20 22:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.06.15 08:51:56 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=203D86EBD6D8E4C8501B222421E81506 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[2009.09.10 10:44:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=2D3AC5E7AC01E905F3ABD2D745FE3A9B -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[2009.06.15 08:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[2009.02.13 03:26:04 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=59DE082968FDD257FFF0D209B9A5B460 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[2009.06.15 09:03:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=6F1F23D3599EAE17734451936B7F17C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[2009.06.15 08:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\System32\lsass.exe
[2009.06.15 08:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[2009.02.13 00:58:37 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=AFF8A58280863629CA4FFA9E0B259F1E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[2009.06.15 08:59:08 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=BA9A67672E025078C77967731BCFC560 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[2009.06.15 09:10:12 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[2009.09.09 07:09:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=CB7E838C140B4087B2DA323F2D4523C5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[2009.09.10 10:47:51 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D09A5DA84B7C9CA9B02EBCD7FAE41C8D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[2008.01.20 22:24:15 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[2008.01.20 22:24:15 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[2008.01.20 22:24:15 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\lsass.exe
[2009.02.13 04:20:29 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=F4C62B07E5BF96F1FDCA9DB393ECED22 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe

< MD5 for: NDIS.SYS >
[2009.04.11 02:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\SoftwareDistribution\Download\3bd8fe73c6fda64a95e9e60ac46184d4\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2008.01.20 22:23:50 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\System32\drivers\ndis.sys
[2008.01.20 22:23:50 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.04.11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\3bd8fe73c6fda64a95e9e60ac46184d4\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.20 22:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.20 22:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NTFS.SYS >
[2009.04.11 02:32:49 | 001,083,880 | ---- | M] (Microsoft Corporation) MD5=6A4A98CEE84CF9E99564510DDA4BAA47 -- C:\Windows\SoftwareDistribution\Download\3bd8fe73c6fda64a95e9e60ac46184d4\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_a85ca2c91a0d64df\ntfs.sys
[2008.01.20 22:23:51 | 001,081,912 | ---- | M] (Společnost Microsoft) MD5=B4EFFE29EB4F15538FD8A9681108492D -- C:\Windows\System32\drivers\ntfs.sys
[2008.01.20 22:23:51 | 001,081,912 | ---- | M] (Microsoft Corporation) MD5=B4EFFE29EB4F15538FD8A9681108492D -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6001.18000_none_a67129bd1ceb9993\ntfs.sys

< MD5 for: NVRAID.SYS >
[2008.01.20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\drivers\nvraid.sys
[2008.01.20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008.01.20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006.11.02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006.11.02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008.01.20 22:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.20 22:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\3bd8fe73c6fda64a95e9e60ac46184d4\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: SERVICES.EXE >
[2008.01.20 22:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\System32\services.exe
[2008.01.20 22:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009.04.11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SoftwareDistribution\Download\3bd8fe73c6fda64a95e9e60ac46184d4\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SMSS.EXE >
[2008.01.20 22:23:50 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\System32\smss.exe
[2008.01.20 22:23:50 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\smss.exe
[2009.04.11 02:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\SoftwareDistribution\Download\3bd8fe73c6fda64a95e9e60ac46184d4\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.18005_none_ae26210916536b06\smss.exe

< MD5 for: SPOOLSV.EXE >
[2010.08.17 09:32:33 | 000,126,464 | ---- | M] (Microsoft Corporation) MD5=3665F79026A3F91FBCA63F2C65A09B19 -- C:\Windows\System32\spoolsv.exe
[2010.08.17 09:32:33 | 000,126,464 | ---- | M] (Microsoft Corporation) MD5=3665F79026A3F91FBCA63F2C65A09B19 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18511_none_d641dcfdc18fec21\spoolsv.exe
[2009.04.11 02:28:05 | 000,127,488 | ---- | M] (Microsoft Corporation) MD5=524BFBEA40E6E404737CCBC754647A2E -- C:\Windows\SoftwareDistribution\Download\3bd8fe73c6fda64a95e9e60ac46184d4\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18005_none_d8371c2dbeaa9062\spoolsv.exe
[2008.01.20 22:24:45 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=846CDF9A3CF4DA9B306ADFB7D55EE4C2 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe
[2010.08.17 10:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=8554097E5136C3BF9F69FE578A1B35F4 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18294_none_d7d4d063bef46cd2\spoolsv.exe
[2010.08.17 10:20:09 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=AAE98B295E88D439A6E0F6E8929424FB -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.22468_none_d882e000d7f61b4c\spoolsv.exe
[2010.08.17 09:27:48 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=E807FC542C295BA256CE3567829E02A6 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.22743_none_d6ad0c7edac40f93\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2008.01.20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008.01.20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.26 04:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2009.04.11 02:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\SoftwareDistribution\Download\3bd8fe73c6fda64a95e9e60ac46184d4\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2009.08.15 17:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009.08.14 13:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2009.08.14 10:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2010.06.16 11:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2009.08.14 12:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2010.06.16 12:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2010.06.16 11:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\System32\drivers\tcpip.sys
[2010.06.16 11:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2008.04.26 04:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009.08.14 13:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010.06.16 12:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2008.01.20 22:25:03 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009.08.14 12:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.01.20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\3bd8fe73c6fda64a95e9e60ac46184d4\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.01.20 22:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\System32\ws2_32.dll
[2008.01.20 22:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll

< >

< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2008.01.20 22:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006.11.02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2008.04.17 06:33:22 | 000,003,584 | ---- | M] (Lexmark International Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\cs-CZ\LMPRTPRC.DLL.mui

< %systemroot%\system32\drivers\*.sys /5 >

< %systemroot%\system32\drivers\*.sys /X >
[2008.08.08 04:05:06 | 000,000,004 | ---- | M] () -- C:\Windows\system32\drivers\1043_ASUSTEK_V10_VISTA.MRK
[2006.09.18 17:26:46 | 003,440,660 | ---- | M] () -- C:\Windows\system32\drivers\gm.dls
[2006.09.18 17:26:46 | 000,000,646 | ---- | M] () -- C:\Windows\system32\drivers\gmreadme.txt
[2008.01.20 22:23:51 | 000,000,003 | ---- | M] () -- C:\Windows\system32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
[2008.04.17 05:51:35 | 000,000,000 | -H-- | M] () -- C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011.05.31 09:41:02 | 000,000,000 | -H-- | M] () -- C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.* /5 >
[2011.07.25 18:26:45 | 000,003,616 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.25 18:26:46 | 000,003,616 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.26 10:00:06 | 000,117,512 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2011.07.26 10:00:07 | 000,103,460 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2011.07.26 10:00:07 | 000,606,478 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2011.07.26 10:00:07 | 000,595,386 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2011.07.26 10:00:06 | 001,418,230 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\config\*.sav >
[2008.01.20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\system32\config\COMPONENTS.SAV
[2008.01.20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\system32\config\DEFAULT.SAV
[2008.01.20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\system32\config\SECURITY.SAV
[2006.11.02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\system32\config\SOFTWARE.SAV
[2006.11.02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\system32\config\SYSTEM.SAV

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\*.* /U /s >
[11 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[20 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\*.tmp files -> C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\f9f53b2d1bf7d6b7359768190ad1966d\*.tmp files -> C:\Windows\SoftwareDistribution\Download\f9f53b2d1bf7d6b7359768190ad1966d\*.tmp -> ]
[22 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %ALLUSERSPROFILE%\Data Aplikací\*.* >

< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.* >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s >

< %APPDATA%\*. >
[2011.05.08 17:41:42 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Adobe
[2011.05.24 11:12:32 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Audacity
[2011.05.20 06:19:03 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Dropbox
[2011.07.25 16:31:50 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\ICQ
[2011.05.08 07:46:16 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Identities
[2011.05.08 18:50:50 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\IDOS
[2011.05.08 11:13:04 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Macromedia
[2006.11.02 08:37:34 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Media Center Programs
[2011.06.24 13:37:02 | 000,000,000 | --SD | M] -- C:\Users\Buddy\AppData\Roaming\Microsoft
[2011.05.08 08:30:24 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Mozilla
[2011.05.11 05:55:31 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\OpenCandy
[2011.05.08 17:34:07 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\OpenOffice.org
[2011.07.25 14:35:13 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Skype
[2011.07.25 08:11:36 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\skypePM
[2011.07.25 18:28:31 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\vlc
[2011.05.11 05:59:10 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Winamp
[2011.07.05 02:20:13 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Zoner

< %APPDATA%\*.* >

< %APPDATA%\*.exe /s >
[2011.05.08 18:50:30 | 000,724,579 | ---- | M] () -- C:\Users\Buddy\AppData\Roaming\IDOS\unins000.exe
[2011.05.11 05:55:32 | 000,416,160 | ---- | M] () -- C:\Users\Buddy\AppData\Roaming\OpenCandy\OpenCandy_D0A12EFB39D54BB0855909584C2A54F7\LatestDLMgr.exe
[2010.12.17 18:07:06 | 000,043,440 | ---- | M] () -- C:\Users\Buddy\AppData\Roaming\OpenCandy\OpenCandy_D0A12EFB39D54BB0855909584C2A54F7\SpeedstarterCZ.exe
[2010.12.17 13:48:22 | 001,720,472 | ---- | M] (Speedchecker Limited ) -- C:\Users\Buddy\AppData\Roaming\OpenCandy\OpenCandy_D0A12EFB39D54BB0855909584C2A54F7\ZrychleniPocitace.exe
[2011.05.11 05:55:40 | 001,842,096 | ---- | M] () -- C:\Users\Buddy\AppData\Roaming\OpenCandy\OpenCandy_D0A12EFB39D54BB0855909584C2A54F7\ZrychleniPocitace_p2v1.exe
[2011.05.08 18:32:51 | 012,487,264 | ---- | M] (ZONER software ) -- C:\Users\Buddy\AppData\Roaming\Zoner\NLMDB\product.0034\autoupdate.cz\ZPS13_Update_Build06.exe

< %SYSTEMDRIVE%\*.exe >

< >

< >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-20 01:03:46

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s >
"JobInactivityTimeout" = 7776000
"JobMinimumRetryDelay" = 600
"JobNoProgressTimeout" = 1209600
"LogFileFlags" = 0
"LogFileMinMemory" = 120
"LogFileSize" = 1
"TimeQuantaLength" = 300
"UseLmCompat" = 2
"IGDSearcherDLL" = bitsigd.dll -- [2008.01.20 22:24:29 | 000,031,744 | ---- | M] (Microsoft Corporation)
"StateIndex" = 1

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.07.26 10:09:49 | 000,000,512 | ---- | M] () MD5=05466DC9080B399EB82E72797198A113 -- C:\PhysicalMBR.bin

< End of report >

Lujgi · #29 Příspěvek od **Lujgi** » 26 črc 2011 15:51

To: hanchatko buď tak hodná či hodný a založ si své téma a tam si uveřejní svá zjištění, nejlépe si je přečíst návod jak se chovat ve zdejším fóru... děkuji ti za ochotu a pochopení

Lujgi · #30 Příspěvek od **Lujgi** » 26 črc 2011 15:56

to: Caroprd111 widle jedou, v systému jsem při stratu stihnul vypnout všechno co se po startu má spustit a win teď drží... spustil jsem ESET Online scaner..nechal full zkontrolovat... kontrola je na 20%...apočet nalezených infik.souborů je zatím 13 ..uvidím co to udělá dál..

VIRY.CZ

Facebook klik..upgrade Adobe Flash Player..osudové kliknutí

Re: Facebook klik..upgrade Adobe Flash Player..osudové klikn

Re: Facebook klik..upgrade Adobe Flash Player..osudové klikn

Re: Facebook klik..upgrade Adobe Flash Player..osudové klikn

Re: Facebook klik..upgrade Adobe Flash Player..osudové klikn

Re: Facebook klik..upgrade Adobe Flash Player..osudové klikn

Re: Facebook klik..upgrade Adobe Flash Player..osudové klikn

Re: Facebook klik..upgrade Adobe Flash Player..osudové klikn

Re: Facebook klik..upgrade Adobe Flash Player..osudové klikn

Re: Facebook klik..upgrade Adobe Flash Player..osudové klikn

Re: Facebook klik..upgrade Adobe Flash Player..osudové klikn

Re: Facebook klik..upgrade Adobe Flash Player..osudové klikn

Re: Facebook klik..upgrade Adobe Flash Player..osudové klikn

Re: Facebook klik..upgrade Adobe Flash Player..osudové klikn

Re: Facebook klik..upgrade Adobe Flash Player..osudové klikn

Re: Facebook klik..upgrade Adobe Flash Player..osudové klikn