Facebook virus

Zpráva

BuXo · #1 Příspěvek od **BuXo** » 19 srp 2011 20:29

Logfile of random's system information tool 1.09 (written by random/random)
Run by Mato at 2011-08-19 21:06:24
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 2 GB (3%) free of 80 GB
Total RAM: 2047 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:10:00, on 19.8.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\update.1\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\l1rezerv.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Valve\Steam\steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\ufa\ufa.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mato\My Documents\Preberanie\RSIT.exe
C:\Program Files\trend micro\Mato.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2475029
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=umail3&s= ... Terms}&f=4
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: VDownloader Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [nettrafficstat] C:\Program Files\NetTrafficStat\netmon.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [wxpdrv] C:\WINDOWS\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\WINDOWS\update.tray-14-0\svchost.exe
O4 - HKLM\..\Run: [2064787.exe] "C:\DOCUME~1\Tomas\LOCALS~1\Temp\2064787.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\WINDOWS\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\WINDOWS\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [9238847.exe] "C:\WINDOWS\TEMP\9238847.exe"
O4 - HKLM\..\Run: [34185854-loader2.exe] "C:\WINDOWS\TEMP\34185854-loader2.exe"
O4 - HKLM\..\Run: [8348927.exe] "C:\WINDOWS\TEMP\8348927.exe"
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\WINDOWS\l1rezerv.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe /A
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [RDReminder] C:\Program Files\RegClean Pro\RegCleanPro.exe -rem
O4 - HKUS\S-1-5-19\..\Run: [Exetender_298] "C:\Program Files\Frag Games\GPlayer.exe" /runonstartup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Exetender_298] "C:\Program Files\Frag Games\GPlayer.exe" /runonstartup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-823518204-1715567821-725345543-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Tomas')
O4 - HKUS\S-1-5-21-823518204-1715567821-725345543-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Ocino')
O4 - HKUS\S-1-5-21-823518204-1715567821-725345543-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Mamina')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: srvbtcclient - Unknown owner - C:\WINDOWS\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\WINDOWS\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\WINDOWS\sysdriver32.exe
O23 - Service: wxpdrivers - Unknown owner - C:\WINDOWS\update.1\svchost.exe

--
End of file - 12122 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton Security Scan for Tomas.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1715567821-725345543-1004.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1715567821-725345543-1005.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1715567821-725345543-1006.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1715567821-725345543-1007.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1715567821-725345543-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1715567821-725345543-1005.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1715567821-725345543-1006.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1715567821-725345543-1007.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.google.sk/"
prefs.js - "extensions.enabledItems" - "{800b5000-a755-47e1-992b-48a1c1357f07}:2, {DFF722C4-4A11-41A7-9939-C83A06B09897}:1.0, engine@conduit.com:3.2.5.2, {942cd1d4-9cc1-4d31-876a-ea8f489f7a59}:3.2.5.2, DTToolbar@toolbarnet.com:1.1.2.0185, {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2, toolbar@ask.com:3.11.3.15590, vshare@toolbar:1.0.2, {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3, {394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}:1.2.0, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16, {5b175400-2368-11de-8c30-0800200c9a66}:1.9, info@djzig.com:1.2.9"
prefs.js - "keyword.URL" - "http://websearch.ask.com/redirect?clien ... YYYYYSK&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@idsoftware.com/QuakeLive]
"Description"=
"Path"=C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660]
"Description"=12.0.1.660
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@unity3d.com/UnityPlayer]
"Description"=Unity Player 2.5.5b4
"Path"=C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18]
"Description"=Veetle TV Core
"Path"=C:\Program Files\Veetle\plugins\npVeetle.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=C:\Program Files\Veetle\Player\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@virtools.com/3DviaPlayer]
"Description"=3Dvia Player For Mozilla Based Broswer
"Path"=C:\Program Files\Virtools\3D Life Player\npvirtools.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsIQTScriptablePlugin.xpt
nsjsrealplayerplugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np32dsw.dll
npdeployJava1.dll
NPOFF12.DLL
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
nprpjplug.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
fcmdSrch.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\extensions\
DTToolbar@toolbarnet.com
engine@conduit.com
plugin2@gameplaylabs.com
toolbar@ask.com
vshare@toolbar
{20a82645-c095-46ed-80e3-08825760534b}
{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}
{5b175400-2368-11de-8c30-0800200c9a66}
{7b13ec3e-999a-4b70-b9cb-2617b8323822}
{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\searchplugins\
askcom.xml
conduit.xml
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin.xml
web-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-07-14 386264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
MyAshampoo Toolbar - C:\Program Files\MyAshampoo\tbMyAs.dll [2010-11-29 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
VDownloader Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-07 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-07 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-05 988480]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll [2010-12-09 3911776]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]
{D4027C7F-154A-4066-A1AD-4243D8127440} - VDownloader Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - MyAshampoo Toolbar - C:\Program Files\MyAshampoo\tbMyAs.dll [2010-11-29 3908192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-10 689488]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-03 1848648]
"nwiz"=nwiz.exe /installquiet []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-03-16 13670504]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-03-16 110696]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-12-14 47904]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-01-25 421160]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe []
"facemoods"=C:\Program Files\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe [2011-04-14 329432]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-01-07 253672]
""= []
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2011-05-17 395144]
"TkBellExe"=C:\Program Files\Real\RealPlayer\update\realsched.exe [2011-07-14 273544]
"nettrafficstat"=C:\Program Files\NetTrafficStat\netmon.exe []
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2011-08-04 1955208]
"wxpdrv"=C:\WINDOWS\services32.exe [2011-08-19 1215488]
"tray_ico"= []
"tray_ico0"=C:\WINDOWS\update.tray-14-0\svchost.exe [2011-08-19 1215488]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"2064787.exe"=C:\DOCUME~1\Tomas\LOCALS~1\Temp\2064787.exe [2011-08-19 258048]
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-08-19 258048]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-08-19 258048]
"9238847.exe"=C:\WINDOWS\TEMP\9238847.exe [2011-08-19 632832]
"34185854-loader2.exe"=C:\WINDOWS\TEMP\34185854-loader2.exe [2011-08-19 258048]
"8348927.exe"=C:\WINDOWS\TEMP\8348927.exe [2011-08-19 258048]
"l1rezerv.exe"=C:\WINDOWS\l1rezerv.exe [2011-08-19 232960]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"TBPanel"=C:\Program Files\Vtune\TBPanel.exe /A []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Steam"=C:\Program Files\Valve\Steam\steam.exe [2011-08-02 1242448]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2011-04-12 399736]
"RDReminder"=C:\Program Files\RegClean Pro\RegCleanPro.exe [2010-11-27 2564480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-01-30 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\záloha\Program Files\Mozilla Firefox\firefox.exe"="D:\záloha\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\FIFA10\FIFA10.exe"="C:\Program Files\FIFA10\FIFA10.exe:*:Enabled:FIFA10"
"C:\Program Files\Valve\Steam\Steam.exe"="C:\Program Files\Valve\Steam\Steam.exe:*:Enabled:Steam"
"D:\HRY\FIFA11\Game\fifa.exe"="D:\HRY\FIFA11\Game\fifa.exe:*:Enabled:FIFA 11"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\NFS HP2010\NFS11.exe"="D:\NFS HP2010\NFS11.exe:*:Enabled:Need for Speed(TM) Hot Pursuit Application"
"C:\Documents and Settings\Mato\Local Settings\Temp\Rar$EX01.265\Stronghold 2 DeLuxe\Stronghold2.exe"="C:\Documents and Settings\Mato\Local Settings\Temp\Rar$EX01.265\Stronghold 2 DeLuxe\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Mozilla Firefox\plugin-container.exe"="C:\Program Files\Mozilla Firefox\plugin-container.exe:*:Enabled:Plugin Container for Firefox"
"D:\FIFA08\FIFA08.exe"="D:\FIFA08\FIFA08.exe:*:Enabled:FIFA08"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe"="C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\f1\F1_2010_game.exe"="D:\f1\F1_2010_game.exe:*:Enabled:F1 2010"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Tomas\My Documents\Preberanie\Flash-Player.exe"="C:\Documents and Settings\Tomas\My Documents\Preberanie\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Tomas\My Documents\Preberanie\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\services32.exe"="C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe"
"C:\WINDOWS\update.tray-14-0\svchost.exe"="C:\WINDOWS\update.tray-14-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-14-0\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"
"C:\Program Files\Valve\Steam\SteamApps\buxo170\counter-strike\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\buxo170\counter-strike\hl.exe:*:Enabled:Counter-Strike"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-08-19 21:06:25 ----D---- C:\Program Files\trend micro
2011-08-19 21:06:24 ----D---- C:\rsit
2011-08-19 15:23:20 ----HD---- C:\WINDOWS\update.tray-2-0-lnk
2011-08-19 15:23:20 ----HD---- C:\WINDOWS\update.tray-2-0
2011-08-19 14:34:32 ----HD---- C:\WINDOWS\update.7.1
2011-08-19 12:05:38 ----D---- C:\WINDOWS\ufa
2011-08-19 12:05:38 ----D---- C:\WINDOWS\rpcminer
2011-08-19 12:05:38 ----D---- C:\WINDOWS\phoenix
2011-08-19 11:43:46 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-08-19 11:42:36 ----A---- C:\WINDOWS\l1rezerv.exe
2011-08-19 11:41:39 ----HD---- C:\WINDOWS\update.5.0
2011-08-19 11:40:52 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-08-19 11:40:26 ----A---- C:\WINDOWS\unrar.exe
2011-08-19 11:40:19 ----HD---- C:\WINDOWS\update.2
2011-08-19 11:38:22 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-08-19 11:38:18 ----A---- C:\WINDOWS\iplist.txt
2011-08-19 11:38:07 ----A---- C:\WINDOWS\sysdriver32.exe
2011-08-19 11:37:50 ----A---- C:\WINDOWS\front_ip_list.txt
2011-08-19 11:37:30 ----D---- C:\WINDOWS\av_ico
2011-08-19 11:36:19 ----HD---- C:\WINDOWS\update.1
2011-08-19 11:36:15 ----HD---- C:\WINDOWS\update.tray-14-0-lnk
2011-08-19 11:36:15 ----HD---- C:\WINDOWS\update.tray-14-0
2011-08-19 11:26:33 ----A---- C:\WINDOWS\winlog-ids.txt
2011-08-19 11:26:33 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-08-19 11:26:27 ----A---- C:\WINDOWS\services32.exe
2011-08-17 14:30:59 ----D---- C:\Program Files\Illustrator
2011-08-17 14:28:54 ----D---- C:\WINDOWS\XSxS
2011-08-17 14:28:54 ----D---- C:\Program Files\Xenocode
2011-08-12 08:55:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2567680$
2011-08-12 08:54:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2011-08-12 08:54:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2570222$
2011-08-12 08:53:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2559049$
2011-08-12 08:53:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2011-08-12 08:53:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2562937$
2011-07-29 16:41:46 ----D---- C:\Documents and Settings\All Users\Application Data\nettrafficstat
2011-07-21 17:24:32 ----D---- C:\Documents and Settings\All Users\Application Data\3DVIA
2011-07-21 17:23:47 ----D---- C:\Program Files\Virtools

======List of files/folders modified in the last 1 month======

2011-08-19 21:06:25 ----RD---- C:\Program Files
2011-08-19 20:55:58 ----D---- C:\Documents and Settings\Mato\Application Data\Skype
2011-08-19 19:10:17 ----D---- C:\WINDOWS\Temp
2011-08-19 19:01:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-08-19 18:57:49 ----D---- C:\Program Files\Mozilla Firefox
2011-08-19 18:55:14 ----D---- C:\WINDOWS\system32
2011-08-19 17:34:23 ----SD---- C:\WINDOWS\Tasks
2011-08-19 17:23:32 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-08-19 15:46:28 ----D---- C:\Program Files\Common Files
2011-08-19 15:36:05 ----D---- C:\Documents and Settings\Mato\Application Data\uTorrent
2011-08-19 15:31:43 ----D---- C:\WINDOWS\system32\CatRoot2
2011-08-19 15:30:17 ----D---- C:\Temp
2011-08-19 15:29:50 ----D---- C:\WINDOWS
2011-08-19 15:29:34 ----D---- C:\Program Files\Common Files\Akamai
2011-08-19 15:28:34 ----D---- C:\WINDOWS\system32\config
2011-08-19 15:28:13 ----D---- C:\WINDOWS\system32\wbem
2011-08-19 15:28:13 ----D---- C:\WINDOWS\Registration
2011-08-19 15:23:32 ----A---- C:\boot.ini
2011-08-19 15:21:57 ----SHD---- C:\WINDOWS\Installer
2011-08-19 15:21:54 ----SHD---- C:\Config.Msi
2011-08-19 15:21:47 ----HD---- C:\WINDOWS\inf
2011-08-19 15:21:47 ----D---- C:\WINDOWS\system32\drivers
2011-08-19 12:01:09 ----D---- C:\Program Files\Microsoft Security Client
2011-08-19 11:43:04 ----SHD---- C:\System Volume Information
2011-08-19 11:43:04 ----D---- C:\WINDOWS\system32\Restore
2011-08-19 11:41:49 ----D---- C:\WINDOWS\Prefetch
2011-08-17 15:06:37 ----D---- C:\Documents and Settings\Mato\Application Data\Adobe
2011-08-16 22:54:40 ----D---- C:\Program Files\Common Files\Apple
2011-08-13 19:19:57 ----D---- C:\WINDOWS\Microsoft.NET
2011-08-13 19:19:54 ----RSD---- C:\WINDOWS\assembly
2011-08-13 17:59:43 ----D---- C:\Documents and Settings\Mato\Application Data\PriceGong
2011-08-12 08:58:33 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-08-12 08:57:48 ----D---- C:\WINDOWS\WinSxS
2011-08-12 08:55:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-08-12 08:54:59 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2011-08-12 08:54:14 ----A---- C:\WINDOWS\imsins.BAK
2011-08-12 08:54:10 ----HD---- C:\WINDOWS\$hf_mig$
2011-08-11 17:42:17 ----RSD---- C:\WINDOWS\Fonts
2011-08-10 07:31:38 ----D---- C:\Program Files\VDOWNLOADER
2011-08-09 18:45:58 ----D---- C:\Program Files\LogMeIn Hamachi

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvgts;nvgts; C:\WINDOWS\system32\DRIVERS\nvgts.sys [2010-04-09 168040]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-12-23 691696]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R2 X4HSEx_Pr298;X4HSEx_Pr298; \??\C:\Program Files\Frag Games\X4HSEx.Sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2011-01-22 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-03-16 10232352]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2010-03-04 70912]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2010-03-04 13824]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S1 MpKslb7bcfcd7;MpKslb7bcfcd7; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{400F6153-11D5-44AC-BF1D-C4BDC411FC76}\MpKslb7bcfcd7.sys []
S1 MpKslc18237df;MpKslc18237df; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{400F6153-11D5-44AC-BF1D-C4BDC411FC76}\MpKslc18237df.sys []
S3 aitwb53b;aitwb53b; C:\WINDOWS\system32\drivers\aitwb53b.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-02-28 5888]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-12-14 41984]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-01-05 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 1361288]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-07 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-03-16 154216]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-07-10 75136]
R2 srvbtcclient;srvbtcclient; C:\WINDOWS\update.5.0\svchost.exe [2011-08-19 348672]
R2 srviecheck;srviecheck; C:\WINDOWS\update.2\svchost.exe [2011-08-19 632832]
R2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe [2011-08-19 258048]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 wxpdrivers;wxpdrivers; C:\WINDOWS\update.1\svchost.exe [2011-08-19 1215488]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-01-25 820008]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-05 136176]
S2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-05 136176]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-01-30 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Caroprd111** » 20 srp 2011 12:47

Zdravím a vítám vás na našem bezpečnostním fóru viry.cz

Můj nick je Caroprd111. Budu se vám v tomto topicu věnovat a snažit se odstranit všechny vaše problémy s počítačem.

Než začneme, přečtěte si prosím následující poznámky.

Pokud nemáte, zálohujte si všechna důležitá data. Infikovaný počítač je nevyzpytatelný.
Důsledně a pečlivě si přečtěte celý postup, poté pokračujte po jednotlivých krocích.
Prosím, nespouštějte žádné další programy na vlastní pěst, zejména ComboFix. Zbytečně tím můžete zkomplikovat odvirování, dokonce i znefunkčnit systém.
Absence příznaků nemusí vždy znamenat, že je počítač čistý, proto vždy spolupracujte až do doby, než vám napíšu, že je počítač v pořádku.
V případě, že něčemu nerozumíte nebo si nejste jist, neváhejte se mě zeptat.
Pokud bude log dlouhý a nevejde se do jednoho příspěvku, rozdělte jej do více příspěvků.

Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu

Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 
safebootminimal 
safebootnetwork
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
/md5start
scecli.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
atapi.sys
cdrom.sys 
ndis.sys
ntfs.sys
tcpip.sys
%SystemDrive%\PhysicalMBR.bin
/md5stop
C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X 
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav 
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c
type c:\boot.ini >> test.txt /c
*crack*
*keygen*

Označte položku Pro všechny uživatele.
Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Klikněte na tlačítko Prohledat
Po dokončení, sem vložte logy OTL.Txt a Extras.txt

BuXo · #3 Příspěvek od **BuXo** » 20 srp 2011 18:02

OTL.txt
nezmestil sa tak som ho uploadol...
http://www.uloz.to/10026133/otl-txt

Extras.txt

OTL Extras logfile created on: 20.8.2011 18:53:12 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Mato\My Documents\Preberanie
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 67,22% Memory free
3,85 Gb Paging File | 3,38 Gb Available in Paging File | 87,68% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 2,37 Gb Free Space | 3,04% Space Free | Partition Type: NTFS
Drive D: | 154,75 Gb Total Space | 11,20 Gb Free Space | 7,24% Space Free | Partition Type: NTFS

Computer Name: BUXO | User Name: Mato | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-823518204-1715567821-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"DisableThumbnailCache" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3562:TCP" = 3562:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\záloha\Program Files\Mozilla Firefox\firefox.exe" = D:\záloha\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\FIFA10\FIFA10.exe" = C:\Program Files\FIFA10\FIFA10.exe:*:Enabled:FIFA10 -- ()
"C:\Program Files\Valve\Steam\Steam.exe" = C:\Program Files\Valve\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"D:\HRY\FIFA11\Game\fifa.exe" = D:\HRY\FIFA11\Game\fifa.exe:*:Enabled:FIFA 11 -- (Electronic Arts)
"C:\totalcmd\TOTALCMD.EXE" = C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit -- (Ghisler Software GmbH)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"D:\NFS HP2010\NFS11.exe" = D:\NFS HP2010\NFS11.exe:*:Enabled:Need for Speed(TM) Hot Pursuit Application
"C:\Documents and Settings\Mato\Local Settings\Temp\Rar$EX01.265\Stronghold 2 DeLuxe\Stronghold2.exe" = C:\Documents and Settings\Mato\Local Settings\Temp\Rar$EX01.265\Stronghold 2 DeLuxe\Stronghold2.exe:*:Enabled:Stronghold 2
"C:\Program Files\TmNationsForever\TmForever.exe" = C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- ()
"D:\FIFA08\FIFA08.exe" = D:\FIFA08\FIFA08.exe:*:Enabled:FIFA08 -- ()
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe" = C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader -- ( )
"D:\f1\F1_2010_game.exe" = D:\f1\F1_2010_game.exe:*:Enabled:F1 2010 -- (Codemasters)
"C:\Documents and Settings\Tomas\My Documents\Preberanie\Flash-Player.exe" = C:\Documents and Settings\Tomas\My Documents\Preberanie\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Tomas\My Documents\Preberanie\Flash-Player.exe -- ()
"C:\WINDOWS\update.1\svchost.exe" = C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe -- ()
"C:\WINDOWS\services32.exe" = C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe -- ()
"C:\WINDOWS\update.tray-14-0\svchost.exe" = C:\WINDOWS\update.tray-14-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-14-0\svchost.exe -- ()
"C:\WINDOWS\update.2\svchost.exe" = C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe -- ()
"C:\Program Files\Valve\Steam\SteamApps\buxo170\counter-strike\hl.exe" = C:\Program Files\Valve\Steam\SteamApps\buxo170\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{0FB871A9-C617-4415-BB5D-619A8D946115}" = Microsoft Antimalware Service SK-SK Language Pack
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client SK-SK Language Pack
"{52A4E146-A102-4ED0-970F-6B1715EB3C86}" = Quake Live Mozilla Plugin
"{53DA6CFE-7CDE-4F72-9E23-39AAC686DE17}" = iPhone Folders
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74307C3F-EBD4-11D4-A4D9-0010A4C3AFF0}" = Macromedia HomeSite 5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.0.712
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1051-7B44-A94000000001}" = Adobe Reader 9.4.4 - Slovak
"{B5408C28-8D1F-4D65-AA49-02FBD56136FF}" = WolfQuest
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8B984A0-0D46-4EA0-BC1B-0597A2823A5C}" = Frag Games
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"Acoustica Beatcraft" = Acoustica Beatcraft
"Acoustica Effects Pack" = Acoustica Effects Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface
"Any Video Converter_is1" = Any Video Converter 3.0.7
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CINEMA 4D Release 11" = CINEMA 4D Release 11
"conduitEngine" = Conduit Engine
"Crazy Machines Elements_is1" = Crazy Machines Elements
"Creation Master 10_is1" = Creation Master 10 Release 10.3
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DiskAid_is1" = DiskAid 4.1
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Evidence tiketu_is1" = Evidence tiketu
"exent_231450" = Pet Racer
"exent_521550" = FlatOut
"exent_596950" = Hunting Unlimited 2009
"exent_609850" = Peggle™ Nights
"exent_648650" = Mr. Jones' Graveyard Shift
"exent_651050" = Tower Bloxx™ Deluxe
"exent_672950" = Crash Time III
"exent_676950" = Chrome
"exent_684250" = Royal Envoy
"exent_705750" = House, M.D.
"facemoods" = Facemoods Toolbar
"Floorball League_is1" = Floorball League 1.0
"GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"Google Chrome" = Google Chrome
"Hamachi" = Hamachi 1.0.3.0
"HighGrow Freeware Version 4.20" = HighGrow Freeware Version 4.20
"KaM - The Peasants Rebellion" = KaM - The Peasants Rebellion
"Keyboard Music_is1" = Keyboard Music 2.4
"kinder" = kinder
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Full)
"LastChaos" = LastChaos
"LogMeIn Hamachi" = LogMeIn Hamachi
"Macromedia Flash 8 Pro CZ" = Macromedia Flash 8 Pro CZ
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mozilla Firefox 6.0 (x86 sk)" = Mozilla Firefox 6.0 (x86 sk)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Mp3 Knife_is1" = Mp3 Knife 3.2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"NET Render Release 11" = NET Render Release 11
"NSS" = Norton Security Scan
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"Pcsx2_is1" = Pcsx2 0.9.1 Watermoose
"PHARAOHEDITOR_is1" = MAX's HTML Beauty++ 2004
"PokerTH 0.8.1" = PokerTH
"PSPad editor_is1" = PSPad editor
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"RegClean Pro_is1" = RegClean Pro
"Room Arranger" = Room Arranger
"Sázkař_is1" = Sázkař
"Scorpions WinCheater 2.07 (s databází 116)_is1" = Scorpions WinCheater
"SopCast" = SopCast 3.3.2
"The Golden Compass" = The Golden Compass
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"TopStyle Lite (Version 3.0)" = TopStyle Lite (Version 3.0)
"Totalcmd" = Total Commander (Remove or Repair)
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"Veetle TV" = Veetle TV 0.9.18
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.9
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-823518204-1715567821-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"GameRanger" = GameRanger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5.6.2011 1:10:24 | Computer Name = BUXO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 129844

Error - 5.6.2011 10:17:57 | Computer Name = BUXO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5.6.2011 10:17:57 | Computer Name = BUXO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1969

Error - 5.6.2011 10:17:57 | Computer Name = BUXO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1969

Error - 5.6.2011 12:15:38 | Computer Name = BUXO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5.6.2011 12:15:38 | Computer Name = BUXO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1984

Error - 5.6.2011 12:15:38 | Computer Name = BUXO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1984

Error - 6.6.2011 14:08:26 | Computer Name = BUXO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6.6.2011 14:08:26 | Computer Name = BUXO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1968

Error - 6.6.2011 14:08:26 | Computer Name = BUXO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1968

[ System Events ]
Error - 19.8.2011 9:23:31 | Computer Name = BUXO | Source = DCOM | ID = 10005
Description = Server DCOM zistil chybu %1084 pri pokuse spustiť službu EventSystem
s argumentmi potrebnú na spustenie servera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 19.8.2011 9:23:37 | Computer Name = BUXO | Source = DCOM | ID = 10005
Description = Server DCOM zistil chybu %1084 pri pokuse spustiť službu EventSystem
s argumentmi potrebnú na spustenie servera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 19.8.2011 9:25:27 | Computer Name = BUXO | Source = Service Control Manager | ID = 7000
Description = Spustenie služby Microsoft Antimalware Service zlyhalo kvôli nasledujúcej
chybe: %%3

Error - 19.8.2011 9:25:27 | Computer Name = BUXO | Source = Service Control Manager | ID = 7000
Description = Spustenie služby ESET Service zlyhalo kvôli nasledujúcej chybe: %%3

Error - 19.8.2011 9:29:47 | Computer Name = BUXO | Source = Service Control Manager | ID = 7000
Description = Spustenie služby Microsoft Antimalware Service zlyhalo kvôli nasledujúcej
chybe: %%3

Error - 19.8.2011 12:55:05 | Computer Name = BUXO | Source = Dhcp | ID = 1000
Description = Počítač prišiel o prenájom adresy IP 5.38.248.241 na sieťovej karte
so sieťovou adresou 7A7905509F7B.

Error - 20.8.2011 11:24:06 | Computer Name = BUXO | Source = Dhcp | ID = 1002
Description = Server DHCP 192.168.1.1 odmietol prenájom 192.168.1.2 adresy IP pre
sieťovú kartu so sieťovou adresou 002215D3CEAC (server DHCP odoslal hlásenie DHCPNACK).

Error - 20.8.2011 11:25:01 | Computer Name = BUXO | Source = Service Control Manager | ID = 7000
Description = Spustenie služby Microsoft Antimalware Service zlyhalo kvôli nasledujúcej
chybe: %%3

Error - 20.8.2011 12:22:45 | Computer Name = BUXO | Source = Dhcp | ID = 1000
Description = Počítač prišiel o prenájom adresy IP 5.38.248.241 na sieťovej karte
so sieťovou adresou 7A7905509F7B.

Error - 20.8.2011 12:31:53 | Computer Name = BUXO | Source = Service Control Manager | ID = 7034
Description = Služba LogMeIn Hamachi Tunneling Engine sa neočakávane ukončila. Služba
sa týmto spôsobom ukončila už 1 krát.

< End of report >

#4 Příspěvek od **Caroprd111** » 20 srp 2011 18:09

1. Nevložil jste mi sem log OTL.txt, ale jen skript. Já potřebuji log.

2. Odstraňte logy z Code, špatně se to čte.

BuXo · #5 Příspěvek od **BuXo** » 20 srp 2011 18:53

ospravedlňujem sa, opravené

#6 Příspěvek od **Caroprd111** » 20 srp 2011 18:58

Log prosím rozdělte do více příspěvků, ať ho mám tady.

BuXo · #7 Příspěvek od **BuXo** » 20 srp 2011 19:04

OTL logfile created on: 20.8.2011 19:35:33 - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Mato\My Documents\Preberanie
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,74% Memory free
3,85 Gb Paging File | 2,80 Gb Available in Paging File | 72,64% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 2,37 Gb Free Space | 3,03% Space Free | Partition Type: NTFS
Drive D: | 154,75 Gb Total Space | 11,20 Gb Free Space | 7,24% Space Free | Partition Type: NTFS

Computer Name: BUXO | User Name: Mato | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.08.20 18:51:16 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mato\My Documents\Preberanie\OTL.exe
PRC - [2011.08.19 12:18:15 | 000,632,832 | ---- | M] () -- C:\WINDOWS\update.2\svchost.exe
PRC - [2011.08.19 12:18:15 | 000,632,832 | ---- | M] () -- C:\WINDOWS\update.2\svchost.exe
PRC - [2011.08.19 11:42:32 | 000,232,960 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe
PRC - [2011.08.19 11:41:38 | 000,348,672 | ---- | M] () -- C:\WINDOWS\update.5.0\svchost.exe
PRC - [2011.08.19 11:41:38 | 000,348,672 | ---- | M] () -- C:\WINDOWS\update.5.0\svchost.exe
PRC - [2011.08.19 11:37:52 | 000,258,048 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe
PRC - [2011.08.19 11:25:53 | 001,215,488 | -H-- | M] () -- C:\WINDOWS\update.1\svchost.exe
PRC - [2011.08.17 21:09:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.08.04 14:34:50 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011.08.04 14:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011.08.04 11:10:26 | 000,071,464 | ---- | M] (Valve Corporation) -- C:\Program Files\Valve\Steam\GameOverlayUI.exe
PRC - [2011.08.02 10:00:32 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Valve\Steam\steam.exe
PRC - [2011.07.14 12:39:28 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011.06.29 12:20:24 | 000,743,936 | ---- | M] (Ufasoft) -- C:\WINDOWS\ufa\ufa.exe
PRC - [2010.12.24 16:36:40 | 000,086,077 | ---- | M] (Valve) -- c:\Program Files\Valve\Steam\SteamApps\buxo170\counter-strike\hl.exe
PRC - [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.03 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

========== Modules (No Company Name) ==========

MOD - [2011.08.20 19:35:31 | 000,053,248 | ---- | M] () -- c:\Program Files\Valve\Steam\SteamApps\buxo170\counter-strike\voice_miles.dll
MOD - [2011.08.20 19:19:34 | 000,535,552 | ---- | M] () -- c:\Program Files\Valve\Steam\SteamApps\buxo170\counter-strike\platform\servers\serverbrowser.dll
MOD - [2011.08.20 19:19:32 | 000,258,106 | ---- | M] () -- c:\Program Files\Valve\Steam\SteamApps\buxo170\counter-strike\Core.dll
MOD - [2011.08.20 19:19:32 | 000,090,112 | ---- | M] () -- c:\Program Files\Valve\Steam\SteamApps\buxo170\counter-strike\DemoPlayer.dll
MOD - [2011.08.20 19:19:31 | 001,074,496 | ---- | M] () -- c:\Program Files\Valve\Steam\SteamApps\buxo170\counter-strike\cstrike\cl_dlls\client.dll
MOD - [2011.08.20 19:19:31 | 000,245,819 | ---- | M] () -- c:\Program Files\Valve\Steam\SteamApps\buxo170\counter-strike\vgui2.dll
MOD - [2011.08.19 12:18:15 | 000,632,832 | ---- | M] () -- C:\WINDOWS\update.2\svchost.exe
MOD - [2011.08.19 11:42:32 | 000,232,960 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe
MOD - [2011.08.19 11:41:38 | 000,348,672 | ---- | M] () -- C:\WINDOWS\update.5.0\svchost.exe
MOD - [2011.08.19 11:37:52 | 000,258,048 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe
MOD - [2011.08.19 11:25:53 | 001,215,488 | -H-- | M] () -- C:\WINDOWS\update.1\svchost.exe
MOD - [2011.08.17 21:09:19 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.08.16 16:31:18 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko6.dll
MOD - [2011.08.12 08:50:20 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011.08.04 11:10:03 | 014,401,832 | ---- | M] () -- C:\Program Files\Valve\Steam\bin\libcef.dll
MOD - [2011.08.04 11:09:56 | 000,914,216 | ---- | M] () -- C:\Program Files\Valve\Steam\bin\avcodec-52.dll
MOD - [2011.08.04 11:09:56 | 000,190,248 | ---- | M] () -- C:\Program Files\Valve\Steam\bin\chromehtml.dll
MOD - [2011.08.04 11:09:56 | 000,155,432 | ---- | M] () -- C:\Program Files\Valve\Steam\bin\avformat-52.dll
MOD - [2011.08.04 11:09:56 | 000,091,432 | ---- | M] () -- C:\Program Files\Valve\Steam\bin\avutil-50.dll
MOD - [2011.08.01 21:46:09 | 003,542,616 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll
MOD - [2010.12.24 16:36:41 | 000,352,256 | ---- | M] () -- c:\Program Files\Valve\Steam\SteamApps\buxo170\counter-strike\vgui.dll
MOD - [2010.12.24 16:36:41 | 000,161,792 | ---- | M] () -- c:\Program Files\Valve\Steam\SteamApps\buxo170\counter-strike\Mssv29.asi
MOD - [2010.12.24 16:36:40 | 001,840,440 | ---- | M] () -- c:\Program Files\Valve\Steam\SteamApps\buxo170\counter-strike\hw.dll
MOD - [2010.12.24 16:36:40 | 000,351,744 | ---- | M] () -- c:\Program Files\Valve\Steam\SteamApps\buxo170\counter-strike\Mss32.dll
MOD - [2010.12.24 16:36:40 | 000,142,848 | ---- | M] () -- c:\Program Files\Valve\Steam\SteamApps\buxo170\counter-strike\Mssv12.asi
MOD - [2010.12.24 16:36:40 | 000,081,920 | ---- | M] () -- c:\Program Files\Valve\Steam\SteamApps\buxo170\counter-strike\valve\cl_dlls\particleman.dll
MOD - [2010.12.24 16:33:33 | 000,845,112 | ---- | M] () -- c:\Program Files\Valve\Steam\SteamApps\buxo170\counter-strike\valve\cl_dlls\GameUI.dll
MOD - [2010.12.24 16:33:33 | 000,344,064 | ---- | M] () -- c:\Program Files\Valve\Steam\SteamApps\buxo170\counter-strike\tier0.dll
MOD - [2010.12.24 16:33:33 | 000,125,952 | ---- | M] () -- c:\Program Files\Valve\Steam\SteamApps\buxo170\counter-strike\Mp3dec.asi
MOD - [2010.12.24 16:33:32 | 000,122,974 | ---- | M] () -- c:\Program Files\Valve\Steam\SteamApps\buxo170\counter-strike\FileSystem_Steam.dll
MOD - [2010.02.18 01:49:10 | 000,323,584 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll
MOD - [2010.02.10 19:10:12 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010.02.05 20:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009.02.27 21:08:14 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.SKY

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MsMpSvc)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011.08.19 12:18:15 | 000,632,832 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.2\svchost.exe -- (srviecheck)
SRV - [2011.08.19 11:41:38 | 000,348,672 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.5.0\svchost.exe -- (srvbtcclient)
SRV - [2011.08.19 11:37:52 | 000,258,048 | ---- | M] () [Auto | Running] -- C:\WINDOWS\sysdriver32.exe -- (srvsysdriver32)
SRV - [2011.08.19 11:25:53 | 001,215,488 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\update.1\svchost.exe -- (wxpdrivers)
SRV - [2011.08.04 14:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.08.01 21:46:09 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)

========== Driver Services (SafeList) ==========

DRV - [2011.01.22 11:55:45 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010.12.23 19:08:44 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.11.22 10:24:58 | 000,056,424 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\Frag Games\X4HSEx.sys -- (X4HSEx_Pr298)
DRV - [2010.04.09 03:30:10 | 000,168,040 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2010.03.04 19:02:10 | 000,013,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2010.03.04 19:02:08 | 000,070,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.03.17 18:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=umail3&s= ... Terms}&f=4

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-823518204-1715567821-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2475029
IE - HKU\S-1-5-21-823518204-1715567821-725345543-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-823518204-1715567821-725345543-1004\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-823518204-1715567821-725345543-1004\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-823518204-1715567821-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-823518204-1715567821-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.as ... earchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.sk/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2
FF - prefs.js..extensions.enabledItems: {DFF722C4-4A11-41A7-9939-C83A06B09897}:1.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {942cd1d4-9cc1-4d31-876a-ea8f489f7a59}:3.2.5.2
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}:1.2.0
FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9
FF - prefs.js..extensions.enabledItems: info@djzig.com:1.2.9
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?clien ... YYYYYSK&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.07.14 12:39:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: D:\záloha\Program Files\Mozilla Firefox\components [2011.07.14 12:39:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: D:\záloha\Program Files\Mozilla Firefox\plugins [2011.07.14 12:40:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.17 21:09:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.28 06:47:35 | 000,000,000 | ---D | M]

[2010.12.23 11:03:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mato\Application Data\Mozilla\Extensions
[2011.08.16 20:35:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\extensions
[2011.02.16 13:55:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.30 13:06:08 | 000,000,000 | ---D | M] (LightShot (screenshot tool)) -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}
[2010.12.23 18:35:32 | 000,000,000 | ---D | M] (Oskar) -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
[2011.08.16 20:35:33 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011.08.01 10:43:30 | 000,000,000 | ---D | M] (InnoGames International Community Toolbar) -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\extensions\{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}
[2011.08.16 12:02:20 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2011.08.16 12:02:39 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011.04.23 00:27:22 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\extensions\DTToolbar@toolbarnet.com
[2011.04.23 00:27:23 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\extensions\engine@conduit.com
[2011.04.13 22:42:20 | 000,000,000 | ---D | M] (GamePlayLabs Plugin) -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\extensions\plugin2@gameplaylabs.com
[2011.07.31 16:43:42 | 000,000,000 | ---D | M] ("VDownloader Toolbar") -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\extensions\toolbar@ask.com
[2010.12.27 22:35:56 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\extensions\vshare@toolbar
[2011.08.20 17:26:45 | 000,002,394 | ---- | M] () -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\searchplugins\askcom.xml
[2011.03.29 20:44:02 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\searchplugins\conduit.xml
[2011.08.17 12:06:40 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\searchplugins\icqplugin-1.xml
[2011.03.05 11:54:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\searchplugins\icqplugin-2.xml
[2011.03.24 17:45:20 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\searchplugins\icqplugin-3.xml
[2011.02.26 17:17:01 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\searchplugins\icqplugin.xml
[2010.12.28 12:27:56 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\searchplugins\web-search.xml
[2011.05.12 14:51:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.08.20 17:27:11 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.12.24 00:41:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.07 16:15:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.05.07 19:29:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
[2011.07.14 12:39:51 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011.05.07 19:29:14 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.08.17 21:09:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.07 19:29:14 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,583 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\atlas-sk.xml
[2010.01.01 10:00:00 | 000,001,380 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\azet-sk.xml
[2010.01.01 10:00:00 | 000,001,479 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\dunaj-sk.xml
[2011.05.06 20:32:05 | 000,002,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2010.01.01 10:00:00 | 000,001,473 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slovnik-sk.xml
[2010.01.01 10:00:00 | 000,001,104 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sk.xml
[2010.01.01 10:00:00 | 000,000,830 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\zoznam-sk.xml

O1 HOSTS File: ([2011.08.20 19:04:40 | 000,202,984 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 facebook.com
O1 - Hosts: 127.0.0.1 www.facebook.com
O1 - Hosts: 127.0.0.1 af-za.facebook.com
O1 - Hosts: 127.0.0.1 az-az.facebook.com
O1 - Hosts: 127.0.0.1 id-id.facebook.com
O1 - Hosts: 127.0.0.1 ms-my.facebook.com
O1 - Hosts: 127.0.0.1 bs-ba.facebook.com
O1 - Hosts: 127.0.0.1 ca-es.facebook.com
O1 - Hosts: 127.0.0.1 cs-cz.facebook.com
O1 - Hosts: 127.0.0.1 cy-gb.facebook.com
O1 - Hosts: 127.0.0.1 da-dk.facebook.com
O1 - Hosts: 127.0.0.1 de-de.facebook.com
O1 - Hosts: 127.0.0.1 et-ee.facebook.com
O1 - Hosts: 127.0.0.1 en-gb.facebook.com
O1 - Hosts: 127.0.0.1 es-la.facebook.com
O1 - Hosts: 127.0.0.1 eo-eo.facebook.com
O1 - Hosts: 127.0.0.1 eu-es.facebook.com
O1 - Hosts: 127.0.0.1 tl-ph.facebook.com
O1 - Hosts: 127.0.0.1 fo-fo.facebook.com
O1 - Hosts: 127.0.0.1 fr-fr.facebook.com
O1 - Hosts: 127.0.0.1 fy-nl.facebook.com
O1 - Hosts: 127.0.0.1 ga-ie.facebook.com
O1 - Hosts: 127.0.0.1 gl-es.facebook.com
O1 - Hosts: 127.0.0.1 ko-kr.facebook.com
O1 - Hosts: 50053 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-823518204-1715567821-725345543-1004\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-823518204-1715567821-725345543-1004\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-823518204-1715567821-725345543-1004\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-823518204-1715567821-725345543-1004\..\Toolbar\WebBrowser: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [2064787.exe] C:\Documents and Settings\Tomas\Local Settings\Temp\2064787.exe ()
O4 - HKLM..\Run: [34185854-loader2.exe] C:\WINDOWS\TEMP\34185854-loader2.exe ()
O4 - HKLM..\Run: [8348927.exe] C:\WINDOWS\TEMP\8348927.exe ()
O4 - HKLM..\Run: [9238847.exe] C:\WINDOWS\TEMP\9238847.exe ()
O4 - HKLM..\Run: [Adobe ARM] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [l1rezerv.exe] C:\WINDOWS\l1rezerv.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MSC] File not found
O4 - HKLM..\Run: [nettrafficstat] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [sysdriver32.exe] C:\WINDOWS\sysdriver32.exe ()
O4 - HKLM..\Run: [sysdriver32_.exe] C:\WINDOWS\sysdriver32_.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico0] C:\WINDOWS\update.tray-14-0\svchost.exe ()
O4 - HKLM..\Run: [tray_ico1] File not found
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O4 - HKLM..\Run: [wxpdrv] C:\WINDOWS\services32.exe ()
O4 - HKU\.DEFAULT..\Run: [Exetender_298] C:\Program Files\Frag Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-18..\Run: [Exetender_298] C:\Program Files\Frag Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Exetender_298] C:\Program Files\Frag Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-20..\Run: [Exetender_298] C:\Program Files\Frag Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-21-823518204-1715567821-725345543-1004..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-823518204-1715567821-725345543-1004..\Run: [RDReminder] C:\Program Files\RegClean Pro\RegCleanPro.exe (Systweak Inc)
O4 - HKU\S-1-5-21-823518204-1715567821-725345543-1004..\Run: [Steam] C:\Program Files\Valve\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-823518204-1715567821-725345543-1004..\Run: [TBPanel] File not found
O4 - HKU\S-1-5-21-823518204-1715567821-725345543-1004..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-1715567821-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mato\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mato\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O31 - SafeBoot: AlternateShell - services32.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.12.21 23:08:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: wxpdrivers - C:\WINDOWS\update.1\svchost.exe ()
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: MsMpSvc - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: wxpdrivers - C:\WINDOWS\update.1\svchost.exe ()
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011.08.20 17:26:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011.08.19 21:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.08.19 21:06:24 | 000,000,000 | ---D | C] -- C:\rsit
[2011.08.19 15:23:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-2-0-lnk
[2011.08.19 15:23:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-2-0
[2011.08.19 15:21:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2011.08.19 14:44:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011.08.19 14:34:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.7.1
[2011.08.19 12:05:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ufa
[2011.08.19 12:05:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\rpcminer
[2011.08.19 12:05:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\phoenix
[2011.08.19 11:41:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.5.0
[2011.08.19 11:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\WinRAR
[2011.08.19 11:40:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.2
[2011.08.19 11:37:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\av_ico
[2011.08.19 11:36:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.1
[2011.08.19 11:36:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-14-0-lnk
[2011.08.19 11:36:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-14-0
[2011.08.17 14:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\Illustrator
[2011.08.17 14:28:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\XSxS
[2011.08.17 14:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
[2011.08.11 07:58:17 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011.08.11 07:58:01 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011.08.09 18:45:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Hamachi
[2011.08.07 23:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mato\Desktop\0616_4x4
[2011.08.07 22:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mato\Desktop\__MACOSX
[2011.08.03 13:19:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mato\Desktop\allobrazky
[2011.08.03 12:33:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mato\Desktop\obrázky
[2011.08.02 12:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mato\Desktop\Tikety!
[2011.07.31 17:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mato\Desktop\iPod Photo Cache
[2011.07.29 16:41:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nettrafficstat
[2011.07.21 21:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mato\My Documents\Need for Speed World
[2010.12.24 00:30:45 | 003,056,008 | ---- | C] (Ask) -- C:\Program Files\Common Files\AskToolbarInstaller.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

BuXo · #8 Příspěvek od **BuXo** » 20 srp 2011 19:04

========== Files - Modified Within 30 Days ==========

[2011.08.20 19:36:52 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.08.20 19:19:19 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1715567821-725345543-1004.job
[2011.08.20 19:19:19 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1715567821-725345543-1004.job
[2011.08.20 19:03:40 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011.08.20 19:03:38 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.20 19:03:38 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1715567821-725345543-1007.job
[2011.08.20 19:03:38 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1715567821-725345543-1006.job
[2011.08.20 19:03:38 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1715567821-725345543-1005.job
[2011.08.20 19:03:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.08.20 19:01:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.20 19:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011.08.20 17:26:59 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011.08.19 23:53:45 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Tomas.job
[2011.08.19 19:36:17 | 000,084,604 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.08.19 18:55:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.08.19 15:23:32 | 000,000,215 | ---- | M] () -- C:\boot.ini
[2011.08.19 14:34:32 | 000,000,179 | ---- | M] () -- C:\WINDOWS\info1
[2011.08.19 12:05:37 | 000,246,272 | ---- | M] () -- C:\WINDOWS\unrar.exe
[2011.08.19 12:05:36 | 005,589,370 | ---- | M] () -- C:\WINDOWS\phoenix.rar
[2011.08.19 12:05:36 | 000,182,617 | ---- | M] () -- C:\WINDOWS\ufa.rar
[2011.08.19 12:05:30 | 001,075,284 | ---- | M] () -- C:\WINDOWS\rpcminer.rar
[2011.08.19 11:42:32 | 000,232,960 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe
[2011.08.19 11:40:26 | 000,904,792 | ---- | M] () -- C:\WINDOWS\geoiplist.rar
[2011.08.19 11:38:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\loader2.exe_ok
[2011.08.19 11:37:52 | 000,258,048 | ---- | M] () -- C:\WINDOWS\sysdriver32_.exe
[2011.08.19 11:37:52 | 000,258,048 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe
[2011.08.19 11:25:53 | 001,215,488 | ---- | M] () -- C:\WINDOWS\services32.exe
[2011.08.19 07:54:59 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.08.18 13:51:26 | 000,047,651 | ---- | M] () -- C:\Documents and Settings\Mato\Desktop\Music.png
[2011.08.17 23:57:28 | 000,009,975 | ---- | M] () -- C:\Documents and Settings\Mato\Desktop\3.png
[2011.08.17 23:23:26 | 000,018,958 | ---- | M] () -- C:\Documents and Settings\Mato\Desktop\nclogo.png
[2011.08.17 21:09:13 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1715567821-725345543-1005.job
[2011.08.17 16:01:23 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1715567821-725345543-1007.job
[2011.08.17 14:56:06 | 000,226,371 | ---- | M] () -- C:\Documents and Settings\Mato\Desktop\IMG.pdf
[2011.08.17 14:31:57 | 000,000,757 | ---- | M] () -- C:\Documents and Settings\Mato\Desktop\Odkaz na Portable Illustrator CS5 v15.0.0.exe.lnk
[2011.08.16 23:25:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011.08.16 22:54:22 | 005,022,120 | ---- | M] () -- C:\Documents and Settings\Mato\My Documents\plisteditor_setup.exe
[2011.08.16 14:59:33 | 000,000,326 | ---- | M] () -- C:\Documents and Settings\Mato\Desktop\subor.html
[2011.08.16 13:13:49 | 003,510,401 | ---- | M] () -- C:\Documents and Settings\Mato\Desktop\Gala - Freed From Desire 2011.mp3
[2011.08.14 20:17:03 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1715567821-725345543-1006.job
[2011.08.12 08:58:33 | 000,435,682 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.08.12 08:58:33 | 000,068,578 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.08.12 08:54:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.08.12 08:50:22 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.08.12 08:48:56 | 000,461,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.08.11 17:11:12 | 000,056,441 | ---- | M] () -- C:\Documents and Settings\Mato\Desktop\los-simpsons.png
[2011.08.11 17:10:44 | 000,015,032 | ---- | M] () -- C:\Documents and Settings\Mato\Desktop\images.jpg
[2011.08.11 17:03:06 | 000,072,085 | ---- | M] () -- C:\Documents and Settings\Mato\Desktop\27.gif
[2011.08.11 17:02:07 | 000,024,087 | ---- | M] () -- C:\Documents and Settings\Mato\Desktop\bart.gif
[2011.08.11 16:50:31 | 000,072,968 | ---- | M] () -- C:\Documents and Settings\Mato\Desktop\bart-simpson.png
[2011.08.10 07:17:26 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.08.07 11:01:22 | 011,069,941 | ---- | M] () -- C:\Documents and Settings\Mato\Desktop\hdd1.c4d
[2011.08.05 15:06:04 | 005,302,262 | ---- | M] () -- C:\Documents and Settings\Mato\Desktop\Gala - Freed From Desire 2011 (Klaas Club Mix) (ALBANIA HOUSE MUSIC) SELECTED BY FABIENI DJ.mp3
[2011.08.02 13:46:26 | 000,048,834 | ---- | M] () -- C:\Documents and Settings\Mato\Desktop\tiket.JPG
[2011.07.28 00:55:11 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011.07.27 12:39:03 | 000,170,817 | ---- | M] () -- C:\Documents and Settings\Mato\Desktop\Bez názvu 1.jpg
[2011.07.27 00:15:44 | 000,108,566 | ---- | M] () -- C:\Documents and Settings\Mato\Desktop\bg.jpg
[2011.07.24 19:16:13 | 000,069,425 | ---- | M] () -- C:\Documents and Settings\Mato\Desktop\wtf.JPG
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.08.20 18:54:31 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.08.19 15:09:24 | 000,001,673 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011.08.19 12:05:36 | 000,182,617 | ---- | C] () -- C:\WINDOWS\ufa.rar
[2011.08.19 12:05:34 | 005,589,370 | ---- | C] () -- C:\WINDOWS\phoenix.rar
[2011.08.19 12:05:30 | 001,075,284 | ---- | C] () -- C:\WINDOWS\rpcminer.rar
[2011.08.19 11:42:36 | 000,232,960 | ---- | C] () -- C:\WINDOWS\l1rezerv.exe
[2011.08.19 11:40:28 | 004,636,907 | ---- | C] () -- C:\WINDOWS\geoiplist
[2011.08.19 11:40:26 | 000,904,792 | ---- | C] () -- C:\WINDOWS\geoiplist.rar
[2011.08.19 11:40:26 | 000,246,272 | ---- | C] () -- C:\WINDOWS\unrar.exe
[2011.08.19 11:40:18 | 000,000,179 | ---- | C] () -- C:\WINDOWS\info1
[2011.08.19 11:38:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok
[2011.08.19 11:38:22 | 000,258,048 | ---- | C] () -- C:\WINDOWS\sysdriver32_.exe
[2011.08.19 11:38:07 | 000,258,048 | ---- | C] () -- C:\WINDOWS\sysdriver32.exe
[2011.08.19 11:26:27 | 001,215,488 | ---- | C] () -- C:\WINDOWS\services32.exe
[2011.08.18 13:51:25 | 000,047,651 | ---- | C] () -- C:\Documents and Settings\Mato\Desktop\Music.png
[2011.08.18 13:41:48 | 000,858,073 | ---- | C] () -- C:\Documents and Settings\Mato\Desktop\easyelements Music Brushes.abr
[2011.08.18 13:41:44 | 001,141,874 | ---- | C] () -- C:\Documents and Settings\Mato\Desktop\SS-music.abr
[2011.08.18 13:36:12 | 007,049,842 | ---- | C] () -- C:\Documents and Settings\Mato\Desktop\Light Beams.abr
[2011.08.18 13:36:12 | 000,000,070 | ---- | C] () -- C:\Documents and Settings\Mato\Desktop\._Light Beams.abr
[2011.08.17 23:57:28 | 000,009,975 | ---- | C] () -- C:\Documents and Settings\Mato\Desktop\3.png
[2011.08.17 23:23:24 | 000,018,958 | ---- | C] () -- C:\Documents and Settings\Mato\Desktop\nclogo.png
[2011.08.17 14:56:16 | 000,226,371 | ---- | C] () -- C:\Documents and Settings\Mato\Desktop\IMG.pdf
[2011.08.17 14:31:49 | 000,000,757 | ---- | C] () -- C:\Documents and Settings\Mato\Desktop\Odkaz na Portable Illustrator CS5 v15.0.0.exe.lnk
[2011.08.16 22:54:22 | 005,022,120 | ---- | C] () -- C:\Documents and Settings\Mato\My Documents\plisteditor_setup.exe
[2011.08.16 14:55:11 | 000,000,326 | ---- | C] () -- C:\Documents and Settings\Mato\Desktop\subor.html
[2011.08.15 15:23:48 | 003,510,401 | ---- | C] () -- C:\Documents and Settings\Mato\Desktop\Gala - Freed From Desire 2011.mp3
[2011.08.11 17:11:12 | 000,056,441 | ---- | C] () -- C:\Documents and Settings\Mato\Desktop\los-simpsons.png
[2011.08.11 17:10:35 | 000,015,032 | ---- | C] () -- C:\Documents and Settings\Mato\Desktop\images.jpg
[2011.08.11 17:03:06 | 000,072,085 | ---- | C] () -- C:\Documents and Settings\Mato\Desktop\27.gif
[2011.08.11 17:02:06 | 000,024,087 | ---- | C] () -- C:\Documents and Settings\Mato\Desktop\bart.gif
[2011.08.11 16:50:30 | 000,072,968 | ---- | C] () -- C:\Documents and Settings\Mato\Desktop\bart-simpson.png
[2011.08.07 11:00:38 | 011,069,941 | ---- | C] () -- C:\Documents and Settings\Mato\Desktop\hdd1.c4d
[2011.08.05 15:05:41 | 005,302,262 | ---- | C] () -- C:\Documents and Settings\Mato\Desktop\Gala - Freed From Desire 2011 (Klaas Club Mix) (ALBANIA HOUSE MUSIC) SELECTED BY FABIENI DJ.mp3
[2011.08.02 13:46:26 | 000,048,834 | ---- | C] () -- C:\Documents and Settings\Mato\Desktop\tiket.JPG
[2011.07.28 06:53:11 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.07.27 20:10:43 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1715567821-725345543-1007.job
[2011.07.27 20:10:42 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1715567821-725345543-1007.job
[2011.07.27 01:12:44 | 000,170,817 | ---- | C] () -- C:\Documents and Settings\Mato\Desktop\Bez názvu 1.jpg
[2011.07.27 00:15:44 | 000,108,566 | ---- | C] () -- C:\Documents and Settings\Mato\Desktop\bg.jpg
[2011.07.24 19:16:13 | 000,069,425 | ---- | C] () -- C:\Documents and Settings\Mato\Desktop\wtf.JPG
[2011.07.10 09:08:46 | 000,139,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011.07.10 09:08:32 | 000,270,240 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011.07.10 09:08:30 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011.07.01 23:40:25 | 000,072,192 | ---- | C] () -- C:\WINDOWS\unlite3.exe
[2011.07.01 23:40:10 | 000,777,728 | ---- | C] () -- C:\WINDOWS\System32\Sslsvc.dll
[2011.07.01 23:40:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2011.07.01 23:40:10 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\cfmsg.dll
[2011.07.01 23:40:10 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2011.06.27 23:22:04 | 000,839,096 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011.06.19 08:34:45 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011.02.15 12:41:45 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2011.02.12 16:05:01 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Mato\Application Data\winscp.rnd
[2011.01.20 14:18:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.01.16 00:09:24 | 000,000,102 | ---- | C] () -- C:\Documents and Settings\Mato\Local Settings\Application Data\SRDownloader(2).err
[2011.01.16 00:08:27 | 000,001,760 | ---- | C] () -- C:\Documents and Settings\Mato\Local Settings\Application Data\SRDownloader(2).nast
[2010.12.29 22:33:35 | 000,084,604 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.12.29 22:14:17 | 000,001,536 | ---- | C] () -- C:\Documents and Settings\Mato\Local Settings\Application Data\SRDownloader.nast
[2010.12.29 22:14:17 | 000,000,621 | ---- | C] () -- C:\Documents and Settings\Mato\Local Settings\Application Data\SRDownloader.err
[2010.12.24 01:10:26 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Mato\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.24 00:30:45 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2010.12.23 18:51:36 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.12.23 11:23:13 | 000,010,084 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010.12.23 11:14:59 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.12.23 11:14:59 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.12.23 11:14:58 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.12.23 11:14:58 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.12.23 11:14:58 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.12.21 23:58:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.12.21 23:56:57 | 000,461,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.12.21 23:24:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.12.21 23:10:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.12.21 23:06:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010.03.16 00:52:00 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008.09.11 11:13:43 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006.02.28 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006.02.28 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006.02.28 14:00:00 | 000,435,682 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006.02.28 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006.02.28 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006.02.28 14:00:00 | 000,068,578 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006.02.28 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006.02.28 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006.02.28 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.02.28 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006.02.28 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006.02.28 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011.07.21 17:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3DVIA
[2010.12.23 11:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2010.12.22 14:32:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011.02.10 14:49:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011.06.08 15:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2010.12.23 19:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011.06.19 09:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DigitalChocolate
[2011.07.15 12:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2011.06.01 14:20:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileServe Limited
[2011.03.09 21:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2011.06.19 08:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Frag Games
[2011.03.18 15:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2011.07.31 17:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nettrafficstat
[2011.06.20 07:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2011.03.31 17:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RSA software
[2011.03.07 20:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2011.06.22 21:44:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Synetic
[2011.02.26 17:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011.03.19 19:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2010.12.29 18:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.02.07 18:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mamina\Application Data\CIL Software
[2011.05.12 20:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mamina\Application Data\facemoods.com
[2011.02.25 21:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mamina\Application Data\PriceGong
[2011.05.07 19:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\.minecraft
[2010.12.24 01:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\AnvSoft
[2010.12.26 17:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\Ashampoo
[2011.06.10 18:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\Canon
[2010.12.23 19:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\CIL Software
[2010.12.23 19:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\DAEMON Tools Lite
[2011.02.06 13:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\DiskAid
[2011.05.07 10:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\facemoods.com
[2011.04.14 21:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\fizzy
[2010.12.31 00:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\GameRanger
[2011.02.11 14:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\GetRightToGo
[2011.01.12 22:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\GHISLER
[2011.07.15 12:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\go
[2010.12.24 00:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\GrabPro
[2011.03.29 20:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\id Software
[2010.12.23 19:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\Leadertech
[2011.08.16 15:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\MAXON
[2011.07.10 12:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\Need for Speed World
[2010.12.24 00:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\Orbit
[2010.12.27 23:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\pokerth
[2011.08.13 17:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\PriceGong
[2010.12.24 00:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\ProgSense
[2011.06.08 15:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\Systweak
[2011.03.26 12:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\Thinstall
[2011.06.08 14:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\Uniblue
[2011.08.20 19:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\uTorrent
[2010.12.23 11:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ocino\Application Data\Ashampoo
[2011.06.05 19:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ocino\Application Data\Canon
[2011.01.02 19:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ocino\Application Data\CIL Software
[2011.05.11 21:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ocino\Application Data\facemoods.com
[2011.05.27 16:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Application Data\Canon
[2010.12.23 21:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Application Data\CIL Software
[2011.03.07 20:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Application Data\DAEMON Tools Lite
[2011.05.07 08:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Application Data\facemoods.com
[2011.06.21 19:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Application Data\GraveyardShift
[2011.03.10 19:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Application Data\id Software
[2011.07.10 14:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Application Data\Need for Speed World
[2011.01.20 16:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Application Data\PirateGalaxy
[2011.07.10 08:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Application Data\PriceGong
[2011.03.03 16:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Application Data\Unity
[2011.06.27 19:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Application Data\VDownloader
[2011.08.19 07:54:59 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011.08.20 19:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 02:12:16 | 000,015,360 | ---- | M] (Microsoft Corporation)
"TBPanel" = C:\Program Files\Vtune\TBPanel.exe /A
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun -- [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd)
"Steam" = "C:\Program Files\Valve\Steam\steam.exe" -silent -- [2011.08.02 10:00:32 | 001,242,448 | ---- | M] (Valve Corporation)
"uTorrent" = "C:\Program Files\uTorrent\uTorrent.exe" -- [2011.04.12 12:06:55 | 000,399,736 | ---- | M] (BitTorrent, Inc.)
"RDReminder" = C:\Program Files\RegClean Pro\RegCleanPro.exe -rem -- [2010.11.27 15:34:00 | 002,564,480 | ---- | M] (Systweak Inc)

< MD5 for: ATAPI.SYS >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011.05.31 21:04:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011.05.31 21:04:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 02:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 02:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2006.02.28 14:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: CDROM.SYS >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2011.05.31 21:04:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2011.05.31 21:04:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2006.02.28 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CSRSS.EXE >
[2008.04.14 02:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008.04.14 02:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
[2006.02.28 14:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006.02.28 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: LSASS.EXE >
[2006.02.28 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 02:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 02:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2006.02.28 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NTFS.SYS >
[2008.04.13 21:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008.04.13 21:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2006.02.28 14:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys

< MD5 for: SCECLI.DLL >
[2006.02.28 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.02.06 13:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008.04.14 02:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008.04.14 02:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009.02.06 19:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009.02.06 12:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009.02.06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009.02.06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009.02.06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2006.02.28 14:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe

< MD5 for: SMSS.EXE >
[2008.04.14 02:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 02:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\smss.exe
[2006.02.28 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe

< MD5 for: SPOOLSV.EXE >
[2010.08.17 15:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010.08.17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010.08.17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2006.02.28 14:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
[2008.04.14 02:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
[2008.04.14 02:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2011.08.19 12:18:15 | 000,632,832 | ---- | M] () MD5=0CD76DB73F3108CDB413EE8239212ECE -- C:\WINDOWS\update.2\svchost.exe
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2011.08.19 11:41:38 | 000,348,672 | ---- | M] () MD5=6EECAB7626BABA17DB082754B5E8C5CE -- C:\WINDOWS\update.5.0\svchost.exe
[2006.02.28 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2011.08.19 11:25:53 | 001,215,488 | -H-- | M] () MD5=AA72E1635B2CDBFFF923ADEF52B6D3B8 -- C:\WINDOWS\update.1\svchost.exe
[2011.08.19 11:25:53 | 001,215,488 | -H-- | M] () MD5=AA72E1635B2CDBFFF923ADEF52B6D3B8 -- C:\WINDOWS\update.tray-14-0\svchost.exe
[2011.08.19 11:25:53 | 001,215,488 | -H-- | M] () MD5=AA72E1635B2CDBFFF923ADEF52B6D3B8 -- C:\WINDOWS\update.tray-14-0-lnk\svchost.exe
[2011.08.19 11:25:53 | 001,215,488 | -H-- | M] () MD5=AA72E1635B2CDBFFF923ADEF52B6D3B8 -- C:\WINDOWS\update.tray-2-0\svchost.exe
[2011.08.19 11:25:53 | 001,215,488 | -H-- | M] () MD5=AA72E1635B2CDBFFF923ADEF52B6D3B8 -- C:\WINDOWS\update.tray-2-0-lnk\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006.02.28 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2006.02.28 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006.02.28 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2008.03.31 22:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD9H.DLL
[2008.03.31 22:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP9H.DLL
[2008.07.06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006.10.26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008.07.06 14:06:10 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\x64\filterpipelineprintproc.dll

< %systemroot%\system32\drivers\*.sys /5 >

< %systemroot%\system32\drivers\*.sys /X >
[2008.04.14 02:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008.04.14 02:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008.04.14 02:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008.04.14 02:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008.04.14 02:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008.04.14 02:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008.04.14 02:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2004.07.17 12:36:24 | 000,064,352 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativmc20.cod
[2008.04.14 02:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008.04.14 02:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008.04.14 02:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008.04.14 02:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008.04.14 02:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008.04.14 02:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2007.04.02 18:06:03 | 000,129,045 | ---- | M] () -- C:\WINDOWS\system32\drivers\cxthsfs2.cty
[2006.02.28 14:00:00 | 003,440,660 | ---- | M] () -- C:\WINDOWS\system32\drivers\gm.dls
[2006.02.28 14:00:00 | 000,000,646 | ---- | M] () -- C:\WINDOWS\system32\drivers\gmreadme.txt
[2006.12.29 16:32:49 | 000,067,866 | ---- | M] () -- C:\WINDOWS\system32\drivers\netwlan5.img
[2010.02.22 08:45:52 | 000,010,084 | ---- | M] () -- C:\WINDOWS\system32\drivers\nvphy.bin
[2008.04.14 02:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008.04.14 02:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.12.23 19:08:44 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\system32\*.* /5 >
[2011.08.19 18:55:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\system32\d3d9caps.dat
[2011.08.19 19:36:17 | 000,084,604 | -H-- | M] () -- C:\WINDOWS\system32\mlfcache.dat
[2011.08.20 19:03:40 | 000,276,202 | ---- | M] () -- C:\WINDOWS\system32\NvApps.xml
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\config\*.sav >
[2010.12.21 23:55:20 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010.12.21 23:55:20 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010.12.21 23:55:19 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\*.* /U /s >
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[7 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\0a156d584c984ab46d805e5b8cd44629\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\0a156d584c984ab46d805e5b8cd44629\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\1b7ea646ad020a3682cf3a561b9647f4\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\1b7ea646ad020a3682cf3a561b9647f4\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\37175e0036c29cc08080fca13a678d2a\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\37175e0036c29cc08080fca13a678d2a\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\467d56591ed085161e5bb3d2f520fada\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\467d56591ed085161e5bb3d2f520fada\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\86b0a3da81bf3edf55c9e9c6ef2e8b55\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\86b0a3da81bf3edf55c9e9c6ef2e8b55\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\b3b63f523b6ffa8d89572999d83f0181\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\b3b63f523b6ffa8d89572999d83f0181\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\cfa47f37230070f7072b02102a875bda\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\cfa47f37230070f7072b02102a875bda\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[1 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp -> ]
[7 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %ALLUSERSPROFILE%\Data Aplikací\*.* >

< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.* >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s >

< %APPDATA%\*. >
[2011.05.07 19:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\.minecraft
[2011.08.17 15:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\Adobe
[2010.12.24 01:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\AnvSoft
[2011.06.01 16:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\Apple Computer
[2010.12.26 17:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\Ashampoo
[2011.06.10 18:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\Canon
[2010.12.23 19:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\CIL Software
[2010.12.23 19:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\DAEMON Tools Lite
[2011.02.06 13:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\DiskAid
[2011.05.07 10:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\facemoods.com
[2011.04.14 21:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\fizzy
[2010.12.31 00:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\GameRanger
[2011.02.11 14:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\GetRightToGo
[2011.01.12 22:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\GHISLER
[2011.07.15 12:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\go
[2010.12.24 00:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\GrabPro
[2011.07.17 15:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\Hamachi
[2011.03.29 20:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\id Software
[2010.12.21 23:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\Identities
[2010.12.23 19:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\Leadertech
[2011.04.11 12:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\Macromedia
[2011.08.16 15:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\MAXON
[2011.06.24 23:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\Media Player Classic
[2011.05.09 19:46:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Mato\Application Data\Microsoft
[2010.12.23 11:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\Mozilla
[2011.07.10 12:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\Need for Speed World
[2010.12.24 00:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\Orbit
[2010.12.27 23:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\pokerth
[2011.08.13 17:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\PriceGong
[2010.12.24 00:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\ProgSense
[2011.01.07 16:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\PSpad
[2011.07.14 12:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\Real
[2011.08.20 19:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\Skype
[2011.06.24 14:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\skypePM
[2010.12.24 00:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\Sun
[2011.06.08 15:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\Systweak
[2011.03.26 12:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\Thinstall
[2011.06.08 14:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\Uniblue
[2011.08.20 19:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\uTorrent
[2010.12.23 20:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mato\Application Data\WinRAR

< %APPDATA%\*.* >
[2010.12.21 23:57:39 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Mato\Application Data\desktop.ini
[2011.02.12 16:11:20 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Mato\Application Data\winscp.rnd

< %APPDATA%\*.exe /s >
[2010.12.10 22:56:50 | 001,248,992 | ---- | M] (GameRanger Technologies) -- C:\Documents and Settings\Mato\Application Data\GameRanger\GameRanger\GameRanger.exe
[2010.12.23 21:13:41 | 000,015,872 | R--- | M] () -- C:\Documents and Settings\Mato\Application Data\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe
[2011.04.11 12:05:51 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Mato\Application Data\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe
[2011.05.30 17:18:36 | 003,486,088 | ---- | M] (Ask) -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe

< %SYSTEMDRIVE%\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-12 06:58:51

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER

< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=AlwaysOff /fastdetect

< *crack* >

< *keygen* >

========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1A5FE8B

< End of report >

#9 Příspěvek od **Caroprd111** » 20 srp 2011 22:48

Znovu spusťte OTL a do spodního bílého okna vložte následující skript. Poté klikněte na Opravit, PC se restartuje, výsledný log vložte sem.

Kód: Vybrat vše

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]

:OTL
MOD - [2011.08.19 12:18:15 | 000,632,832 | ---- | M] () -- C:\WINDOWS\update.2\svchost.exe
MOD - [2011.08.19 11:42:32 | 000,232,960 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe
MOD - [2011.08.19 11:41:38 | 000,348,672 | ---- | M] () -- C:\WINDOWS\update.5.0\svchost.exe
MOD - [2011.08.19 11:37:52 | 000,258,048 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe
MOD - [2011.08.19 11:25:53 | 001,215,488 | -H-- | M] () -- C:\WINDOWS\update.1\svchost.exe
SRV - [2011.08.19 12:18:15 | 000,632,832 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.2\svchost.exe -- (srviecheck)
SRV - [2011.08.19 11:41:38 | 000,348,672 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.5.0\svchost.exe -- (srvbtcclient)
SRV - [2011.08.19 11:37:52 | 000,258,048 | ---- | M] () [Auto | Running] -- C:\WINDOWS\sysdriver32.exe -- (srvsysdriver32)
SRV - [2011.08.19 11:25:53 | 001,215,488 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\update.1\svchost.exe -- (wxpdrivers)
IE - HKU\S-1-5-21-823518204-1715567821-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2475029
IE - HKU\S-1-5-21-823518204-1715567821-725345543-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-823518204-1715567821-725345543-1004\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-823518204-1715567821-725345543-1004\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=umail3&s={searchTerms}&f=4
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2
FF - prefs.js..extensions.enabledItems: {DFF722C4-4A11-41A7-9939-C83A06B09897}:1.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {942cd1d4-9cc1-4d31-876a-ea8f489f7a59}:3.2.5.2
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}:1.2.0
FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9
FF - prefs.js..extensions.enabledItems: info@djzig.com:1.2.9
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=VD&o=14778&locale=en_EU&apn_uid=FCC267AF-7FEF-4977-BE07-17D64047DFDD&apn_ptnrs=VX&apn_sauid=C5D5565E-7B69-46CF-9949-83767D5B9AF7&apn_dtid=YYYYYYYYSK&q="
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
.16 20:35:33 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011.08.01 10:43:30 | 000,000,000 | ---D | M] (InnoGames International Community Toolbar) -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\extensions\{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}
[2011.08.16 12:02:20 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2011.08.16 12:02:39 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011.04.23 00:27:22 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\extensions\DTToolbar@toolbarnet.com
[2011.04.23 00:27:23 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\extensions\engine@conduit.com
2011.07.31 16:43:42 | 000,000,000 | ---D | M] ("VDownloader Toolbar") -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\extensions\toolbar@ask.com
[2010.12.27 22:35:56 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\extensions\vshare@toolbar
2011.08.20 17:26:45 | 000,002,394 | ---- | M] () -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\searchplugins\askcom.xml
[2011.03.29 20:44:02 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\searchplugins\conduit.xml
[2011.08.17 12:06:40 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\searchplugins\icqplugin-1.xml
[2011.03.05 11:54:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\searchplugins\icqplugin-2.xml
[2011.03.24 17:45:20 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\searchplugins\icqplugin-3.xml
[2011.02.26 17:17:01 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\searchplugins\icqplugin.xml
[2010.12.28 12:27:56 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\searchplugins\web-search.xml
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-823518204-1715567821-725345543-1004\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-823518204-1715567821-725345543-1004\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-823518204-1715567821-725345543-1004\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-823518204-1715567821-725345543-1004\..\Toolbar\WebBrowser: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [2064787.exe] C:\Documents and Settings\Tomas\Local Settings\Temp\2064787.exe ()
O4 - HKLM..\Run: [34185854-loader2.exe] C:\WINDOWS\TEMP\34185854-loader2.exe ()
O4 - HKLM..\Run: [8348927.exe] C:\WINDOWS\TEMP\8348927.exe ()
O4 - HKLM..\Run: [9238847.exe] C:\WINDOWS\TEMP\9238847.exe ()
O4 - HKLM..\Run: [Adobe ARM] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [l1rezerv.exe] C:\WINDOWS\l1rezerv.exe ()
O4 - HKLM..\Run: [MSC] File not found
O4 - HKLM..\Run: [nettrafficstat] File not found
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [sysdriver32.exe] C:\WINDOWS\sysdriver32.exe ()
O4 - HKLM..\Run: [sysdriver32_.exe] C:\WINDOWS\sysdriver32_.exe ()
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico0] C:\WINDOWS\update.tray-14-0\svchost.exe ()
O4 - HKLM..\Run: [tray_ico1] File not found
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O4 - HKLM..\Run: [wxpdrv] C:\WINDOWS\services32.exe ()
O4 - HKU\S-1-5-21-823518204-1715567821-725345543-1004..\Run: [TBPanel] File not found
O31 - SafeBoot: AlternateShell - services32.exe
SafeBootMin: wxpdrivers - C:\WINDOWS\update.1\svchost.exe ()
SafeBootNet: wxpdrivers - C:\WINDOWS\update.1\svchost.exe ()
[2011.08.19 15:23:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-2-0-lnk
[2011.08.19 15:23:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-2-0
[2011.08.19 14:34:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.7.1
[2011.08.19 12:05:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ufa
[2011.08.19 12:05:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\rpcminer
[2011.08.19 12:05:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\phoenix
[2011.08.19 11:41:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.5.0
[2011.08.19 11:40:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.2
[2011.08.19 11:37:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\av_ico
[2011.08.19 11:36:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.1
[2011.08.19 11:36:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-14-0-lnk
[2011.08.19 11:36:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-14-0
[2010.12.24 00:30:45 | 003,056,008 | ---- | C] (Ask) -- C:\Program Files\Common Files\AskToolbarInstaller.exe
[2011.08.20 19:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011.08.19 14:34:32 | 000,000,179 | ---- | M] () -- C:\WINDOWS\info1
[2011.08.19 12:05:37 | 000,246,272 | ---- | M] () -- C:\WINDOWS\unrar.exe
[2011.08.19 12:05:36 | 005,589,370 | ---- | M] () -- C:\WINDOWS\phoenix.rar
[2011.08.19 12:05:36 | 000,182,617 | ---- | M] () -- C:\WINDOWS\ufa.rar
[2011.08.19 12:05:30 | 001,075,284 | ---- | M] () -- C:\WINDOWS\rpcminer.rar
[2011.08.19 11:42:32 | 000,232,960 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe
[2011.08.19 11:40:26 | 000,904,792 | ---- | M] () -- C:\WINDOWS\geoiplist.rar
[2011.08.19 11:38:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\loader2.exe_ok
[2011.08.19 11:37:52 | 000,258,048 | ---- | M] () -- C:\WINDOWS\sysdriver32_.exe
[2011.08.19 11:37:52 | 000,258,048 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe
[2011.08.19 11:25:53 | 001,215,488 | ---- | M] () -- C:\WINDOWS\services32.exe
[2011.08.19 12:05:36 | 000,182,617 | ---- | C] () -- C:\WINDOWS\ufa.rar
[2011.08.19 12:05:34 | 005,589,370 | ---- | C] () -- C:\WINDOWS\phoenix.rar
[2011.08.19 12:05:30 | 001,075,284 | ---- | C] () -- C:\WINDOWS\rpcminer.rar
[2011.08.19 11:42:36 | 000,232,960 | ---- | C] () -- C:\WINDOWS\l1rezerv.exe
[2011.08.19 11:40:28 | 004,636,907 | ---- | C] () -- C:\WINDOWS\geoiplist
[2011.08.19 11:40:26 | 000,904,792 | ---- | C] () -- C:\WINDOWS\geoiplist.rar
[2011.08.19 11:40:26 | 000,246,272 | ---- | C] () -- C:\WINDOWS\unrar.exe
[2011.08.19 11:40:18 | 000,000,179 | ---- | C] () -- C:\WINDOWS\info1
[2011.08.19 11:38:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok
[2011.08.19 11:38:22 | 000,258,048 | ---- | C] () -- C:\WINDOWS\sysdriver32_.exe
[2011.08.19 11:38:07 | 000,258,048 | ---- | C] () -- C:\WINDOWS\sysdriver32.exe
[2011.08.19 11:26:27 | 001,215,488 | ---- | C] () -- C:\WINDOWS\services32.exe
[2011.05.12 20:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mamina\Application Data\facemoods.com
[2011.05.30 17:18:36 | 003,486,088 | ---- | M] (Ask) -- C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1A5FE8B
[2011.05.11 21:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ocino\Application Data\facemoods.com
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1A5FE8B

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Tomas\My Documents\Preberanie\Flash-Player.exe" =-
"C:\WINDOWS\update.1\svchost.exe" =-
"C:\WINDOWS\services32.exe" =-
"C:\WINDOWS\update.tray-14-0\svchost.exe" =-
"C:\WINDOWS\update.2\svchost.exe" =-

BuXo · #10 Příspěvek od **BuXo** » 21 srp 2011 09:23

Pri spustení PC mi vyhodilo tento log:

Files\Folders moved on Reboot...
C:\Documents and Settings\Mato\Local Settings\Temporary Internet Files\Content.IE5\HWV27ZA7\master[1].xml moved successfully.

Registry entries deleted on Reboot...

#11 Příspěvek od **Caroprd111** » 21 srp 2011 11:19

Zkuste to znovu v nouzovém režimu.

BuXo · #12 Příspěvek od **BuXo** » 21 srp 2011 11:38

ako sa dostanem do núdzového režimu?

#13 Příspěvek od **Caroprd111** » 21 srp 2011 12:02

Po restartu mačkejte F8 a vyberte Nouzový režim s prací v síti.

BuXo · #14 Příspěvek od **BuXo** » 21 srp 2011 17:29

Spustil som OTL.exe zadal log zvolil opravit, restartoval PC stlacal som F8 vybral nudzovy rezim s pracou v sieti a PC sa po prechode do nudzoveho rezimu sam restartoval a po opatovnom spusteni mi vyhodilo toto:
Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#15 Příspěvek od **Caroprd111** » 21 srp 2011 18:39

Poprosím vás o nový log z RSIT.

VIRY.CZ

Facebook virus

Facebook virus

Re: Facebook virus

Re: Facebook virus

Re: Facebook virus

Re: Facebook virus

Re: Facebook virus

Re: Facebook virus

Re: Facebook virus

Re: Facebook virus

Re: Facebook virus

Re: Facebook virus

Re: Facebook virus

Re: Facebook virus

Re: Facebook virus

Re: Facebook virus