Viiiiir z FB kvoli adobe fotosopu ktory bol nepravii pls pom

Zpráva

#46 Příspěvek od **motji** » 24 srp 2011 08:39

Tak to je zavirované

, a nechce se potvora nechat otestovat

.Vydržte hodinku, pošlu Vám náhradní soubor na výměnu.

#47 Příspěvek od **motji** » 24 srp 2011 09:26

Z přílohy stahněte soubor v raru a rozbalte tak, aby cesta k souboru byla
c:\atapi.sys

Stáhněte Avenger
http://swandog46.geekstogo.com/avenger.exe

-spustíte program a potvrdíte kliknutím na ok,tím potvrzujete, že všechny činnosti s tím spojené činíte na vlastní riziko.
-Po odkliknutí se objeví hlavní okno programu,do bílého okna něj zkopírujte tento skript:

Kód: Vybrat vše

Begin copying here:
Files to move:
c:\atapi.sys | c:\windows\system32\drivers\atapi.sys

-zaškrtněte políčko scan for rootkits

a klikněte na tlačítko Execute.
-Potom se objeví okno,kde kliknutím Yes potvrdíte spuštění skriptu. Pak znovu tlačítkem yes potvrdíte restart počítače.
-Po restartu by se měl otevřít poznámkový blok s logem o vykonání skriptu, bude také uložený v C:\avenger.txt.
-Log vložte sem

-----

filipacko · #48 Příspěvek od **filipacko** » 24 srp 2011 12:07

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "c:\atapi.sys|c:\windows\system32\drivers\atapi.sys" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

#49 Příspěvek od **motji** » 24 srp 2011 12:50

Poprosím o nový combofix.

filipacko · #50 Příspěvek od **filipacko** » 24 srp 2011 13:11

ComboFix 11-08-21.01 - Filip 24.08.2011 14:02:37.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1447 [GMT 2:00]
Spuštěný z: c:\documents and settings\Filip\Plocha\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-24 do 2011-08-24 )))))))))))))))))))))))))))))))
.
.
2011-08-22 19:51 . 2011-08-22 19:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Martau
2011-08-22 19:51 . 2011-08-22 19:51 -------- d-----w- c:\program files\Total Uninstall 5
2011-08-21 20:14 . 2011-08-21 20:14 -------- d-----w- c:\documents and settings\Filip\Data aplikací\Malwarebytes
2011-08-21 20:14 . 2011-08-21 20:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-08-21 20:14 . 2010-11-29 15:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-21 20:14 . 2011-08-21 20:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-21 20:14 . 2010-11-29 15:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-21 16:34 . 2011-08-24 10:10 -------- d-----w- c:\program files\Valve
2011-08-21 11:39 . 2011-08-21 11:39 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-21 11:05 . 2011-08-21 11:33 -------- d-----w- c:\documents and settings\Filip\Data aplikací\Sammsoft
2011-08-20 18:14 . 2011-08-20 18:14 -------- d-----w- C:\rsit
2011-08-20 18:14 . 2011-08-20 18:14 -------- d-----w- c:\program files\trend micro
2011-08-20 18:11 . 2011-08-20 18:11 -------- d-----w- c:\windows\ufa
2011-08-20 18:10 . 2011-08-21 20:07 246272 ----a-w- c:\windows\unrar.exe
2011-08-20 18:07 . 2011-08-20 18:07 -------- d--h--w- c:\windows\update.7.1
2011-08-20 18:05 . 2011-08-20 18:05 -------- d-----w- c:\windows\av_ico
2011-08-20 17:43 . 2011-08-21 20:32 -------- d--h--w- c:\windows\update.tray-8-0
2011-08-20 17:43 . 2011-08-20 17:43 -------- d--h--w- c:\windows\update.tray-8-0-lnk
2011-08-20 11:46 . 2011-08-24 11:29 139488 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-08-20 11:46 . 2011-08-24 11:29 270776 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-08-20 11:46 . 2011-08-24 11:22 270776 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-08-20 11:46 . 2011-08-20 11:57 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-08-12 08:20 . 2011-08-12 08:20 -------- d-----w- c:\documents and settings\Filip\Local Settings\Data aplikací\PCHealth
2011-08-11 17:18 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 17:17 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-24 11:29 . 2010-01-29 20:39 270776 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-07-15 13:29 . 2004-08-04 06:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2001-08-18 04:55 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-29 10:14 . 2009-09-25 11:21 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-29 10:14 . 2009-09-25 11:21 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-24 14:10 . 2004-08-17 22:49 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:18 . 2004-08-17 22:49 668160 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:18 . 2004-08-04 05:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-06-21 18:18 . 2004-08-17 22:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:16 . 2004-08-17 22:44 370176 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-17 22:49 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-06 11:35 . 2004-08-17 22:44 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-30 14:18 . 2010-09-25 14:26 2474 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2011-05-11 20:20 . 2011-05-11 20:20 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 18:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((( SnapShot@2011-08-21_20.00.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-23 14:00 . 2011-08-23 14:00 16384 c:\windows\temp\Perflib_Perfdata_73c.dat
+ 2011-08-23 14:00 . 2011-08-23 14:00 16384 c:\windows\temp\Perflib_Perfdata_71c.dat
+ 2009-09-24 19:45 . 2011-08-22 14:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-24 19:45 . 2011-08-21 20:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-24 19:45 . 2011-08-22 14:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-09-24 19:45 . 2011-08-21 20:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-08-21 14:06 . 2011-08-22 14:45 326656 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\AskToolbar\cache.dat
- 2011-08-21 14:06 . 2011-08-21 20:02 326656 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\AskToolbar\cache.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-06-25 10:30 1491928 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-06-25 1491928]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-07-29 17361032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-04-07 318488]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 176128]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [BU]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"SPC230NC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]
"SPC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]
"Copperhead"="c:\program files\CopperheadAntiSpyware\CopperScheduler.exe" [2007-10-02 1596345]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [BU]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"tray_ico"="" [BU]
"tray_ico1"="" [BU]
"tray_ico2"="" [BU]
"tray_ico3"="" [BU]
"tray_ico4"="" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-15 384512]
.
c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-15 384512]
.
c:\documents and settings\Filip\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-15 384512]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
TrayMin230.lnk - c:\program files\Philips\Philips SPC230NC Webcam\TrayMin230.exe [2009-10-13 241664]
Wireless Utility.lnk - c:\program files\EDIMAX\Common\RaUI.exe [2011-2-22 1601536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Philips\\Intelligent Agent\\Philips Intelligent Agent.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\Fiuypek\\Warcraft III\\Warcraft III.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\CAPCOM\\DARK VOID\\Launcher.exe"=
"c:\\Program Files\\CAPCOM\\DARK VOID\\nativePC\\Binaries\\ShippingPC-SkyGame.exe"=
"c:\\Program Files\\EA Sports\\FIFA 10\\FIFA10.exe"=
"c:\\Program Files\\CAPCOM\\Dead Rising 2\\deadrising2.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Filip\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [27.8.2010 16:22 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [27.8.2010 16:22 5248]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [4.1.2011 20:33 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [4.1.2011 20:33 5248]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [24.9.2009 21:41 576024]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [7.12.2010 12:32 2228008]
R3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [13.10.2009 16:43 8576]
R3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\drivers\SPC230NC.SYS [13.10.2009 16:43 461056]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S2 AntiVirWebService;Avira AntiVir WebGuard;"c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE" --> c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [?]
S2 ddservice;ddservice;c:\windows\update.7.1\svchostdriver.exe srv --> c:\windows\update.7.1\svchostdriver.exe srv [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6.5.2010 12:02 135664]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [10.11.2009 18:19 36608]
S3 GarenaPEngine;GarenaPEngine; [x]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6.5.2010 12:02 135664]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [10.11.2009 15:36 136704]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - PNKBSTRB
*NewlyCreated* - PNKBSTRK
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 10:02]
.
2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 10:02]
.
2011-08-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-06-25 10:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.sk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=CS_CZ&c=74&bd=smb&pf=desktop
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 213.215.94.33 8.8.8.8
FF - ProfilePath - c:\documents and settings\Filip\Data aplikací\Mozilla\Firefox\Profiles\1x93r0uw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://gb.toolbarhome.com/search.aspx?srch=ku&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-24 14:07
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(824)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
- - - - - - - > 'explorer.exe'(2972)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\windows\system32\nvwddi.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-08-24 14:09:00
ComboFix-quarantined-files.txt 2011-08-24 12:08
ComboFix2.txt 2011-08-23 09:15
ComboFix3.txt 2011-08-21 20:45
ComboFix4.txt 2011-08-21 20:03
ComboFix5.txt 2011-08-24 12:01
.
Před spuštěním: Volných bajtů: 147.959.554.048
Po spuštění: Volných bajtů: 147.947.241.472
.
- - End Of File - - 75DBB442BBF2112E9C94B6BD6652CA6B

#51 Příspěvek od **motji** » 24 srp 2011 14:24

Je to pořád stejné, zkusíme znovu.

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

KillAll::

Mia::
c:\windows\system32\drivers\atapi.sys

File::
c:\windows\unrar.exe
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
 c:\program files\Ask.com\UpdateTask.exe

Folder::
c:\windows\ufa
c:\windows\update.7.1
 c:\windows\av_ico
c:\windows\update.tray-8-0
c:\windows\update.tray-8-0-lnk
c:\program files\Ask.com

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

filipacko · #52 Příspěvek od **filipacko** » 24 srp 2011 15:30

ComboFix 11-08-21.01 - Filip 24.08.2011 16:03:40.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1457 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\Filip\Plocha\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\Filip\Plocha\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\program files\Ask.com\UpdateTask.exe"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
"c:\windows\unrar.exe"

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))

c:\program files\Ask.com
c:\program files\Ask.com\cb_80f.ico
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_80e.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\av_ico
c:\windows\av_ico\ico_avira_start.ico
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
c:\windows\update.7.1
c:\windows\update.7.1\svchostdriver.exe
c:\windows\update.tray-8-0-lnk
c:\windows\update.tray-8-0-lnk\svchost.exe
c:\windows\update.tray-8-0

((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ddservice
-------\Legacy_ddservice
-------\Service_ddservice
-------\Service_ddservice

((((((((((((((((((((((((( Soubory vytvořené od 2011-07-24 do 2011-08-24 )))))))))))))))))))))))))))))))

2011-08-24 14:10:00 . 2011-08-24 14:10:00 9310 ----a-w- C:\Documents and Settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-08-24 14:10:00 . 2011-08-24 14:10:00 8646 ----a-w- C:\Documents and Settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-08-24 14:10:00 . 2011-08-24 14:10:00 8613 ----a-w- C:\Documents and Settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-08-24 14:10:00 . 2011-08-24 14:10:00 8288 ----a-w- C:\Documents and Settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-08-24 14:10:00 . 2011-08-24 14:10:00 6910 ----a-w- C:\Documents and Settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-08-22 19:51:04 . 2011-08-22 19:51:04 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\Martau
2011-08-22 19:51:01 . 2011-08-22 19:51:02 -------- d-----w- C:\Program Files\Total Uninstall 5
2011-08-21 20:14:47 . 2011-08-21 20:14:47 -------- d-----w- C:\Documents and Settings\Filip\Data aplikací\Malwarebytes
2011-08-21 20:14:40 . 2011-08-21 20:14:40 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-08-21 20:14:40 . 2010-11-29 15:42:18 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-08-21 20:14:37 . 2011-08-21 20:14:41 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-08-21 20:14:37 . 2010-11-29 15:42:06 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2011-08-21 16:34:47 . 2011-08-24 10:10:37 -------- d-----w- C:\Program Files\Valve
2011-08-21 11:39:49 . 2011-08-21 11:39:49 -------- d-----w- C:\WINDOWS\system32\wbem\Repository
2011-08-21 11:05:41 . 2011-08-21 11:33:53 -------- d-----w- C:\Documents and Settings\Filip\Data aplikací\Sammsoft
2011-08-20 18:14:13 . 2011-08-20 18:14:23 -------- d-----w- C:\rsit
2011-08-20 18:14:13 . 2011-08-20 18:14:22 -------- d-----w- C:\Program Files\trend micro
2011-08-20 11:46:36 . 2011-08-24 13:22:09 139488 ----a-w- C:\WINDOWS\system32\drivers\PnkBstrK.sys
2011-08-20 11:46:27 . 2011-08-24 13:59:08 270776 ----a-w- C:\WINDOWS\system32\PnkBstrB.exe
2011-08-20 11:46:27 . 2011-08-24 13:21:46 270776 ----a-w- C:\WINDOWS\system32\PnkBstrB.ex0
2011-08-20 11:46:21 . 2011-08-20 11:57:17 75136 ----a-w- C:\WINDOWS\system32\PnkBstrA.exe
2011-08-12 08:20:32 . 2011-08-12 08:20:32 -------- d-----w- C:\Documents and Settings\Filip\Local Settings\Data aplikací\PCHealth
2011-08-11 17:18:49 . 2011-06-24 14:10:39 139656 ------w- C:\WINDOWS\system32\dllcache\rdpwd.sys
2011-08-11 17:17:37 . 2011-07-08 14:02:00 10496 ------w- C:\WINDOWS\system32\dllcache\ndistapi.sys
.

(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-08-24 13:59:08 . 2010-01-29 20:39:06 270776 ----a-w- C:\WINDOWS\system32\PnkBstrB.xtr
2011-07-15 13:29:31 . 2004-08-04 06:15:18 456320 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 . 2001-08-18 04:55:30 10496 ----a-w- C:\WINDOWS\system32\drivers\ndistapi.sys
2011-06-29 10:14:50 . 2009-09-25 11:21:51 66616 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys
2011-06-29 10:14:50 . 2009-09-25 11:21:51 138192 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys
2011-06-24 14:10:39 . 2004-08-17 22:49:38 139656 ----a-w- C:\WINDOWS\system32\drivers\rdpwd.sys
2011-06-21 18:18:03 . 2004-08-17 22:49:22 668160 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-06-21 18:18:03 . 2004-08-04 05:59:30 61952 ----a-w- C:\WINDOWS\system32\tdc.ocx
2011-06-21 18:18:02 . 2004-08-17 22:49:10 81920 ----a-w- C:\WINDOWS\system32\ieencode.dll
2011-06-21 18:16:29 . 2004-08-17 22:44:08 370176 ----a-w- C:\WINDOWS\system32\html.iec
2011-06-20 17:44:52 . 2004-08-17 22:49:22 293376 ----a-w- C:\WINDOWS\system32\winsrv.dll
2011-06-06 11:35:21 . 2004-08-17 22:44:44 1858944 ----a-w- C:\WINDOWS\system32\win32k.sys
2011-05-30 14:18:39 . 2010-09-25 14:26:50 2474 ----a-w- C:\WINDOWS\system32\ealregsnapshot1.reg
2011-05-11 20:20:17 . 2011-05-11 20:20:17 142296 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[-] 2008-04-13 18:40:30 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . C:\WINDOWS\system32\drivers\atapi.sys
[7] 2004-08-04 05:59:44 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[7] 2004-08-03 20:59:44 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[7] 2004-08-03 20:59:44 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys

((((((((((((((((((((((((((((( SnapShot@2011-08-21_20.00.33 )))))))))))))))))))))))))))))))))))))))))

+ 2011-08-24 14:09:50 . 2011-08-24 14:09:50 16384 C:\WINDOWS\temp\Perflib_Perfdata_6fc.dat
+ 2011-08-24 14:09:44 . 2011-08-24 14:09:44 16384 C:\WINDOWS\temp\Perflib_Perfdata_6e8.dat
+ 2009-09-24 19:45:59 . 2011-08-22 14:45:03 32768 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-24 19:45:59 . 2011-08-21 20:01:51 32768 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-24 19:45:59 . 2011-08-22 14:45:03 32768 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-09-24 19:45:59 . 2011-08-21 20:01:51 32768 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-08-21 14:06:25 . 2011-08-22 14:45:05 326656 C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\AskToolbar\cache.dat
- 2011-08-21 14:06:25 . 2011-08-21 20:02:00 326656 C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\AskToolbar\cache.dat

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))

*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2011-07-29 10:31:22 17361032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2008-04-07 05:10:52 318488]
"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 19:01:08 525824]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 04:42:09 176128]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 21:12:54 49152]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [BU]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2009-03-27 22:03:00 13684736]
"nwiz"="nwiz.exe" [2009-03-27 22:03:00 1657376]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2009-03-27 22:03:00 86016]
"SPC230NC_Monitor"="C:\WINDOWS\Philips\SPC230NC\Monitor.exe" [2007-12-10 13:55:26 323584]
"SPC_Monitor"="C:\WINDOWS\Philips\SPC230NC\Monitor.exe" [2007-12-10 13:55:26 323584]
"Copperhead"="C:\Program Files\CopperheadAntiSpyware\CopperScheduler.exe" [2007-10-02 17:15:42 1596345]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 02:04:47 35760]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [BU]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 11:12:22 253672]
"tray_ico"="" [BU]
"tray_ico1"="" [BU]
"tray_ico2"="" [BU]
"tray_ico3"="" [BU]
"tray_ico4"="" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 03:22:17 15360]

C:\Documents and Settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [2009-5-15 384512]

C:\Documents and Settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [2009-5-15 384512]

C:\Documents and Settings\Filip\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [2009-5-15 384512]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
TrayMin230.lnk - C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe [2009-10-13 241664]
Wireless Utility.lnk - C:\Program Files\EDIMAX\Common\RaUI.exe [2011-2-22 1601536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Philips\\Intelligent Agent\\Philips Intelligent Agent.exe"=
"C:\\Documents and Settings\\Administrator\\Plocha\\Fiuypek\\Warcraft III\\Warcraft III.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\CAPCOM\\DARK VOID\\Launcher.exe"=
"C:\\Program Files\\CAPCOM\\DARK VOID\\nativePC\\Binaries\\ShippingPC-SkyGame.exe"=
"C:\\Program Files\\EA Sports\\FIFA 10\\FIFA10.exe"=
"C:\\Program Files\\CAPCOM\\Dead Rising 2\\deadrising2.exe"=
"C:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"C:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\Filip\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"C:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"C:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 a347bus;a347bus;C:\WINDOWS\system32\drivers\a347bus.sys [27.8.2010 16:22:01 160640]
R0 a347scsi;a347scsi;C:\WINDOWS\system32\drivers\a347scsi.sys [27.8.2010 16:22:01 5248]
R0 d347bus;d347bus;C:\WINDOWS\system32\drivers\d347bus.sys [4.1.2011 20:33:43 155136]
R0 d347prt;d347prt;C:\WINDOWS\system32\drivers\d347prt.sys [4.1.2011 20:33:43 5248]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [24.9.2009 21:41:18 576024]
R2 TeamViewer6;TeamViewer 6;C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe [7.12.2010 12:32:02 2228008]
R3 PAEAFLT.sys;USB Composite Device;C:\WINDOWS\system32\drivers\PAEAFLT.sys [13.10.2009 16:43:48 8576]
R3 SPC230NC;Philips SPC230NC Webcam;C:\WINDOWS\system32\drivers\SPC230NC.SYS [13.10.2009 16:43:48 461056]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"C:\Program Files\Avira\AntiVir Desktop\sched.exe" --> C:\Program Files\Avira\AntiVir Desktop\sched.exe [?]
S2 AntiVirWebService;Avira AntiVir WebGuard;"C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE" --> C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [?]
S2 gupdate;Služba Google Update (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [6.5.2010 12:02:22 135664]
S3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [10.11.2009 18:19:40 36608]
S3 GarenaPEngine;GarenaPEngine; [x]
S3 gupdatem;Služba Google Update (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [6.5.2010 12:02:22 135664]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [10.11.2009 15:36:18 136704]
S4 sptd;sptd;C:\WINDOWS\system32\Drivers\sptd.sys --> C:\WINDOWS\system32\Drivers\sptd.sys [?]

Obsah adresáře 'Naplánované úlohy'

2011-08-24 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-06 10:02:22 . 2010-05-06 10:02:15]

2011-08-24 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-06 10:02:22 . 2010-05-06 10:02:15]

------- Doplňkový sken -------

uStart Page = hxxp://www.google.sk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=CS_CZ&c=74&bd=smb&pf=desktop
LSP: C:\Program Files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - C:\Documents and Settings\Filip\Data aplikací\Mozilla\Firefox\Profiles\1x93r0uw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://gb.toolbarhome.com/search.aspx?srch=ku&q=

#53 Příspěvek od **motji** » 24 srp 2011 20:13

Log není celý, a něco tam to atapi pořád vrací.

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

/md5start
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
hal.dll
logevent.dll
netlogon.dll
ntelogon.dll
scecli.dll
sceclt.dll
ws2_32.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
cdrom.sys
Changer.sys
fastfat.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
mv61xx.sys
ndis.sys
ntfs.sys
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
symmpi.sys
tcpip.sys
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
/md5stop

C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe


HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

filipacko · #54 Příspěvek od **filipacko** » 24 srp 2011 20:28

OTL logfile created on: 24.8.2011 21:17:41 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Filip\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,19% Memory free
3,85 Gb Paging File | 2,79 Gb Available in Paging File | 72,56% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 137,80 Gb Free Space | 59,17% Space Free | Partition Type: NTFS
Drive D: | 6,94 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: HP13851929284 | User Name: Filip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.08.24 21:16:22 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Filip\Plocha\OTL.exe
PRC - [2011.05.11 22:20:17 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2009.05.21 00:28:12 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009.05.20 23:28:12 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008.08.31 21:18:24 | 001,601,536 | ---- | M] (Edimax Technology Co.) -- C:\Program Files\EDIMAX\Common\RaUI.exe
PRC - [2008.07.09 04:33:38 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\EDIMAX\Common\RalinkRegistryWriter.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.04.07 07:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007.12.14 16:58:30 | 000,241,664 | ---- | M] () -- C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe
PRC - [2007.12.10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\Philips\SPC230NC\Monitor.exe
PRC - [2007.10.02 19:15:42 | 001,596,345 | ---- | M] () -- C:\Program Files\CopperheadAntiSpyware\CopperScheduler.exe
PRC - [2005.03.08 06:42:09 | 000,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
PRC - [2004.09.29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2002.12.17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe

========== Modules (No Company Name) ==========

MOD - [2011.07.31 19:54:48 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Filip\Data aplikací\Mozilla\Firefox\Profiles\1x93r0uw.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko6.dll
MOD - [2011.07.31 19:54:48 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\Filip\Data aplikací\Mozilla\Firefox\Profiles\1x93r0uw.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko5.dll
MOD - [2011.05.11 22:20:18 | 001,874,904 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.04.30 00:25:36 | 006,053,536 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011.03.13 16:30:30 | 000,097,280 | ---- | M] () -- C:\Documents and Settings\Filip\Data aplikací\Mozilla\Firefox\Profiles\1x93r0uw.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009.05.15 00:28:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.03.28 00:03:00 | 001,503,232 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2009.03.28 00:03:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2008.07.09 04:33:40 | 001,163,264 | ---- | M] () -- C:\Program Files\EDIMAX\Common\acAuth.dll
MOD - [2008.04.14 05:21:47 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.12.14 16:58:30 | 000,241,664 | ---- | M] () -- C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe
MOD - [2007.10.02 19:15:42 | 001,596,345 | ---- | M] () -- C:\Program Files\CopperheadAntiSpyware\CopperScheduler.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AntiVirWebService)
SRV - File not found [Auto | Stopped] -- -- (AntiVirSchedulerService)
SRV - File not found [Auto | Stopped] -- -- (AntiVirService)
SRV - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2009.09.17 11:33:26 | 000,651,776 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.07.09 04:33:38 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\EDIMAX\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2008.04.07 07:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2006.05.10 11:59:04 | 000,353,912 | ---- | M] (Protection Technology (StarForce)) [Auto | Stopped] -- C:\WINDOWS\System32\sfrem01.exe -- (sfrem01) SF FrontLine Drivers Auto Removal (v1)
SRV - [2004.09.29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002.12.17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002.12.17 18:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)

========== Driver Services (SafeList) ==========

DRV - [2011.08.24 20:01:42 | 000,139,488 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2011.06.29 12:14:50 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.29 12:14:50 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 16:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.03.19 15:48:18 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.02.09 09:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.02.09 09:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.02.09 09:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.02.09 09:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.08.26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.30 01:44:44 | 000,619,136 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008.04.13 20:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.13 20:40:30 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2008.01.04 00:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007.12.31 16:19:50 | 000,461,056 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SPC230NC.SYS -- (SPC230NC)
DRV - [2007.11.06 19:23:56 | 004,622,848 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.09.26 14:28:46 | 000,008,576 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PAEAFLT.sys -- (PAEAFLT.sys)
DRV - [2006.05.10 10:39:38 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006.05.10 10:20:28 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2004.08.22 17:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004.08.22 17:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2004.08.04 02:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004.08.04 02:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004.08.04 02:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004.08.04 02:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004.08.04 02:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004.08.04 02:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004.08.04 02:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004.08.04 02:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004.08.04 02:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004.08.04 02:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004.08.04 02:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004.08.04 02:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004.08.04 02:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004.08.04 02:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004.08.04 02:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2004.04.30 09:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus)
DRV - [2004.04.30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi)
DRV - [2002.04.04 07:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2001.08.18 06:54:20 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001.08.18 06:54:20 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2055626716-2980621588-1523458238-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
IE - HKU\S-1-5-21-2055626716-2980621588-1523458238-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng7 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.as ... earchTerms}"
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.sk/"
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: gb@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e3c9ad14-8c72-0003-1621-2667885393bd}:4.6.7.7
FF - prefs.js..keyword.URL: "http://gb.toolbarhome.com/search.aspx?srch=ku&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Filip\Data aplikací\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Filip\Data aplikací\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Filip\Local Settings\Data aplikací\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Filip\Local Settings\Data aplikací\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2009.11.10 15:36:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.11 22:20:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.13 19:45:10 | 000,000,000 | ---D | M]

[2009.12.14 09:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Filip\Data aplikací\Mozilla\Extensions
[2011.08.02 16:47:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Filip\Data aplikací\Mozilla\Firefox\Profiles\1x93r0uw.default\extensions
[2010.07.25 18:03:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Filip\Data aplikací\Mozilla\Firefox\Profiles\1x93r0uw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.02 16:47:17 | 000,000,000 | ---D | M] (Softonic-Eng7 Community Toolbar) -- C:\Documents and Settings\Filip\Data aplikací\Mozilla\Firefox\Profiles\1x93r0uw.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2011.05.12 22:05:48 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Filip\Data aplikací\Mozilla\Firefox\Profiles\1x93r0uw.default\extensions\engine@conduit.com
[2010.09.19 18:58:12 | 000,000,000 | ---D | M] (GameBox) -- C:\Documents and Settings\Filip\Data aplikací\Mozilla\Firefox\Profiles\1x93r0uw.default\extensions\gb@toolbar
[2010.11.07 18:21:55 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\Filip\Data aplikací\Mozilla\Firefox\Profiles\1x93r0uw.default\extensions\vshare@toolbar
[2010.06.08 11:28:50 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\Filip\Data aplikací\Mozilla\Firefox\Profiles\1x93r0uw.default\searchplugins\conduit.xml
[2011.01.04 22:48:22 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Filip\Data aplikací\Mozilla\Firefox\Profiles\1x93r0uw.default\searchplugins\daemon-search.xml
[2010.09.19 18:58:17 | 000,001,571 | ---- | M] () -- C:\Documents and Settings\Filip\Data aplikací\Mozilla\Firefox\Profiles\1x93r0uw.default\searchplugins\web-search.xml
[2011.08.20 20:08:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.08.20 20:08:19 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.09.03 14:50:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.04.28 16:22:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.05.02 21:13:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011.05.03 22:54:02 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{e3c9ad14-8c72-0003-1621-2667885393bd}
File not found (No name found) --
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\FILIP\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\1X93R0UW.DEFAULT\EXTENSIONS\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\FILIP\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\1X93R0UW.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\FILIP\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\1X93R0UW.DEFAULT\EXTENSIONS\VSHARE@TOOLBAR
[2011.05.02 21:13:11 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.05.11 22:20:17 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.02 21:13:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.11 22:20:19 | 000,001,583 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\atlas-sk.xml
[2011.05.11 22:20:19 | 000,001,380 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\azet-sk.xml
[2011.05.11 22:20:19 | 000,001,479 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\dunaj-sk.xml
[2011.05.11 22:20:19 | 000,001,473 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slovnik-sk.xml
[2011.05.11 22:20:19 | 000,001,104 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sk.xml
[2011.05.11 22:20:19 | 000,000,830 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\zoznam-sk.xml

O1 HOSTS File: ([2011.08.24 16:10:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-2055626716-2980621588-1523458238-1005\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] File not found
O4 - HKLM..\Run: [Copperhead] C:\Program Files\CopperheadAntiSpyware\CopperScheduler.exe ()
O4 - HKLM..\Run: [DAEMON Tools-1033] File not found
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SPC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [SPC230NC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico1] File not found
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O4 - Startup: C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\TrayMin230.lnk = C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Wireless Utility.lnk = C:\Program Files\EDIMAX\Common\RaUI.exe (Edimax Technology Co.)
O4 - Startup: C:\Documents and Settings\Filip\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2055626716-2980621588-1523458238-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2055626716-2980621588-1523458238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2055626716-2980621588-1523458238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2055626716-2980621588-1523458238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.215.94.33 8.8.8.8
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Filip\Local Settings\Data aplikací\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Filip\Local Settings\Data aplikací\Microsoft\Wallpaper2.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.16 02:53:55 | 000,000,142 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011.08.24 21:16:22 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Filip\Plocha\OTL.exe
[2011.08.24 16:14:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011.08.24 16:08:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011.08.24 16:02:24 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.08.22 23:09:54 | 000,000,000 | ---D | C] -- C:\Avenger
[2011.08.22 22:07:51 | 000,607,288 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\Filip\Plocha\SPTDinst-v178-x86(1).exe
[2011.08.22 21:51:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Martau
[2011.08.22 21:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\Total Uninstall 5
[2011.08.22 11:54:10 | 001,405,744 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Filip\Plocha\tdsskiller.exe
[2011.08.21 22:14:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Filip\Data aplikací\Malwarebytes
[2011.08.21 22:14:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.08.21 22:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2011.08.21 22:14:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.08.21 22:14:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.21 18:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\Valve
[2011.08.21 13:38:09 | 000,000,000 | ---D | C] -- C:\ComboFix(2)
[2011.08.21 13:19:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.08.21 13:16:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.08.21 13:16:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.08.21 13:16:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.08.21 13:16:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.08.21 13:15:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.08.21 13:11:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.08.21 13:10:18 | 004,179,400 | R--- | C] (Swearware) -- C:\Documents and Settings\Filip\Plocha\ComboFix.exe
[2011.08.21 13:05:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Filip\Data aplikací\Sammsoft
[2011.08.20 20:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.08.20 20:14:13 | 000,000,000 | ---D | C] -- C:\rsit
[2011.08.20 20:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Data aplikací\WinRAR
[2011.08.20 20:07:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Skype
[2011.08.12 10:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Filip\Local Settings\Data aplikací\PCHealth
[2011.08.11 19:18:49 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011.08.11 19:17:37 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011.08.04 11:23:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Filip\Plocha\zdjecia
[2011.01.04 20:33:43 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2011.01.04 20:33:43 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2010.08.27 16:22:01 | 000,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2010.08.27 16:22:01 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

filipacko · #55 Příspěvek od **filipacko** » 24 srp 2011 20:28

[2011.08.24 21:19:42 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.08.24 21:16:22 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Filip\Plocha\OTL.exe
[2011.08.24 20:42:01 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.24 20:01:42 | 000,139,488 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011.08.24 20:01:35 | 000,270,776 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2011.08.24 20:00:49 | 000,270,776 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2011.08.24 16:20:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.08.24 16:20:09 | 000,215,715 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011.08.24 16:20:08 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.24 16:20:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.08.24 16:20:03 | 2146,684,928 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.24 16:10:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.08.22 23:07:08 | 000,731,136 | ---- | M] () -- C:\Documents and Settings\Filip\Plocha\avenger.exe
[2011.08.22 22:07:52 | 000,607,288 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\Filip\Plocha\SPTDinst-v178-x86(1).exe
[2011.08.22 22:04:16 | 000,000,124 | ---- | M] () -- C:\Documents and Settings\Filip\Dokumenty\ax_files.xml
[2011.08.22 21:51:02 | 000,000,709 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Total Uninstall 5.lnk
[2011.08.22 11:54:13 | 001,405,744 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Filip\Plocha\tdsskiller.exe
[2011.08.21 22:14:40 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.08.21 13:19:31 | 000,000,331 | RHS- | M] () -- C:\boot.ini
[2011.08.21 13:10:48 | 004,179,400 | R--- | M] (Swearware) -- C:\Documents and Settings\Filip\Plocha\ComboFix.exe
[2011.08.21 12:58:50 | 000,569,856 | ---- | M] () -- C:\Documents and Settings\Filip\Plocha\RogueKiller.exe
[2011.08.20 20:03:39 | 000,000,215 | ---- | M] () -- C:\Boot.bak
[2011.08.20 19:18:13 | 001,182,208 | ---- | M] () -- C:\Documents and Settings\Filip\Plocha\Flash-Player.exe
[2011.08.20 18:31:47 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Filip\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.19 22:26:17 | 000,058,788 | ---- | M] () -- C:\Documents and Settings\Filip\Plocha\opp_cp.pdf
[2011.08.19 17:13:37 | 000,688,851 | ---- | M] () -- C:\Documents and Settings\Filip\Plocha\podpisy.jpg
[2011.08.18 19:19:25 | 000,558,255 | ---- | M] () -- C:\Documents and Settings\Filip\Plocha\op2 034.jpg
[2011.08.18 19:18:02 | 000,570,075 | ---- | M] () -- C:\Documents and Settings\Filip\Plocha\op2 033.jpg
[2011.08.17 21:19:03 | 002,988,872 | ---- | M] () -- C:\Documents and Settings\Filip\Plocha\Aurina-01-opis drogi dojazdowej(1).pdf
[2011.08.17 21:19:01 | 000,116,233 | ---- | M] () -- C:\Documents and Settings\Filip\Plocha\Pan Juliusz Eckhard-Potwierdzeni rezerwacji i wplaty zaliczki -Aurina-01(1).pdf
[2011.08.17 21:18:59 | 000,103,230 | ---- | M] () -- C:\Documents and Settings\Filip\Plocha\Valle Aurina - WYBRANE INFORMACJE TURYSTYCZNE (lato)(1).pdf
[2011.08.12 09:48:14 | 000,511,424 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.08.12 09:48:14 | 000,505,618 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2011.08.12 09:48:14 | 000,116,646 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2011.08.12 09:48:14 | 000,100,212 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.08.12 09:45:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.08.07 12:28:08 | 000,230,432 | ---- | M] () -- C:\SPC230NC.DAT
[2011.08.05 09:38:00 | 003,847,346 | ---- | M] () -- C:\Documents and Settings\Filip\Plocha\Czarna Madonno-goralskie wykonanie.mp3
[2011.08.04 11:04:45 | 002,482,806 | ---- | M] () -- C:\Documents and Settings\Filip\Plocha\Jeden dzien w gorach.mp3
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.08.24 21:19:42 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.08.23 21:03:10 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Filip\Plocha\gmer.exe
[2011.08.22 23:06:59 | 000,731,136 | ---- | C] () -- C:\Documents and Settings\Filip\Plocha\avenger.exe
[2011.08.22 22:04:16 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\Filip\Dokumenty\ax_files.xml
[2011.08.22 21:51:02 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Total Uninstall 5.lnk
[2011.08.22 21:51:02 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Total Uninstall 5.lnk
[2011.08.22 21:39:41 | 2146,684,928 | -HS- | C] () -- C:\hiberfil.sys
[2011.08.21 22:14:40 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.08.21 13:19:31 | 000,000,215 | ---- | C] () -- C:\Boot.bak
[2011.08.21 13:19:27 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2011.08.21 13:16:02 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.08.21 13:16:02 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.08.21 13:16:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.08.21 13:16:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.08.21 13:16:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.08.21 12:58:44 | 000,569,856 | ---- | C] () -- C:\Documents and Settings\Filip\Plocha\RogueKiller.exe
[2011.08.20 19:18:06 | 001,182,208 | ---- | C] () -- C:\Documents and Settings\Filip\Plocha\Flash-Player.exe
[2011.08.20 13:46:36 | 000,139,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011.08.20 13:46:27 | 000,270,776 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011.08.20 13:46:27 | 000,270,776 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2011.08.20 13:46:21 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011.08.19 22:26:16 | 000,058,788 | ---- | C] () -- C:\Documents and Settings\Filip\Plocha\opp_cp.pdf
[2011.08.19 15:12:00 | 000,688,851 | ---- | C] () -- C:\Documents and Settings\Filip\Plocha\podpisy.jpg
[2011.08.18 17:18:46 | 000,558,255 | ---- | C] () -- C:\Documents and Settings\Filip\Plocha\op2 034.jpg
[2011.08.18 17:17:21 | 000,570,075 | ---- | C] () -- C:\Documents and Settings\Filip\Plocha\op2 033.jpg
[2011.08.17 21:19:00 | 000,116,233 | ---- | C] () -- C:\Documents and Settings\Filip\Plocha\Pan Juliusz Eckhard-Potwierdzeni rezerwacji i wplaty zaliczki -Aurina-01(1).pdf
[2011.08.17 21:18:58 | 002,988,872 | ---- | C] () -- C:\Documents and Settings\Filip\Plocha\Aurina-01-opis drogi dojazdowej(1).pdf
[2011.08.17 21:18:56 | 000,103,230 | ---- | C] () -- C:\Documents and Settings\Filip\Plocha\Valle Aurina - WYBRANE INFORMACJE TURYSTYCZNE (lato)(1).pdf
[2011.08.05 09:37:48 | 003,847,346 | ---- | C] () -- C:\Documents and Settings\Filip\Plocha\Czarna Madonno-goralskie wykonanie.mp3
[2011.08.04 11:04:35 | 002,482,806 | ---- | C] () -- C:\Documents and Settings\Filip\Plocha\Jeden dzien w gorach.mp3
[2011.06.14 20:39:43 | 000,001,146 | ---- | C] () -- C:\WINDOWS\aopr.ini
[2011.05.28 18:08:25 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011.02.26 14:49:30 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Filip\Data aplikací\$_hpcst$.hpc
[2011.02.22 18:42:08 | 000,014,640 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011.02.22 18:42:08 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt2870.bin
[2011.01.04 20:57:44 | 000,000,231 | ---- | C] () -- C:\Documents and Settings\Filip\Data aplikací\burnaware.ini
[2010.03.15 10:22:37 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010.01.29 22:28:14 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Filip\Data aplikací\PnkBstrK.sys
[2009.12.18 20:21:28 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Filip\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.13 19:46:41 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Filip\Local Settings\Data aplikací\fusioncache.dat
[2009.11.10 18:19:40 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009.11.10 18:19:40 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009.10.13 16:43:48 | 000,000,842 | ---- | C] () -- C:\WINDOWS\System32\SPC230NC.INI
[2009.09.25 13:04:08 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009.09.25 06:21:33 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009.09.25 06:21:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009.09.25 06:21:30 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009.09.25 06:21:29 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009.09.25 06:21:17 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2009.09.25 06:11:39 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.09.24 22:37:32 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.09.24 22:26:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.09.24 22:02:38 | 000,113,374 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2009.09.24 22:02:38 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2009.09.24 21:43:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.09.24 21:39:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009.03.28 00:03:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009.03.28 00:03:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009.03.28 00:03:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009.03.28 00:03:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009.03.28 00:03:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009.03.28 00:03:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009.03.28 00:03:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009.03.28 00:03:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006.05.16 18:01:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006.05.05 00:29:02 | 000,511,424 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006.05.05 00:29:02 | 000,505,618 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2006.05.05 00:29:02 | 000,116,646 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2006.05.05 00:29:02 | 000,100,212 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006.05.05 00:24:52 | 000,145,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006.05.05 00:17:14 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006.05.05 00:12:10 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005.08.12 23:57:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2004.08.04 07:59:44 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2001.10.24 20:29:46 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2001.10.24 20:29:46 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2001.08.18 06:30:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.08.18 06:30:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.08.18 06:15:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.07.22 07:36:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.07.22 07:36:06 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.07.06 15:30:00 | 000,003,165 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

========== LOP Check ==========

[2009.10.15 22:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Desktopicon
[2009.10.15 21:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\GetRightToGo
[2009.10.12 15:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Leadertech
[2009.11.10 16:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Nokia
[2009.09.24 23:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\OpenOffice.org
[2009.11.10 16:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\PC Suite
[2009.11.10 18:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Samsung
[2010.11.27 21:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ChairGun3
[2011.05.30 16:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Codemasters
[2011.01.04 22:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2011.08.20 20:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Easybits GO
[2010.11.07 18:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
[2011.04.19 20:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2010.03.10 11:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ipla
[2011.08.22 21:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Martau
[2011.04.19 20:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Nokia
[2009.11.10 15:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\OviInstallerCache
[2009.11.10 16:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2009.10.13 16:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Philips
[2010.09.25 22:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\pI3demoLicense
[2010.01.10 12:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.07.28 14:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TmForever
[2011.08.24 15:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\.minecraft
[2011.02.14 20:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\DAEMON Tools Lite
[2010.10.24 21:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\DVDVideoSoft
[2010.12.07 21:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\GHISLER
[2011.08.20 16:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\go
[2011.06.03 22:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\gtk-2.0
[2010.03.10 18:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\ipla
[2010.09.25 16:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\Leadertech
[2010.03.11 19:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\licenses
[2009.12.14 12:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\OpenOffice.org
[2011.07.15 22:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\OpenWith.org Cache
[2010.11.25 21:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\OpenWith.org Downloaded Setups
[2009.12.13 19:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\PC Suite
[2010.03.11 19:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\PCMM2009
[2011.02.26 14:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\PriceGong
[2011.08.21 13:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\Sammsoft
[2011.02.23 20:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\Sony
[2011.02.14 20:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\TeamViewer
[2011.06.13 20:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\TS3Client
[2011.08.22 17:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\uTorrent
[2010.08.21 20:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\VDownloader
[2010.08.21 20:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\Video DVD Maker FREE
[2011.04.28 11:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\wargaming.net
[2011.04.28 11:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\WinPump

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2011.07.29 12:31:22 | 017,361,032 | R--- | M] (Skype Technologies S.A.)

< >

< MD5 for: AGP440.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2006.03.02 09:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011.02.17 15:04:47 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2011.02.17 15:04:47 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2006.03.02 09:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011.02.17 15:04:47 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011.02.17 15:04:47 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.04 07:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2006.03.02 14:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\i386\AUTOCHK.EXE
[2006.03.02 14:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: CDROM.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\i386\sp2.cab:cdrom.sys
[2006.03.02 09:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2011.02.17 15:04:47 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2011.02.17 15:04:47 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.04 07:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.18 00:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: CSRSS.EXE >
[2004.08.18 00:49:24 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=490E6E57E54FAF5F23F658EA188405A1 -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe
[2008.04.14 05:22:17 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=628CE66E3FD35BFC7969DBAC245DC069 -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008.04.14 05:22:17 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=628CE66E3FD35BFC7969DBAC245DC069 -- C:\WINDOWS\system32\csrss.exe

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.18 00:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.18 00:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: FASTFAT.SYS >
[2004.08.04 08:14:18 | 000,143,360 | ---- | M] (Microsoft Corporation) MD5=3117F595E9615E04F05A54FC15A03B20 -- C:\WINDOWS\$NtServicePackUninstall$\fastfat.sys
[2008.04.13 21:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) MD5=38D332A6D56AF32635675F132548343E -- C:\WINDOWS\ServicePackFiles\i386\fastfat.sys
[2008.04.13 21:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) MD5=38D332A6D56AF32635675F132548343E -- C:\WINDOWS\system32\drivers\fastfat.sys

< MD5 for: HAL.DLL >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\i386\sp2.cab:hal.dll
[2006.03.02 09:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2011.02.17 15:04:47 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2011.02.17 15:04:47 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2004.11.16 03:37:04 | 000,134,272 | ---- | M] (Microsoft Corporation) MD5=417BD7E8FB59F811C134F63FD1992058 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll

< MD5 for: CHANGER.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\i386\sp2.cab:Changer.sys
[2006.03.02 09:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2011.02.17 15:04:47 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2011.02.17 15:04:47 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: ISAPNP.SYS >
[2011.02.17 15:04:47 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2011.02.17 15:04:47 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001.10.24 11:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2001.10.24 20:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.18 00:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.25 11:41:50 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=83F1B9DD1BC1F8D0A4A00F1B34DDE5EF -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
[2008.04.25 13:36:51 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=B5B1080D35974C0E718D64280761BCD5 -- C:\WINDOWS\$hf_mig$\KB952117-v2\SP3QFE\ndis.sys
[2008.04.25 13:36:51 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=B5B1080D35974C0E718D64280761BCD5 -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.25 13:36:51 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=B5B1080D35974C0E718D64280761BCD5 -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.25 13:36:51 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=B5B1080D35974C0E718D64280761BCD5 -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NTFS.SYS >
[2008.04.13 21:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ERDNT\cache\ntfs.sys
[2008.04.13 21:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008.04.13 21:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004.08.03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS
[2006.03.02 14:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\i386\NTFS.SYS
[2006.03.02 14:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys

< MD5 for: SCECLI.DLL >
[2004.08.18 00:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.02.09 11:54:36 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=33081FED75032291EE0E008D5385E86F -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009.02.09 13:18:56 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=3D107D45CCFDB266E91D84B52CD7F430 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009.02.09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009.02.09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009.02.09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\system32\dllcache\services.exe
[2009.02.09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\system32\services.exe
[2008.04.14 05:22:45 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\WINDOWS\ServicePackFiles\i386\services.exe

< MD5 for: SMSS.EXE >
[2004.08.18 00:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
[2006.03.02 14:00:00 | 000,481,792 | ---- | M] (Microsoft Corporation) MD5=CB56F803D2CAF6B3F32E82D2F73F4B3A -- C:\i386\SYSTEM32\SMSS.EXE

< MD5 for: SPOOLSV.EXE >
[2004.08.18 00:49:28 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=21B6FAA88044A41640E03EBB68BE93E8 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
[2010.08.17 15:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010.08.17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\ERDNT\cache\spoolsv.exe
[2010.08.17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010.08.17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2008.04.14 05:22:48 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=CB1090BCA0E7B40D0B5B4E4D66531809 -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.18 00:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: SYMMPI.SYS >
[2002.04.04 07:32:06 | 000,028,416 | R--- | M] (LSI Logic) MD5=F2B7E8416F508368AC6730E2AE1C614F -- C:\WINDOWS\system32\drivers\symmpi.sys

< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.18 00:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.18 00:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.18 00:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< >

< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2008.07.06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008.07.06 14:06:10 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\x64\filterpipelineprintproc.dll

< %systemroot%\system32\drivers\*.sys /5 >
[2011.08.24 20:01:42 | 000,139,488 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys

< %systemroot%\system32\drivers\*.sys /X >
[2009.09.24 21:42:36 | 000,001,804 | RHS- | M] () -- C:\WINDOWS\system32\drivers\103C_HP_BPC_HP COMPAQ Dx2400 MICROTOWER PC_YB_0Comp_QBad-Serial-Number_EU_48_I2A73_SPEGATRON CORPORATION_V1.01_B5.37_T090223_WXP2_L405_M2048_J250_7Intel_8Pentium III Xeon_92.83_#090924_N10EC8168_()_X_CD3_Z_2_G.MRK
[2008.04.14 05:21:36 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008.04.14 05:21:36 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008.04.14 05:21:36 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008.04.14 05:21:36 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008.04.14 05:21:36 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008.04.14 05:21:36 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008.04.14 05:21:36 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2004.07.17 11:36:24 | 000,064,352 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativmc20.cod
[2008.04.14 05:21:37 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008.04.14 05:21:37 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008.04.14 05:21:37 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008.04.14 05:21:37 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008.04.14 05:21:37 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008.04.14 05:21:38 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2004.07.17 22:55:24 | 000,129,045 | ---- | M] () -- C:\WINDOWS\system32\drivers\cxthsfs2.cty
[2001.07.22 12:04:46 | 003,440,660 | ---- | M] () -- C:\WINDOWS\system32\drivers\gm.dls
[2006.03.02 09:00:00 | 000,000,646 | ---- | M] () -- C:\WINDOWS\system32\drivers\gmreadme.txt
[2010.10.14 20:00:02 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2011.04.19 21:03:16 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.10.14 20:00:04 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2011.04.19 21:03:17 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2004.07.17 11:35:00 | 000,067,866 | ---- | M] () -- C:\WINDOWS\system32\drivers\netwlan5.img
[2008.06.16 00:57:04 | 000,004,096 | ---- | M] () -- C:\WINDOWS\system32\drivers\rt2870.bin
[2008.04.14 05:21:55 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008.04.14 05:22:04 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< %systemroot%\system32\*.* /5 >
[2011.08.24 16:20:09 | 000,215,715 | ---- | M] () -- C:\WINDOWS\system32\nvapps.xml
[2011.08.20 13:57:17 | 000,075,136 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2011.08.24 20:00:49 | 000,270,776 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.ex0
[2011.08.24 20:01:35 | 000,270,776 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
[2011.08.24 20:01:35 | 000,270,776 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.xtr
[2011.08.24 16:20:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\config\*.sav >
[2006.05.05 02:02:44 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006.05.05 02:02:44 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006.05.05 02:02:44 | 000,438,272 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\*.* /U /s >
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[16 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\CSC\*.tmp files -> C:\WINDOWS\CSC\*.tmp -> ]
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[1 C:\WINDOWS\twain_32\*.tmp files -> C:\WINDOWS\twain_32\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %ALLUSERSPROFILE%\Data Aplikací\*.* >
[2006.05.04 19:03:56 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\desktop.ini
[2009.09.24 22:07:39 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\hpzinstall.log

< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >
[2009.12.18 20:31:44 | 000,530,625 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Data Aplikací\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
[2009.12.18 20:31:54 | 000,530,625 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Data Aplikací\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
[2010.09.21 10:50:29 | 000,144,696 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\DivX\RunAsUser\RUNASUSERPROCESS.exe
[2011.05.28 20:39:30 | 000,423,296 | ---- | M] (EasyBits Software AS) -- C:\Documents and Settings\All Users\Data Aplikací\Easybits GO\EasyBitsGO.exe
[2011.05.28 20:39:30 | 000,014,208 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\Easybits GO\ezShell64Run.exe
[2011.05.28 20:39:31 | 000,718,208 | ---- | M] (EasyBits Media) -- C:\Documents and Settings\All Users\Data Aplikací\Easybits GO\Svc\GOUpdate.exe
[2009.11.10 15:34:12 | 094,628,904 | ---- | M] (Nokia) -- C:\Documents and Settings\All Users\Data Aplikací\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Nokia_Ovi_Suite_11_update.exe
[2009.11.10 15:34:25 | 000,050,000 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\pcswpc.exe
[2009.11.10 15:34:25 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\Run_XML6_SP1.exe
[2009.11.10 15:34:25 | 000,058,880 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11Runx64.exe
[2009.11.10 15:34:25 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11Runx86.exe
[2009.11.10 15:34:27 | 013,930,312 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Data Aplikací\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
[2009.11.10 15:34:29 | 012,212,040 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Data Aplikací\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe

< %ALLUSERSPROFILE%\Dáta aplikácií\*.* >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s >

< %APPDATA%\*. >
[2011.08.24 15:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\.minecraft
[2011.06.06 13:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\Adobe
[2010.11.04 17:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\Avira
[2011.02.14 20:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\DAEMON Tools Lite
[2010.05.07 18:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\DivX
[2011.04.13 20:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\dvdcss
[2010.10.24 21:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\DVDVideoSoft
[2010.12.07 21:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\GHISLER
[2011.08.20 16:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\go
[2011.06.03 22:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\gtk-2.0
[2011.05.23 16:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\Hamachi
[2011.04.13 19:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\Help
[2009.12.19 13:46:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\HP
[2009.09.25 06:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\Identities
[2011.02.22 18:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\InstallShield
[2010.03.10 18:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\ipla
[2010.09.25 16:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\Leadertech
[2010.03.11 19:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\licenses
[2009.12.14 09:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\Macromedia
[2011.08.21 22:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\Malwarebytes
[2011.07.20 20:10:25 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Filip\Data aplikací\Microsoft
[2011.06.22 23:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\Mozilla
[2009.12.14 12:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\OpenOffice.org
[2011.07.15 22:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\OpenWith.org Cache
[2010.11.25 21:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\OpenWith.org Downloaded Setups
[2009.12.13 19:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\PC Suite
[2010.03.11 19:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\PCMM2009
[2011.02.26 14:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\PriceGong
[2011.08.21 13:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\Sammsoft
[2011.08.24 21:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\Skype
[2011.05.28 16:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\skypePM
[2011.02.23 20:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\Sony
[2009.09.24 21:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\Sun
[2011.02.14 20:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\TeamViewer
[2011.06.13 20:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\TS3Client
[2011.08.22 17:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\uTorrent
[2010.08.21 20:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\VDownloader
[2010.07.21 21:14:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\Ventrilo
[2010.08.21 20:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\Video DVD Maker FREE
[2010.11.25 23:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\vlc
[2011.04.28 11:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\wargaming.net
[2011.04.28 11:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\WinPump
[2009.12.18 20:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filip\Data aplikací\WinRAR

< %APPDATA%\*.* >
[2011.02.26 14:49:30 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\Filip\Data aplikací\$_hpcst$.hpc
[2011.01.04 22:10:10 | 000,000,231 | ---- | M] () -- C:\Documents and Settings\Filip\Data aplikací\burnaware.ini
[2006.05.04 19:03:56 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Filip\Data aplikací\desktop.ini
[2010.11.27 23:09:05 | 000,139,152 | ---- | M] () -- C:\Documents and Settings\Filip\Data aplikací\PnkBstrK.sys

< %APPDATA%\*.exe /s >
[2011.01.04 20:38:09 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Filip\Data aplikací\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2010.11.25 21:50:14 | 016,320,472 | ---- | M] () -- C:\Documents and Settings\Filip\Data aplikací\OpenWith.org Downloaded Setups\VLC media player 0.9\VLC media player 0.9.exe
[2010.06.23 19:12:23 | 025,685,128 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Filip\Data aplikací\OpenWith.org Downloaded Setups\Word Viewer 2007\Word Viewer 2007.exe

< %SYSTEMDRIVE%\*.exe >

< >

< >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-12 07:48:32

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s >
"StateIndex" = 1

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
PENDINGFILERENAMEOPERATIONS REG_MULTI_SZ \??\C:\DOCUME~1\Filip\LOCALS~1\Temp\i4jdel0.exe\0\0\??\C:\DOCUME~1\Filip\LOCALS~1\Temp\e4j7C.tmp_dir\MinecraftSP.jar\0\0\??\C:\DOCUME~1\Filip\LOCALS~1\Temp\e4j7C.tmp_dir\0\0\??\C:\DOCUME~1\Filip\LOCALS~1\Temp\i4jdel0.exe\0\0\??\C:\DOCUME~1\Filip\LOCALS~1\Temp\ide7D.tmp\0\0\??\C:\DOCUME~1\Filip\LOCALS~1\Temp\e4j7F.tmp_dir\MinecraftSP.jar\0\0\??\C:\DOCUME~1\Filip\LOCALS~1\Temp\e4j7F.tmp_dir\0\0\??\C:\DOCUME~1\Filip\LOCALS~1\Temp\i4jdel0.exe\0\0\??\C:\DOCUME~1\Filip\LOCALS~1\Temp\ide80.tmp\0\0\0

< >

< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.08.24 21:19:42 | 000,000,512 | ---- | M] () MD5=29C523D1899CF152FC693E90B0436E8A -- C:\PhysicalMBR.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:08948D52

< End of report >

filipacko · #56 Příspěvek od **filipacko** » 24 srp 2011 20:29

OTL Extras logfile created on: 24.8.2011 21:17:41 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Filip\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,19% Memory free
3,85 Gb Paging File | 2,79 Gb Available in Paging File | 72,56% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 137,80 Gb Free Space | 59,17% Space Free | Partition Type: NTFS
Drive D: | 6,94 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: HP13851929284 | User Name: Filip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2055626716-2980621588-1523458238-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"DisableThumbnailCache" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" = C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe:*:Enabled:Philips Intelligent Agent -- (Philips Consumer Electronics)
"C:\Documents and Settings\Administrator\Plocha\Fiuypek\Warcraft III\Warcraft III.exe" = C:\Documents and Settings\Administrator\Plocha\Fiuypek\Warcraft III\Warcraft III.exe:*:Disabled:Warcraft III -- ()
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\CAPCOM\DARK VOID\Launcher.exe" = C:\Program Files\CAPCOM\DARK VOID\Launcher.exe:*:Enabled:DARK VOID (DX10) -- (CAPCOM U.S.A., INC.)
"C:\Program Files\CAPCOM\DARK VOID\nativePC\Binaries\ShippingPC-SkyGame.exe" = C:\Program Files\CAPCOM\DARK VOID\nativePC\Binaries\ShippingPC-SkyGame.exe:*:Enabled:ShippingPC-SkyGame -- ()
"C:\Program Files\EA Sports\FIFA 10\FIFA10.exe" = C:\Program Files\EA Sports\FIFA 10\FIFA10.exe:*:Enabled:FIFA10 -- ()
"C:\Program Files\CAPCOM\Dead Rising 2\deadrising2.exe" = C:\Program Files\CAPCOM\Dead Rising 2\deadrising2.exe:*:Enabled:Dead Rising 2 -- (CAPCOM CO., LTD.)
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Documents and Settings\Filip\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Filip\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe" = C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Disabled:Call of Duty(R): World at War Multiplayer -- (Activision Blizzard, Inc.)
"C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe" = C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader -- ( )
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe" = C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R): World at War Campaign/Coop -- (Activision Blizzard, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{045F305E-D9F4-445F-B1F1-095CA09EEDEC}" = Crazy Machines
"{05F350C6-FA6A-40D0-A130-FB941B39152C}" = Philips SPC230NC Webcam
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{129DDEC1-A6A3-3D60-AABE-76E6E5334922}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - CSY
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1597D0AE-34A7-4A8B-A395-2E30EB745470}" = Nokia Connectivity Cable Driver
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Edimax Wireless LAN
"{2C2F85C4-62C3-4F59-A5E1-AB60E5F76ADF}_is1" = "Faces of War" (Remove Only)
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2D0B560E-493A-47EE-9132-6A47A44A437F}" = DARK VOID
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1" = AML Free Registry Cleaner 4.21
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = XTB-Trader 4.00
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{434D083E-7E9A-4D3A-914B-121000008100}" = Operation Flashpoint ®: Red River
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{564B16F4-6B5B-47B0-9AB6-FF2E943947F7}" = Nokia Ovi Suite Software Updater
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FE8B722-4D7E-3CD7-BB3A-3AD1684B1295}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - CSY
"{702563CE-516C-40CF-B69C-A4E2A8FC8F14}" = OviMPlatform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74DCC43B-33C9-3389-BD0D-33EB37973657}" = Microsoft .NET Framework 3.5 Language Pack - csy
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{82E16F2D-804A-4990-BEEF-C9DB44AE844B}" = Nokia Ovi Suite
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D6B740F-D9A2-45A6-BDC4-0A453D499FE6}" = PC Connectivity Solution
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.10.509
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF595D08-64AC-428B-8FB8-EEC70CCB8803}" = Ovi Desktop Sync Engine
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1995371-129A-4232-A0C8-E98500B4F317}" = OpenOffice.org 3.1
"{B52F8C4B-FE88-4B59-9B80-1C93669D7DEB}_is1" = OpenWith.org 1.0.3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}" = FlatOut2
"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 1.0
"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECB7782-F35F-45CE-97C0-74BBBDC51C22}" = Webcam Video Viewer
"{CF0EDB56-BBF6-3C9F-9C50-2E3B3D444641}" = Google Talk Plugin
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Balíček ovladače systému Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Balíček ovladače systému Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Counter-Strike 1.6 v32" = Counter-Strike 1.6 v32
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"GFWL_{434D083E-7E9A-4D3A-914B-121000008100}" = Operation Flashpoint ®: Red River
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"icjiloffymnuhkq" = Advanced Performance Platform Revenuestreaming.
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack - csy" = Microsoft .NET Framework 3.5 Language Pack - CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 sk)" = Mozilla Firefox 4.0.1 (x86 sk)
"Nokia Ovi Suite" = Nokia Ovi Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PDF Complete" = PDF Complete
"Philips Intelligent Agent_is1" = Philips Intelligent Agent
"Steam App 10" = Counter-Strike
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 440" = Team Fortress 2
"TeamViewer 6" = TeamViewer 6
"TmNations_is1" = TrackMania Nations ESWC 1.7.9
"Total Uninstall 5_is1" = Total Uninstall 5.10.0
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VideoMach 3.4.1" = VideoMach 3.4.1
"VLC media player" = VLC media player 0.9.8a
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2055626716-2980621588-1523458238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21.8.2011 7:24:44 | Computer Name = HP13851929284 | Source = Application Error | ID = 1000
Description = Chybující aplikace monitor.exe, verze 1.6.2007.1210, chybující modul
unknown, verze 0.0.0.0, adresa chyby 0x10079080.

Error - 21.8.2011 7:44:58 | Computer Name = HP13851929284 | Source = MsiInstaller | ID = 11714
Description = Product: Google Talk Plugin -- Error 1714. The older version of Google
Talk Plugin cannot be removed. Contact your technical support group. System Error
1612.

Error - 21.8.2011 12:51:33 | Computer Name = HP13851929284 | Source = MsiInstaller | ID = 11714
Description = Product: Google Talk Plugin -- Error 1714. The older version of Google
Talk Plugin cannot be removed. Contact your technical support group. System Error
1612.

Error - 21.8.2011 15:57:42 | Computer Name = HP13851929284 | Source = Application Error | ID = 1000
Description = Chybující aplikace hpqtra08.exe, verze 53.0.13.0, chybující modul
unknown, verze 0.0.0.0, adresa chyby 0x10079080.

Error - 21.8.2011 15:57:42 | Computer Name = HP13851929284 | Source = Application Error | ID = 1000
Description = Chybující aplikace hpqste08.exe, verze 53.0.13.0, chybující modul
unknown, verze 0.0.0.0, adresa chyby 0x00a69080.

Error - 21.8.2011 15:57:43 | Computer Name = HP13851929284 | Source = Application Error | ID = 1000
Description = Chybující aplikace skype.exe, verze 5.5.0.113, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x10079080.

Error - 21.8.2011 15:57:59 | Computer Name = HP13851929284 | Source = Application Error | ID = 1000
Description = Chybující aplikace monitor.exe, verze 1.6.2007.1210, chybující modul
unknown, verze 0.0.0.0, adresa chyby 0x10079080.

Error - 21.8.2011 16:36:13 | Computer Name = HP13851929284 | Source = Application Error | ID = 1000
Description = Chybující aplikace explorer.exe, verze 6.0.2900.5512, chybující modul
unknown, verze 0.0.0.0, adresa chyby 0x10079080.

Error - 22.8.2011 18:06:29 | Computer Name = HP13851929284 | Source = Application Error | ID = 1000
Description = Chybující aplikace javaw.exe, verze 6.0.250.6, chybující modul nvoglnt.dll,
verze 6.14.11.8250, adresa chyby 0x0035f2c6.

Error - 24.8.2011 4:25:44 | Computer Name = HP13851929284 | Source = Application Error | ID = 1000
Description = Chybující aplikace javaw.exe, verze 6.0.250.6, chybující modul nvoglnt.dll,
verze 6.14.11.8250, adresa chyby 0x0035f2cb.

[ System Events ]
Error - 24.8.2011 10:03:37 | Computer Name = HP13851929284 | Source = Service Control Manager | ID = 7034
Description = Služba Java Quick Starter byla neočekávaně ukončena. Tento stav nastal
již 1krát.

Error - 24.8.2011 10:03:37 | Computer Name = HP13851929284 | Source = Service Control Manager | ID = 7034
Description = Služba MSSQL$SONY_MEDIAMGR byla neočekávaně ukončena. Tento stav nastal
již 1krát.

Error - 24.8.2011 10:09:58 | Computer Name = HP13851929284 | Source = Service Control Manager | ID = 7000
Description = Služba Avira AntiVir Scheduler neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 24.8.2011 10:09:58 | Computer Name = HP13851929284 | Source = Service Control Manager | ID = 7000
Description = Služba Avira AntiVir Guard neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 24.8.2011 10:09:58 | Computer Name = HP13851929284 | Source = Service Control Manager | ID = 7001
Description = Služba Avira AntiVir WebGuard závisí na službě Avira AntiVir Guard,
která neuspěla při spuštění v důsledku následující chyby: %%2

Error - 24.8.2011 10:10:05 | Computer Name = HP13851929284 | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: avgio

Error - 24.8.2011 10:20:22 | Computer Name = HP13851929284 | Source = Service Control Manager | ID = 7000
Description = Služba Avira AntiVir Scheduler neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 24.8.2011 10:20:22 | Computer Name = HP13851929284 | Source = Service Control Manager | ID = 7000
Description = Služba Avira AntiVir Guard neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 24.8.2011 10:20:22 | Computer Name = HP13851929284 | Source = Service Control Manager | ID = 7001
Description = Služba Avira AntiVir WebGuard závisí na službě Avira AntiVir Guard,
která neuspěla při spuštění v důsledku následující chyby: %%2

Error - 24.8.2011 10:20:29 | Computer Name = HP13851929284 | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: avgio

< End of report >

filipacko · #57 Příspěvek od **filipacko** » 24 srp 2011 20:30

Ten OTL log som musel rozdelit inak by sa nezmestil...

#58 Příspěvek od **motji** » 24 srp 2011 20:45

Máte možnost připojit se z jiného počítače?

filipacko · #59 Příspěvek od **filipacko** » 24 srp 2011 20:45

filipacko · #60 Příspěvek od **filipacko** » 24 srp 2011 20:48

a co mam robit ??

VIRY.CZ

Viiiiir z FB kvoli adobe fotosopu ktory bol nepravii pls pom

Re: Viiiiir z FB kvoli adobe fotosopu ktory bol nepravii pls

Re: Viiiiir z FB kvoli adobe fotosopu ktory bol nepravii pls

Re: Viiiiir z FB kvoli adobe fotosopu ktory bol nepravii pls

Re: Viiiiir z FB kvoli adobe fotosopu ktory bol nepravii pls

Re: Viiiiir z FB kvoli adobe fotosopu ktory bol nepravii pls

Re: Viiiiir z FB kvoli adobe fotosopu ktory bol nepravii pls

Re: Viiiiir z FB kvoli adobe fotosopu ktory bol nepravii pls

Re: Viiiiir z FB kvoli adobe fotosopu ktory bol nepravii pls

Re: Viiiiir z FB kvoli adobe fotosopu ktory bol nepravii pls

Re: Viiiiir z FB kvoli adobe fotosopu ktory bol nepravii pls

Re: Viiiiir z FB kvoli adobe fotosopu ktory bol nepravii pls

Re: Viiiiir z FB kvoli adobe fotosopu ktory bol nepravii pls

Re: Viiiiir z FB kvoli adobe fotosopu ktory bol nepravii pls

Re: Viiiiir z FB kvoli adobe fotosopu ktory bol nepravii pls

Re: Viiiiir z FB kvoli adobe fotosopu ktory bol nepravii pls