Kontrola logu

Zpráva

Hunter · #1 Příspěvek od **Hunter** » 27 srp 2011 12:41

Prosim o kontrolu logu po napadeni FB virem, melo by to jiz OK jen se uzivateli zda pomalejsi nabeh systemu. Predem dekuji.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Terka at 2011-08-27 13:32:31
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 246 GB (57%) free of 432 GB
Total RAM: 3828 MB (53% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
winlogon.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
"C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe"
"C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe"
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe 28119984
\??\C:\windows\system32\conhost.exe "-70492870-487264535-1931528722-122555631321352331951179471819-1434963591224602435
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\diMaster.dll" /prefetch:1
C:\windows\system32\nvvsvc.exe -session -first
"C:\Program Files\Realtek\RtLED\RtLEDService.exe"
"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
"C:\Program Files\Realtek\RtLED\RtLED.exe"
"taskhost.exe"
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
C:\windows\system32\svchost.exe -k imgsvc
System32\TPHDEXLG64.exe
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
WLIDSvcM.exe 2076
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Windows\System32\TpShocks.exe"
"C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" -quickstart
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program"
"C:\Program Files (x86)\USB Camera2\VM332_STI.EXE"
"C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe"
"C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
"C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
"C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
"C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe"
"C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe" /c /a /s UserSession
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" -startup
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\totalcmd\TOTALCMD.EXE"
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"D:\Inst\Anti\New\RSITx64.exe"
C:\windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"D:\Inst\Anti\New\RSITx64.exe"

=========Mozilla firefox=========

ProfilePath - C:\Users\Terka\AppData\Roaming\Mozilla\Firefox\Profiles\rbzib6hx.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0]
"Description"=Bing Bar
"Path"=C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56CBB761-DA41-4E31-B270-B13B4B0A61D0}]
IEPwdBankBHO Class - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll [2010-05-28 53616]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll [2010-09-04 396144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\IPSBHO.DLL [2009-11-17 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
BitTorrentBar Toolbar - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar BHO - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll [2010-08-13 609544]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-24 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll [2010-08-13 609544]
{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - BitTorrentBar Toolbar - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll [2010-12-09 3911776]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll [2010-09-04 396144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-06-02 10821224]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2010-03-29 2598280]
"UpdatePRCShortCut"=C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [2009-05-13 222504]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [2010-04-12 4462496]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2010-03-18 7056800]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2010-08-25 161304]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2010-08-25 386584]
"Persistence"=C:\windows\system32\igfxpers.exe [2010-08-25 415256]
"TpShocks"=C:\Windows\System32\TpShocks.exe [2010-03-15 231328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-12-03 35184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files (x86)\BitTorrent\BitTorrent.exe [2011-06-11 400760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Terka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-04 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files (x86)\ICQ7.4\ICQ.exe [2011-03-01 119608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2011-07-06 449584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-03-03 284696]
"IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2009-09-30 111640]
"332BigDog"=C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [2010-01-19 536576]
"VitaKeyTSR"=C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [2010-05-28 376176]
"UCam_Menu"=C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"YouCam Mirror Tray icon"=C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [2010-03-03 171104]
"EgisTecPMMUpdate"=C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [2010-03-11 407920]
"EgisUpdate"=C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [2010-03-11 201584]
"Microsoft Default Manager"=C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2010-05-10 439568]
"UpdateP2GShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2008-12-04 218408]
"PLTSR"=C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [2010-09-11 364400]
"UpdatePRCShortCut"=C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [2009-05-13 222504]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2011-07-06 449584]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

C:\Users\Terka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-08-25 271360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
EgisPwdFilter
EgisDSPwdFilter
EgisPLPwdFilter

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=0
"ForceActiveDesktopOn"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-08-27 13:26:47 ----D---- C:\rsit
2011-08-27 13:26:47 ----D---- C:\Program Files\trend micro
2011-08-26 20:02:58 ----A---- C:\windows\ntbtlog.txt
2011-08-26 19:49:27 ----A---- C:\windows\SYSWOW64\drivers\mbamswissarmy.sys
2011-08-26 19:49:23 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-26 19:25:31 ----SHD---- C:\$RECYCLE.BIN
2011-08-26 19:20:17 ----D---- C:\windows\Temp
2011-08-24 16:38:00 ----A---- C:\windows\SYSWOW64\tzres.dll
2011-08-24 16:38:00 ----A---- C:\windows\system32\tzres.dll
2011-08-24 13:16:08 ----D---- C:\ProgramData\Sun
2011-08-24 13:15:46 ----A---- C:\windows\SYSWOW64\javaws.exe
2011-08-24 13:15:46 ----A---- C:\windows\SYSWOW64\javaw.exe
2011-08-24 13:15:46 ----A---- C:\windows\SYSWOW64\java.exe
2011-08-24 13:15:46 ----A---- C:\windows\SYSWOW64\deployJava1.dll
2011-08-24 13:15:32 ----D---- C:\Program Files (x86)\Java
2011-08-24 13:03:16 ----D---- C:\Program Files (x86)\Temp File Cleaner
2011-08-24 11:44:44 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-08-24 11:31:17 ----D---- C:\Users\Terka\AppData\Roaming\Malwarebytes
2011-08-24 11:31:12 ----D---- C:\ProgramData\Malwarebytes
2011-08-24 11:31:12 ----A---- C:\windows\system32\drivers\mbam.sys
2011-08-24 10:20:33 ----RA---- C:\windows\SYSWOW64\GEARAspi.dll
2011-08-24 10:20:33 ----RA---- C:\windows\system32\GEARAspi64.dll
2011-08-24 10:20:33 ----RA---- C:\windows\system32\drivers\GEARAspiWDM.sys
2011-08-24 10:20:33 ----DC---- C:\windows\system32\DRVSTORE
2011-08-24 10:20:32 ----D---- C:\Program Files\Symantec
2011-08-24 10:20:32 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-08-24 10:20:32 ----A---- C:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-08-24 10:20:15 ----D---- C:\windows\system32\drivers\N360x64
2011-08-24 10:20:14 ----D---- C:\Program Files (x86)\Norton 360
2011-08-24 10:20:13 ----D---- C:\ProgramData\Norton
2011-08-24 10:19:49 ----D---- C:\ProgramData\NortonInstaller
2011-08-24 10:19:49 ----D---- C:\Program Files (x86)\NortonInstaller
2011-08-24 10:00:48 ----D---- C:\Users\Terka\AppData\Roaming\IObit
2011-08-24 10:00:48 ----D---- C:\Program Files (x86)\IObit
2011-08-24 09:45:40 ----A---- C:\windows\UC.PIF
2011-08-24 09:45:40 ----A---- C:\windows\RAR.PIF
2011-08-24 09:45:40 ----A---- C:\windows\PKZIP.PIF
2011-08-24 09:45:40 ----A---- C:\windows\PKUNZIP.PIF
2011-08-24 09:45:40 ----A---- C:\windows\NOCLOSE.PIF
2011-08-24 09:45:40 ----A---- C:\windows\LHA.PIF
2011-08-24 09:45:40 ----A---- C:\windows\ARJ.PIF
2011-08-24 09:45:39 ----D---- C:\Users\Terka\AppData\Roaming\GHISLER
2011-08-24 09:45:39 ----D---- C:\Program Files (x86)\totalcmd
2011-08-23 21:45:14 ----D---- C:\Program Files (x86)\CCleaner
2011-08-23 20:29:34 ----HD---- C:\ProgramData\Common Files
2011-08-23 18:34:03 ----A---- C:\windows\system32\drivers\aswFsBlk.sys
2011-08-23 18:34:02 ----A---- C:\windows\system32\drivers\aswSP.sys
2011-08-23 18:33:58 ----A---- C:\windows\system32\drivers\aswRdr.sys
2011-08-23 18:33:56 ----A---- C:\windows\system32\drivers\aswTdi.sys
2011-08-23 18:33:56 ----A---- C:\windows\system32\drivers\aswSnx.sys
2011-08-23 18:33:56 ----A---- C:\windows\system32\drivers\aswMonFlt.sys
2011-08-23 18:33:56 ----A---- C:\windows\system32\aswBoot.exe
2011-08-23 18:33:45 ----A---- C:\windows\SYSWOW64\aswBoot.exe
2011-08-23 18:33:45 ----A---- C:\windows\avastSS.scr
2011-08-22 09:48:54 ----D---- C:\windows\system32\SPReview
2011-08-22 09:47:16 ----D---- C:\windows\system32\EventProviders
2011-08-13 15:56:06 ----A---- C:\windows\SYSWOW64\xmllite.dll
2011-08-13 15:56:06 ----A---- C:\windows\system32\xmllite.dll
2011-08-13 15:56:04 ----A---- C:\windows\system32\odbccu32.dll
2011-08-13 15:56:04 ----A---- C:\windows\system32\odbccr32.dll
2011-08-13 15:56:03 ----A---- C:\windows\SYSWOW64\odbctrac.dll
2011-08-13 15:56:03 ----A---- C:\windows\SYSWOW64\odbcjt32.dll
2011-08-13 15:56:03 ----A---- C:\windows\SYSWOW64\odbccu32.dll
2011-08-13 15:56:03 ----A---- C:\windows\SYSWOW64\odbccr32.dll
2011-08-13 15:56:03 ----A---- C:\windows\SYSWOW64\odbccp32.dll
2011-08-13 15:56:03 ----A---- C:\windows\system32\odbctrac.dll
2011-08-13 15:56:03 ----A---- C:\windows\system32\odbccp32.dll
2011-08-13 15:56:00 ----A---- C:\windows\system32\drivers\mrxsmb10.sys
2011-08-13 15:55:46 ----A---- C:\windows\system32\winsrv.dll
2011-08-13 15:55:46 ----A---- C:\windows\system32\kernel32.dll
2011-08-13 15:55:46 ----A---- C:\windows\system32\conhost.exe
2011-08-13 15:55:45 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-08-13 15:55:45 ----AH---- C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-13 15:55:45 ----A---- C:\windows\SYSWOW64\wow32.dll
2011-08-13 15:55:45 ----A---- C:\windows\SYSWOW64\setup16.exe
2011-08-13 15:55:45 ----A---- C:\windows\SYSWOW64\ntvdm64.dll
2011-08-13 15:55:45 ----A---- C:\windows\SYSWOW64\KernelBase.dll
2011-08-13 15:55:45 ----A---- C:\windows\SYSWOW64\kernel32.dll
2011-08-13 15:55:45 ----A---- C:\windows\system32\wow64win.dll
2011-08-13 15:55:45 ----A---- C:\windows\system32\wow64cpu.dll
2011-08-13 15:55:45 ----A---- C:\windows\system32\wow64.dll
2011-08-13 15:55:45 ----A---- C:\windows\system32\ntvdm64.dll
2011-08-13 15:55:45 ----A---- C:\windows\system32\KernelBase.dll
2011-08-13 15:55:44 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-13 15:55:44 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-08-13 15:55:44 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-08-13 15:55:44 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-13 15:55:44 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-08-13 15:55:44 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-13 15:55:44 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-13 15:55:44 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-08-13 15:55:44 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-13 15:55:44 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-08-13 15:55:44 ----AH---- C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-08-13 15:55:44 ----AH---- C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-08-13 15:55:44 ----AH---- C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-08-13 15:55:44 ----AH---- C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-13 15:55:44 ----AH---- C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-08-13 15:55:44 ----AH---- C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-08-13 15:55:44 ----AH---- C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-13 15:55:44 ----AH---- C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-08-13 15:55:44 ----AH---- C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-13 15:55:44 ----AH---- C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-13 15:55:44 ----AH---- C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-13 15:55:44 ----AH---- C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-08-13 15:55:44 ----AH---- C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-08-13 15:55:44 ----AH---- C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-13 15:55:44 ----AH---- C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-08-13 15:55:44 ----AH---- C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-13 15:55:44 ----AH---- C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-08-13 15:55:43 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-08-13 15:55:43 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-13 15:55:43 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-08-13 15:55:43 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-13 15:55:43 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-08-13 15:55:43 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-08-13 15:55:43 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-08-13 15:55:43 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-13 15:55:43 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-08-13 15:55:43 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-08-13 15:55:43 ----AH---- C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-13 15:55:43 ----AH---- C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-08-13 15:55:43 ----AH---- C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-13 15:55:43 ----AH---- C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-08-13 15:55:43 ----AH---- C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-08-13 15:55:43 ----AH---- C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-08-13 15:55:43 ----AH---- C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-08-13 15:55:43 ----AH---- C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-08-13 15:55:42 ----AH---- C:\windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-08-13 15:55:42 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-08-13 15:55:42 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-08-13 15:55:42 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-13 15:55:42 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-13 15:55:42 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-08-13 15:55:42 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-08-13 15:55:42 ----AH---- C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-08-13 15:55:42 ----AH---- C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-08-13 15:55:42 ----A---- C:\windows\SYSWOW64\instnm.exe
2011-08-13 15:55:41 ----A---- C:\windows\SYSWOW64\user.exe
2011-08-13 15:54:57 ----A---- C:\windows\system32\drivers\tcpip.sys
2011-08-13 15:54:44 ----A---- C:\windows\SYSWOW64\ieframe.dll
2011-08-13 15:54:43 ----A---- C:\windows\system32\mshtml.dll
2011-08-13 15:54:42 ----A---- C:\windows\SYSWOW64\iertutil.dll
2011-08-13 15:54:42 ----A---- C:\windows\system32\iertutil.dll
2011-08-13 15:54:40 ----A---- C:\windows\system32\ieframe.dll
2011-08-13 15:54:39 ----A---- C:\windows\SYSWOW64\mshtml.dll
2011-08-13 15:54:38 ----A---- C:\windows\SYSWOW64\wininet.dll
2011-08-13 15:54:38 ----A---- C:\windows\SYSWOW64\urlmon.dll
2011-08-13 15:54:38 ----A---- C:\windows\system32\msfeeds.dll
2011-08-13 15:54:37 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2011-08-13 15:54:37 ----A---- C:\windows\system32\wininet.dll
2011-08-13 15:54:37 ----A---- C:\windows\system32\urlmon.dll
2011-08-13 15:54:36 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2011-08-13 15:54:36 ----A---- C:\windows\system32\url.dll
2011-08-13 15:54:36 ----A---- C:\windows\system32\mshtmled.dll
2011-08-13 15:54:35 ----A---- C:\windows\SYSWOW64\url.dll
2011-08-13 15:54:35 ----A---- C:\windows\SYSWOW64\ieui.dll
2011-08-13 15:54:35 ----A---- C:\windows\system32\jsproxy.dll
2011-08-13 15:54:35 ----A---- C:\windows\system32\ieui.dll
2011-08-13 15:54:34 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2011-08-13 15:52:31 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe
2011-08-13 15:52:30 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe
2011-08-13 15:52:30 ----A---- C:\windows\system32\ntoskrnl.exe
2011-07-29 20:08:52 ----D---- C:\Program Files (x86)\Valve

======List of files/folders modified in the last 1 month======

2011-08-27 13:27:45 ----D---- C:\windows\System32
2011-08-27 13:27:45 ----D---- C:\windows\inf
2011-08-27 13:27:45 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-08-27 13:26:47 ----RD---- C:\Program Files
2011-08-27 13:24:26 ----SHD---- C:\System Volume Information
2011-08-27 13:24:03 ----D---- C:\windows\system32\config
2011-08-27 13:23:15 ----A---- C:\windows\SYSWOW64\log.txt
2011-08-27 13:19:34 ----D---- C:\windows\system32\drivers\etc
2011-08-27 13:11:26 ----SHD---- C:\windows\Installer
2011-08-27 11:25:33 ----D---- C:\Windows
2011-08-27 11:23:38 ----D---- C:\windows\system32\Tasks
2011-08-27 11:23:37 ----D---- C:\windows\Tasks
2011-08-27 11:21:42 ----D---- C:\windows\SYSWOW64\drivers
2011-08-27 10:55:36 ----RD---- C:\Program Files (x86)
2011-08-27 10:53:54 ----D---- C:\ProgramData
2011-08-27 10:25:34 ----D---- C:\windows\system32\drivers
2011-08-27 10:08:53 ----RD---- C:\Users
2011-08-26 19:48:58 ----D---- C:\windows\Prefetch
2011-08-26 19:25:13 ----D---- C:\windows\SYSWOW64\wbem
2011-08-26 19:20:14 ----D---- C:\Users\Terka\AppData\Roaming\Macromedia
2011-08-26 19:12:21 ----D---- C:\Users\Terka\AppData\Roaming\Mozilla
2011-08-24 22:56:45 ----D---- C:\windows\system32\catroot2
2011-08-24 17:48:29 ----D---- C:\windows\winsxs
2011-08-24 17:48:20 ----D---- C:\windows\SYSWOW64\cs-CZ
2011-08-24 17:48:20 ----D---- C:\windows\SysWOW64
2011-08-24 17:48:20 ----D---- C:\windows\system32\cs-CZ
2011-08-24 17:33:18 ----D---- C:\Users\Terka\AppData\Roaming\BitTorrent
2011-08-24 16:36:33 ----D---- C:\windows\system32\catroot
2011-08-24 16:22:33 ----D---- C:\Program Files (x86)\Common Files
2011-08-24 15:20:43 ----D---- C:\Users\Terka\AppData\Roaming\vlc
2011-08-24 13:17:24 ----D---- C:\windows\security
2011-08-24 11:16:28 ----D---- C:\windows\Microsoft.NET
2011-08-24 11:15:51 ----RSD---- C:\windows\assembly
2011-08-24 10:20:32 ----D---- C:\Program Files\Common Files
2011-08-23 21:47:33 ----D---- C:\windows\debug
2011-08-23 20:28:10 ----SD---- C:\Users\Terka\AppData\Roaming\Microsoft
2011-08-23 18:49:14 ----D---- C:\Users\Terka\AppData\Roaming\ICQ
2011-08-22 10:46:32 ----D---- C:\windows\system32\DriverStore
2011-08-22 10:41:35 ----D---- C:\Program Files (x86)\Windows Sidebar
2011-08-22 10:41:35 ----D---- C:\Program Files (x86)\Windows Portable Devices
2011-08-22 10:41:35 ----D---- C:\Program Files (x86)\Windows Media Player
2011-08-22 10:41:35 ----D---- C:\Program Files (x86)\Windows Mail
2011-08-22 10:41:35 ----D---- C:\Program Files (x86)\Internet Explorer
2011-08-22 10:41:34 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2011-08-22 10:41:32 ----D---- C:\Program Files\Windows Sidebar
2011-08-22 10:41:32 ----D---- C:\Program Files\Windows Portable Devices
2011-08-22 10:41:32 ----D---- C:\Program Files\Windows Mail
2011-08-22 10:41:32 ----D---- C:\Program Files\Internet Explorer
2011-08-22 10:41:32 ----D---- C:\Program Files\DVD Maker
2011-08-22 10:41:31 ----D---- C:\Program Files\Windows Photo Viewer
2011-08-22 10:41:31 ----D---- C:\Program Files\Windows Media Player
2011-08-22 10:41:30 ----D---- C:\Program Files\Windows Journal
2011-08-22 10:41:28 ----D---- C:\windows\servicing
2011-08-22 10:41:28 ----D---- C:\windows\ehome
2011-08-22 10:41:28 ----D---- C:\Program Files\Windows Defender
2011-08-22 10:41:20 ----D---- C:\windows\SYSWOW64\oobe
2011-08-22 10:41:20 ----D---- C:\windows\SYSWOW64\migration
2011-08-22 10:41:20 ----D---- C:\windows\SYSWOW64\da-DK
2011-08-22 10:41:19 ----D---- C:\windows\SYSWOW64\Setup
2011-08-22 10:41:19 ----D---- C:\windows\SYSWOW64\cs
2011-08-22 10:41:19 ----D---- C:\windows\SYSWOW64\AdvancedInstallers
2011-08-22 10:41:18 ----D---- C:\windows\SYSWOW64\manifeststore
2011-08-22 10:41:17 ----D---- C:\windows\SYSWOW64\sppui
2011-08-22 10:41:17 ----D---- C:\windows\SYSWOW64\es-ES
2011-08-22 10:41:16 ----D---- C:\windows\SYSWOW64\migwiz
2011-08-22 10:41:16 ----D---- C:\windows\SYSWOW64\Dism
2011-08-22 10:40:58 ----D---- C:\windows\system32\Setup
2011-08-22 10:40:58 ----D---- C:\windows\system32\oobe
2011-08-22 10:40:58 ----D---- C:\windows\system32\migration
2011-08-22 10:40:58 ----D---- C:\windows\system32\en-US
2011-08-22 10:40:58 ----D---- C:\windows\system32\da-DK
2011-08-22 10:40:58 ----D---- C:\windows\system32\AdvancedInstallers
2011-08-22 10:40:58 ----D---- C:\windows\PolicyDefinitions
2011-08-22 10:40:57 ----D---- C:\windows\system32\cs
2011-08-22 10:40:53 ----D---- C:\windows\system32\sppui
2011-08-22 10:40:53 ----D---- C:\windows\system32\manifeststore
2011-08-22 10:40:53 ----D---- C:\windows\system32\es-ES
2011-08-22 10:40:52 ----D---- C:\windows\system32\drivers\cs-CZ
2011-08-22 10:40:51 ----D---- C:\windows\system32\wbem
2011-08-22 10:40:51 ----D---- C:\windows\system32\migwiz
2011-08-22 10:40:51 ----D---- C:\windows\system32\Dism
2011-08-22 10:40:33 ----RSD---- C:\windows\Fonts
2011-08-22 10:40:33 ----D---- C:\windows\AppPatch
2011-08-22 10:40:21 ----D---- C:\windows\system32\Boot
2011-08-22 09:57:09 ----A---- C:\windows\SYSWOW64\msclmd.dll
2011-08-22 09:57:09 ----A---- C:\windows\system32\msclmd.dll
2011-08-22 09:09:22 ----D---- C:\Program Files\Microsoft Security Client
2011-08-18 09:46:06 ----D---- C:\Users\Terka\AppData\Roaming\Skype
2011-08-18 08:46:28 ----D---- C:\Users\Terka\AppData\Roaming\skypePM
2011-08-13 17:13:22 ----A---- C:\windows\system32\MRT.exe
2011-08-08 23:02:21 ----D---- C:\windows\system32\NDF
2011-08-07 23:15:55 ----D---- C:\Program Files (x86)\Microsoft Security Client
2011-08-07 23:15:34 ----A---- C:\windows\SYSWOW64\PerfStringBackup.INI
2011-07-31 21:06:45 ----D---- C:\Users\Terka\AppData\Roaming\SoftGrid Client
2011-07-29 20:08:52 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-03-03 540696]
R0 LHDmgr;LHDmgr; C:\windows\System32\DRIVERS\LhdX64.sys [2010-01-15 39008]
R0 nvpciflt;nvpciflt; C:\windows\system32\DRIVERS\nvpciflt.sys [2010-07-11 24680]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 Shockprf;Shockprf; C:\windows\System32\DRIVERS\Apsx64.sys [2009-12-09 135264]
R0 SymDS;Symantec Data Store; C:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [2009-10-15 433200]
R0 SymEFA;Symantec Extended File Attributes; C:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [2010-04-22 221232]
R0 TPDIGIMN;TPDIGIMN; C:\windows\System32\DRIVERS\ApsHM64.sys [2009-12-09 23648]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\windows\system32\DRIVERS\avgmfx64.sys [2011-03-01 41552]
R1 Avgtdia;AVG TDI Driver; C:\windows\system32\DRIVERS\avgtdia.sys [2011-04-05 377936]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [2011-08-12 1151096]
R1 ccHP;Symantec Hash Provider; C:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [2010-02-26 615040]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2011-08-24 481912]
R1 EgisTecFF;EgisTecFF; C:\windows\system32\DRIVERS\EgisTecFF.sys [2010-12-15 55880]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110822.031\IDSvia64.sys [2011-08-23 488568]
R1 MpFilter;Microsoft Malware Protection Driver; C:\windows\system32\DRIVERS\MpFilter.sys [2011-04-18 189440]
R1 mwlPSDFilter;mwlPSDFilter; C:\windows\system32\DRIVERS\mwlPSDFilter.sys [2010-12-15 22576]
R1 mwlPSDNServ;mwlPSDNServ; C:\windows\system32\DRIVERS\mwlPSDNServ.sys [2010-12-15 20016]
R1 mwlPSDVDisk;mwlPSDVDisk; C:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2010-12-15 60464]
R1 SRTSP;Symantec Real Time Storage Protection x64; C:\windows\System32\Drivers\N360x64\0403000.005\SRTSP64.SYS [2010-04-22 505392]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\windows\system32\drivers\N360x64\0403000.005\SRTSPX64.SYS [2010-04-22 32304]
R1 SymIRON;Symantec Iron Driver; C:\windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [2010-04-29 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [2010-05-06 451120]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys); C:\windows\System32\Drivers\FPSensor.sys [2010-12-15 35888]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys [2009-10-19 28176]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl664.sys [2010-02-02 3058168]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-24 136824]
R3 ETD;ELAN PS/2 Port Input Device; C:\windows\system32\DRIVERS\ETD.sys [2010-03-26 162304]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-19 34152]
R3 HECIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2010-08-25 10611552]
R3 Impcd;Impcd; C:\windows\system32\DRIVERS\Impcd.sys [2010-02-25 158976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2010-06-02 2392296]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C62x64.sys [2010-02-22 75304]
R3 MBAMProtector;MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [2011-07-06 25912]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110825.002\ENG64.SYS [2011-08-24 117880]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110825.002\EX64.SYS [2011-08-24 2048632]
R3 Sftfs;Sftfs; C:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 721768]
R3 Sftplay;Sftplay; C:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 269672]
R3 Sftredir;Sftredir; C:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 25960]
R3 Sftvol;Sftvol; C:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 22376]
R3 SymEvent;SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [2011-08-24 173104]
R3 vm332avs;Lenovo Camera2; C:\windows\System32\Drivers\vm332avs.sys [2010-06-02 229456]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 AVGIDSDriver;AVGIDSDriver; C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-14 118864]
S3 AVGIDSFilter;AVGIDSFilter; C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btusbflt;Bluetooth USB Filter; C:\windows\system32\drivers\btusbflt.sys [2010-04-08 54824]
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2010-01-15 98344]
S3 btwavdt;Bluetooth AVDT; C:\windows\system32\DRIVERS\btwavdt.sys [2010-01-15 132648]
S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2010-01-15 21288]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 NisDrv;Microsoft Network Inspection System; C:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2010-03-24 243744]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2010-04-20 903456]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
R2 EgisTec Data Security Service;EgisTec Data Security Service; C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe [2010-05-28 314736]
R2 EgisTec Service Help;EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [2010-09-11 327024]
R2 EgisTec Service;EgisTec Service; C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe [2010-05-28 709488]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-09-30 268824]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R2 N360;Norton 360; C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
R2 nvsvc;NVIDIA Display Driver Service; C:\windows\system32\nvvsvc.exe [2010-07-11 159336]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-07-11 1620584]
R2 RtLedService;RtLedService Installer; C:\Program Files\Realtek\RtLED\RtLEDService.exe [2010-02-05 311296]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-07-27 249136]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\windows\System32\TPHDEXLG64.exe [2009-12-09 47712]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe []
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-02-03 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

#2 Příspěvek od **Caroprd111** » 27 srp 2011 13:14

Zdravím

Počítač je Váš?

Hunter · #3 Příspěvek od **Hunter** » 27 srp 2011 15:08

Ne neni, je to kamaradky, dala mi ho ke kontrole.

#4 Příspěvek od **Caroprd111** » 27 srp 2011 17:00

V tom případě by bylo lepší, kdyby si kamarádka založila vlastní nick.

Jakým způsobem a kdo odstraňoval FB vir?

Hunter · #5 Příspěvek od **Hunter** » 27 srp 2011 17:52

To by asi neslo, protoze je to naprosty laik..
Nejprve se v tom vrtaly doma s brachou, pak to dali me. Byla to klasika - nesel spustit nouzovy rezum, zadny AV ani FW. Odstranil jsem soubory, ktere blokovaly ty bezp. SW, pak to projel MAlwarem, procistil registry a smazal docasne soubory (Ccl.), nainstaloval trial Nortona 360, a roucne domazal soubory haveti (adresare Updatexx a pod.), ktere se tykali viru. Resetoval HOST, a nyni je ve stadiu, jakem to je.

#6 Příspěvek od **Caroprd111** » 27 srp 2011 18:05

Máte logy z programů, co jste použil?

Hunter · #7 Příspěvek od **Hunter** » 27 srp 2011 18:16

Tady:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Verze databáze: 7551

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

24.8.2011 12:54:35
mbam-log-2011-08-24 (12-54-35).txt

Typ: Úplná kontrola (C:\|D:\|Q:\|)
Kontrolované objekty: 362685
Uplynulý čas: 57 minut, 18 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 7
Infikované hodnoty v registru: 2
Infikované datové položky v registru: 0
Infikované složky: 1
Infikované soubory: 16

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WXPDRIVERS (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
c:\Windows\rpcminer (Trojan.BCMiner) -> Quarantined and deleted successfully.

Infikované soubory:
c:\Users\Terka\downloads\mediapluginsetup.exe (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
d:\Tmp\services32.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.

Hunter · #8 Příspěvek od **Hunter** » 27 srp 2011 18:16

A jeste jeden

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Verze databáze: 7580

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

26.8.2011 19:56:15
mbam-log-2011-08-26 (19-56-15).txt

Typ: Rychlá kontrola
Kontrolované objekty: 181893
Uplynulý čas: 3 minut, 24 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 1
Infikované hodnoty v registru: 1
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DDSERVICE (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ddservice\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

#9 Příspěvek od **Caroprd111** » 27 srp 2011 18:23

Příště zajděte rovnou sem, mohl jste smazat legitimní soubory a navíc jste mi skryl stopy.

Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu

Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 
safebootminimal 
safebootnetwork
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
/md5start
scecli.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
atapi.sys
cdrom.sys 
ndis.sys
ntfs.sys
tcpip.sys
%SystemDrive%\PhysicalMBR.bin
/md5stop
C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X 
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav 
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
*crack* /s
*keygen* /s
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c
type c:\boot.ini >> test.txt /c

Označte položku Pro všechny uživatele.
Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Klikněte na tlačítko Prohledat
Po dokončení, sem vložte logy OTL.Txt a Extras.txt

Hunter · #10 Příspěvek od **Hunter** » 27 srp 2011 19:32

Ano omlouvam se spatny postup, to jsem jiz take zjistil, priste primo sem..
Tak mi to po dlouhe dobe cinnosti hodilo hlasku Cannot creat cmd.bat a nevim, zda to ted neco dela ci ne.

#11 Příspěvek od **Caroprd111** » 27 srp 2011 19:41

V tom případě vynechte vložení skriptu do OTL, jinak pokračujte znovu podle návodu.

Hunter · #12 Příspěvek od **Hunter** » 27 srp 2011 20:26

OTL.TXT

OTL logfile created on: 8/27/2011 9:16:58 PM - Run 1
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Terka\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3.74 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 45.72% Memory free
7.48 Gb Paging File | 5.35 Gb Available in Paging File | 71.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421.81 Gb Total Space | 234.76 Gb Free Space | 55.65% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 27.50 Gb Free Space | 94.83% Space Free | Partition Type: NTFS

Computer Name: TERKA-PC | User Name: Terka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/27 19:30:34 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Terka\Desktop\OTL.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/09/11 13:49:56 | 000,364,400 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
PRC - [2010/09/11 13:49:40 | 000,327,024 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
PRC - [2010/07/11 20:09:20 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/06/07 22:12:12 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/06/07 22:12:08 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010/05/28 05:14:52 | 000,376,176 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
PRC - [2010/05/28 05:14:02 | 000,709,488 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
PRC - [2010/05/28 05:13:38 | 000,314,736 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe
PRC - [2010/03/11 00:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/03/11 00:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/03/03 22:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 22:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/03 00:37:40 | 000,171,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
PRC - [2010/02/26 02:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccsvchst.exe
PRC - [2010/02/24 19:45:12 | 001,771,320 | ---- | M] (Piriform Ltd) -- C:\Program Files (x86)\CCleaner\CCleaner.exe
PRC - [2010/01/19 04:44:40 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
PRC - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/09/30 14:02:38 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 14:02:36 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/09/24 07:50:10 | 003,520,256 | ---- | M] (Ghisler Software GmbH) -- C:\Program Files (x86)\totalcmd\TOTALCMD.EXE

========== Modules (No Company Name) ==========

MOD - [2011/08/23 19:13:16 | 000,452,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\69d837670ac67c4776ea5a115d64a550\IAStorUtil.ni.dll
MOD - [2011/08/23 18:10:10 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll
MOD - [2011/08/23 18:09:45 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011/08/23 18:09:39 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/08/23 18:09:28 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
MOD - [2011/08/23 18:09:23 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011/08/23 18:09:20 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/08/23 18:09:19 | 007,963,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/08/23 18:09:15 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/02/04 10:05:52 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/12/16 05:59:52 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_cs_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010/11/13 04:00:59 | 000,303,104 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/02/25 01:46:34 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\CCleaner\Lang\lang-1029.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/20 15:29:08 | 000,903,456 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/02/05 16:43:20 | 000,311,296 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtLED\RtLEDService.exe -- (RtLedService)
SRV:64bit: - [2009/12/09 11:52:52 | 000,047,712 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/09/11 13:49:40 | 000,327,024 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe -- (EgisTec Service Help)
SRV - [2010/07/11 20:09:20 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/05/28 05:14:02 | 000,709,488 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe -- (EgisTec Service)
SRV - [2010/05/28 05:13:38 | 000,314,736 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe -- (EgisTec Data Security Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 22:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/02/26 02:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/09/30 14:02:38 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/09/30 14:02:36 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/24 10:20:32 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/04/14 21:28:24 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2010/12/15 23:26:38 | 000,055,880 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\EgisTecFF.sys -- (EgisTecFF)
DRV:64bit: - [2010/12/15 23:08:16 | 000,035,888 | ---- | M] (EgisTec) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys)
DRV:64bit: - [2010/12/15 23:08:14 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2010/12/15 23:08:14 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2010/12/15 23:08:14 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/11 23:40:00 | 000,024,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2010/06/02 08:35:40 | 000,229,456 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs)
DRV:64bit: - [2010/05/06 06:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/04/29 07:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/22 05:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/04/22 04:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/22 04:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/04/08 18:11:12 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/03/26 11:14:50 | 000,162,304 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/03/24 11:57:20 | 000,243,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/03 21:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/26 02:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/02/25 19:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/22 12:03:44 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/02 17:52:02 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/02/02 09:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/01/15 20:08:34 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2010/01/15 08:23:20 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/01/15 08:23:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/15 08:23:10 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/12/09 11:52:28 | 000,023,648 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2009/12/09 11:52:22 | 000,135,264 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2009/12/02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009/12/02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/12/02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009/12/02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/10/19 02:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2009/10/15 05:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symds64.sys -- (SymDS)
DRV:64bit: - [2009/09/17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 22:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/19 00:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/07 09:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2011/08/24 11:45:00 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110826.025\EX64.SYS -- (NAVEX15)
DRV - [2011/08/24 11:45:00 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/08/24 11:45:00 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/24 11:45:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110826.025\ENG64.SYS -- (NAVENG)
DRV - [2011/08/23 00:17:32 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110826.030\IDSviA64.sys -- (IDSVia64)
DRV - [2011/08/12 23:21:56 | 001,151,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110812.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3088223708-2509084807-2590491698-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
IE - HKU\S-1-5-21-3088223708-2509084807-2590491698-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com
IE - HKU\S-1-5-21-3088223708-2509084807-2590491698-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3088223708-2509084807-2590491698-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKU\S-1-5-21-3088223708-2509084807-2590491698-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2790392
IE - HKU\S-1-5-21-3088223708-2509084807-2590491698-1001\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3088223708-2509084807-2590491698-1001\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3088223708-2509084807-2590491698-1001\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3088223708-2509084807-2590491698-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Terka\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Terka\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2010/12/15 23:25:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/15 23:25:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/15 23:25:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/08/27 16:11:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2011/08/27 19:12:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/26 19:11:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/08/26 19:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terka\AppData\Roaming\Mozilla\Extensions
[2011/08/26 19:11:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/24 13:15:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/08/12 08:10:24 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/12 06:14:43 | 000,002,208 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\heureka-cz.xml
[2011/08/12 06:14:43 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2011/08/12 06:14:43 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2011/08/12 06:14:43 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011/08/12 06:14:43 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2011/08/27 13:19:34 | 000,000,000 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (IEPwdBankBHO Class) - {56CBB761-DA41-4E31-B270-B13B4B0A61D0} - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll (Egis Technology Inc. )
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3088223708-2509084807-2590491698-1001\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PLTSR] C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe (Egis Technology Inc. )
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. )
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3088223708-2509084807-2590491698-1000..\Run: [Power2GoExpress] C:\Program Files (x86)\Lenovo\Power2Go\Power2GoExpress.exe (Cyberlink)
O4 - HKU\S-1-5-21-3088223708-2509084807-2590491698-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-21-3088223708-2509084807-2590491698-1000..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Terka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\S-1-5-21-3088223708-2509084807-2590491698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3088223708-2509084807-2590491698-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O31 - SafeBoot: AlternateShell - services32.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{095607fe-53d4-11e0-a885-18f46affdd28}\Shell - "" = AutoRun
O33 - MountPoints2\{095607fe-53d4-11e0-a885-18f46affdd28}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/27 19:34:19 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Terka\Desktop\OTL.exe
[2011/08/27 13:26:47 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/08/27 13:26:47 | 000,000,000 | ---D | C] -- C:\rsit
[2011/08/26 19:49:27 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2011/08/26 19:49:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/08/26 19:25:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/26 19:20:17 | 000,000,000 | ---D | C] -- C:\windows\Temp
[2011/08/25 15:10:54 | 000,505,392 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0403000.005\srtsp64.sys
[2011/08/25 15:10:54 | 000,451,120 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0403000.005\symtdiv.sys
[2011/08/25 15:10:54 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0403000.005\symds64.sys
[2011/08/25 15:10:54 | 000,221,232 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0403000.005\symefa64.sys
[2011/08/25 15:10:54 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0403000.005\srtspx64.sys
[2011/08/25 15:10:53 | 000,615,040 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0403000.005\cchpx64.sys
[2011/08/25 15:10:53 | 000,150,064 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0403000.005\ironx64.sys
[2011/08/25 15:10:36 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64\0403000.005
[2011/08/24 16:22:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2011/08/24 13:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/08/24 13:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/08/24 13:15:46 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll
[2011/08/24 13:15:46 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2011/08/24 13:15:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2011/08/24 13:15:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2011/08/24 13:15:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/08/24 13:03:16 | 000,000,000 | ---D | C] -- C:\Users\Terka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Temp File Cleaner
[2011/08/24 13:03:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Temp File Cleaner
[2011/08/24 11:45:00 | 000,000,000 | ---D | C] -- C:\Users\Terka\AppData\Local\Mozilla
[2011/08/24 11:44:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/08/24 11:31:17 | 000,000,000 | ---D | C] -- C:\Users\Terka\AppData\Roaming\Malwarebytes
[2011/08/24 11:31:12 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/08/24 11:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/24 10:22:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/08/24 10:20:33 | 000,126,312 | R--- | C] (GEAR Software Inc.) -- C:\windows\SysNative\GEARAspi64.dll
[2011/08/24 10:20:33 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\windows\SysWow64\GEARAspi.dll
[2011/08/24 10:20:33 | 000,034,152 | R--- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys
[2011/08/24 10:20:33 | 000,000,000 | ---D | C] -- C:\windows\SysNative\DRVSTORE
[2011/08/24 10:20:32 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/08/24 10:20:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/08/24 10:20:32 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/08/24 10:20:15 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64
[2011/08/24 10:20:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/08/24 10:20:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2011/08/24 10:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/08/24 10:19:49 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/08/24 10:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2011/08/24 10:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 3
[2011/08/24 10:00:48 | 000,000,000 | ---D | C] -- C:\Users\Terka\AppData\Roaming\IObit
[2011/08/24 10:00:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2011/08/24 09:50:37 | 000,000,000 | ---D | C] -- C:\Users\Terka\AppData\Local\GHISLER
[2011/08/24 09:45:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\totalcmd
[2011/08/24 09:45:39 | 000,000,000 | ---D | C] -- C:\Users\Terka\AppData\Roaming\GHISLER
[2011/08/23 21:45:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2011/08/23 20:29:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/08/23 18:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/08/23 18:34:03 | 000,022,360 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2011/08/23 18:34:02 | 000,288,088 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2011/08/23 18:33:58 | 000,031,064 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr.sys
[2011/08/23 18:33:56 | 000,600,920 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2011/08/23 18:33:56 | 000,253,888 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2011/08/23 18:33:56 | 000,064,856 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2011/08/23 18:33:56 | 000,045,400 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2011/08/23 18:33:45 | 000,199,304 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe
[2011/08/23 18:33:45 | 000,040,112 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2011/08/22 09:48:54 | 000,000,000 | ---D | C] -- C:\windows\SysNative\SPReview
[2011/08/22 09:47:16 | 000,000,000 | ---D | C] -- C:\windows\SysNative\EventProviders
[2011/08/22 09:04:27 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/08/13 15:56:06 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xmllite.dll
[2011/08/13 15:56:04 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbccu32.dll
[2011/08/13 15:56:04 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbccr32.dll
[2011/08/13 15:56:03 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbcjt32.dll
[2011/08/13 15:56:03 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbctrac.dll
[2011/08/13 15:56:03 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbctrac.dll
[2011/08/13 15:56:03 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbccp32.dll
[2011/08/13 15:56:03 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbccp32.dll
[2011/08/13 15:56:03 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbccu32.dll
[2011/08/13 15:56:03 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbccr32.dll
[2011/08/13 15:55:46 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2011/08/13 15:55:46 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2011/08/13 15:55:46 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2011/08/13 15:55:45 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2011/08/13 15:55:45 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2011/08/13 15:55:45 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2011/08/13 15:55:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2011/08/13 15:55:45 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2011/08/13 15:55:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2011/08/13 15:55:45 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2011/08/13 15:55:45 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/08/13 15:55:45 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2011/08/13 15:55:45 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/13 15:55:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/08/13 15:55:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/08/13 15:55:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/13 15:55:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/13 15:55:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/13 15:55:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/13 15:55:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/08/13 15:55:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/08/13 15:55:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/08/13 15:55:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/13 15:55:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/13 15:55:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/13 15:55:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/13 15:55:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/13 15:55:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/13 15:55:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/08/13 15:55:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/08/13 15:55:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/13 15:55:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/08/13 15:55:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/08/13 15:55:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/08/13 15:55:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/13 15:55:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/08/13 15:55:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/08/13 15:55:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/13 15:55:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/13 15:55:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/13 15:55:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/08/13 15:55:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/13 15:55:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/13 15:55:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/13 15:55:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/08/13 15:55:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/08/13 15:55:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/08/13 15:55:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/08/13 15:55:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/13 15:55:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/08/13 15:55:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/08/13 15:55:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/13 15:55:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/13 15:55:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/13 15:55:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/08/13 15:55:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/08/13 15:55:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/13 15:55:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/13 15:55:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2011/08/13 15:55:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/08/13 15:55:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/13 15:55:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/08/13 15:55:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/08/13 15:55:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/13 15:55:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/13 15:55:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/08/13 15:55:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/08/13 15:55:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/08/13 15:55:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2011/08/13 15:54:38 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2011/08/13 15:54:36 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2011/08/13 15:54:36 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2011/08/13 15:54:36 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2011/08/13 15:54:35 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2011/08/13 15:54:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2011/08/13 15:54:35 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2011/08/13 15:52:31 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2011/08/13 15:52:30 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2011/08/13 15:52:30 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2011/08/12 21:37:33 | 000,000,000 | ---D | C] -- C:\Users\Terka\Desktop\Karcoolka CZ
[2011/08/12 18:12:23 | 000,000,000 | ---D | C] -- C:\Users\Terka\AppData\Local\{4A365269-B1E4-4E3E-8E2B-4EA527DEB0C7}
[2011/08/12 18:03:02 | 000,000,000 | ---D | C] -- C:\Users\Terka\Desktop\záloha - tábor
[2011/08/12 17:42:28 | 000,000,000 | ---D | C] -- C:\Users\Terka\AppData\Local\{BA8D045C-4D91-4A3D-8F7D-DFD1B8CC74AE}
[2011/08/12 14:37:35 | 000,000,000 | ---D | C] -- C:\Users\Terka\AppData\Local\{16924DB8-95A8-4269-AC13-BE8204A6299A}
[2011/08/12 14:35:16 | 000,000,000 | ---D | C] -- C:\Users\Terka\AppData\Local\{78A30E52-E18F-468D-A567-5588B9950349}
[2011/08/12 14:20:24 | 000,000,000 | ---D | C] -- C:\Users\Terka\AppData\Local\{9AD41895-23B4-49CE-AE79-F2E9DF2FBEE5}
[2011/08/12 14:16:02 | 000,000,000 | ---D | C] -- C:\Users\Terka\AppData\Local\{D80862B3-A293-444D-B563-FEF0807FB5B6}
[2011/08/12 14:08:59 | 000,000,000 | ---D | C] -- C:\Users\Terka\AppData\Local\{F2F57899-F829-40A5-AD3F-BA99C49AA90B}
[2011/08/12 14:07:40 | 000,000,000 | ---D | C] -- C:\Users\Terka\AppData\Local\{BCE13164-8AB9-4267-A274-496D4DBB55F7}
[2011/08/10 17:28:03 | 000,000,000 | ---D | C] -- C:\Users\Terka\AppData\Local\{AC1E136E-DAAD-4D1C-AAFE-E05B25DB4D6C}
[2011/07/29 20:08:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Valve

========== Files - Modified Within 30 Days ==========

[2011/08/27 21:16:16 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/08/27 19:37:20 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/08/27 19:34:10 | 001,479,356 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/08/27 19:34:10 | 000,634,308 | ---- | M] () -- C:\windows\SysNative\perfh005.dat
[2011/08/27 19:34:10 | 000,618,782 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/08/27 19:34:10 | 000,123,374 | ---- | M] () -- C:\windows\SysNative\perfc005.dat
[2011/08/27 19:34:10 | 000,107,804 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/08/27 19:30:34 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Terka\Desktop\OTL.exe
[2011/08/27 19:19:36 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/27 19:19:36 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/27 19:11:32 | 3010,797,568 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/27 13:19:34 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2011/08/27 13:11:21 | 001,823,656 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\0403000.005\Cat.DB
[2011/08/26 19:07:57 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/08/25 22:00:31 | 000,002,363 | ---- | M] () -- C:\Users\Terka\Desktop\Google Chrome.lnk
[2011/08/24 17:46:13 | 000,002,928 | ---- | M] () -- C:\Users\Terka\Documents\cc_20110824_174606.reg
[2011/08/24 13:15:33 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll
[2011/08/24 13:15:33 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2011/08/24 13:15:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2011/08/24 13:15:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2011/08/24 13:05:40 | 000,001,110 | ---- | M] () -- C:\Users\Terka\Documents\cc_20110824_130537.reg
[2011/08/24 13:05:22 | 000,001,110 | ---- | M] () -- C:\Users\Terka\Documents\cc_20110824_130517.reg
[2011/08/24 13:05:03 | 000,001,686 | ---- | M] () -- C:\Users\Terka\Documents\cc_20110824_130459.reg
[2011/08/24 10:20:32 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/08/24 10:20:32 | 000,007,440 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/08/24 10:20:32 | 000,000,854 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/08/24 09:57:15 | 000,000,176 | ---- | M] () -- C:\Users\Terka\Documents\cc_20110824_095711.reg
[2011/08/24 09:56:54 | 000,013,954 | ---- | M] () -- C:\Users\Terka\Documents\cc_20110824_095649.reg
[2011/08/24 09:45:40 | 000,001,037 | ---- | M] () -- C:\Users\Terka\Desktop\Total Commander.lnk
[2011/08/23 21:52:31 | 000,129,984 | ---- | M] () -- C:\Users\Terka\Documents\cc_20110823_215227.reg
[2011/08/23 18:33:56 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2011/08/23 17:02:51 | 000,202,984 | -H-- | M] () -- C:\windows\SysNative\drivers\etc\hosts.old
[2011/08/23 17:02:51 | 000,000,734 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hîsts
[2011/08/23 10:50:39 | 001,031,134 | ---- | M] () -- C:\Users\Terka\Desktop\IMG_5648.JPG
[2011/08/23 10:50:39 | 000,000,837 | ---- | M] () -- C:\Users\Terka\.recently-used.xbel
[2011/08/23 08:51:33 | 000,311,712 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/08/22 09:57:09 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msclmd.dll
[2011/08/22 09:57:09 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msclmd.dll
[2011/08/22 09:04:27 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/08/16 09:39:37 | 005,798,149 | ---- | M] () -- C:\Users\Terka\Desktop\02 - I Kissed A Girl.mp3
[2011/08/16 09:39:21 | 000,001,305 | -HS- | M] () -- C:\Users\Terka\Desktop\Folder.jpg
[2011/08/16 09:39:21 | 000,001,305 | -HS- | M] () -- C:\Users\Terka\Desktop\AlbumArt_{0B5F1FE5-C942-4323-930F-A95BD4BF247F}_Large.jpg
[2011/08/16 09:39:21 | 000,000,729 | -HS- | M] () -- C:\Users\Terka\Desktop\AlbumArtSmall.jpg
[2011/08/16 09:39:21 | 000,000,729 | -HS- | M] () -- C:\Users\Terka\Desktop\AlbumArt_{0B5F1FE5-C942-4323-930F-A95BD4BF247F}_Small.jpg
[2011/08/15 11:54:27 | 001,045,500 | ---- | M] () -- C:\Users\Terka\Desktop\270620111103.jpg
[2011/08/15 11:54:13 | 001,068,891 | ---- | M] () -- C:\Users\Terka\Desktop\270620111104.jpg
[2011/08/13 16:44:56 | 007,035,084 | ---- | M] () -- C:\Users\Terka\Desktop\07 - Hot N' Cold.mp3
[2011/08/10 17:30:56 | 004,433,683 | ---- | M] () -- C:\Users\Terka\Desktop\IMG_5367.JPG
[2011/08/10 17:27:39 | 006,619,068 | ---- | M] () -- C:\Users\Terka\Desktop\IMG_5366.JPG
[2011/08/07 23:15:34 | 001,497,494 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/07/31 16:07:31 | 000,025,345 | ---- | M] () -- C:\Users\Terka\Documents\Pokyny pro tabor.odt
[2011/07/29 20:12:47 | 000,001,950 | ---- | M] () -- C:\Users\Terka\Desktop\Counter Strike 1.6 Non Steam.lnk

========== Files Created - No Company Name ==========

[2011/08/27 19:37:20 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/08/26 19:06:36 | 001,823,656 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0403000.005\Cat.DB
[2011/08/25 15:10:54 | 000,007,829 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0403000.005\symefa64.cat
[2011/08/25 15:10:54 | 000,007,787 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0403000.005\symnetv64.cat
[2011/08/25 15:10:54 | 000,007,414 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0403000.005\srtspx64.cat
[2011/08/25 15:10:54 | 000,007,406 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0403000.005\symds64.cat
[2011/08/25 15:10:54 | 000,007,368 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0403000.005\symnet64.cat
[2011/08/25 15:10:54 | 000,003,373 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0403000.005\symefa.inf
[2011/08/25 15:10:54 | 000,002,793 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0403000.005\symds.inf
[2011/08/25 15:10:54 | 000,001,473 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0403000.005\symnetv.inf
[2011/08/25 15:10:54 | 000,001,445 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0403000.005\symnet.inf
[2011/08/25 15:10:54 | 000,001,421 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0403000.005\srtspx64.inf
[2011/08/25 15:10:53 | 000,007,410 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0403000.005\srtsp64.cat
[2011/08/25 15:10:53 | 000,007,402 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0403000.005\iron.cat
[2011/08/25 15:10:53 | 000,007,358 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0403000.005\cchpx64.cat
[2011/08/25 15:10:53 | 000,001,838 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0403000.005\cchpx64.inf
[2011/08/25 15:10:53 | 000,001,437 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0403000.005\srtsp64.inf
[2011/08/25 15:10:53 | 000,000,771 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0403000.005\iron.inf
[2011/08/25 15:10:36 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0403000.005\isolate.ini
[2011/08/24 17:46:10 | 000,002,928 | ---- | C] () -- C:\Users\Terka\Documents\cc_20110824_174606.reg
[2011/08/24 13:05:39 | 000,001,110 | ---- | C] () -- C:\Users\Terka\Documents\cc_20110824_130537.reg
[2011/08/24 13:05:20 | 000,001,110 | ---- | C] () -- C:\Users\Terka\Documents\cc_20110824_130517.reg
[2011/08/24 13:05:01 | 000,001,686 | ---- | C] () -- C:\Users\Terka\Documents\cc_20110824_130459.reg
[2011/08/24 10:20:32 | 000,007,440 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/08/24 10:20:32 | 000,000,854 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/08/24 10:20:31 | 000,002,377 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/08/24 09:57:13 | 000,000,176 | ---- | C] () -- C:\Users\Terka\Documents\cc_20110824_095711.reg
[2011/08/24 09:56:52 | 000,013,954 | ---- | C] () -- C:\Users\Terka\Documents\cc_20110824_095649.reg
[2011/08/24 09:45:40 | 000,001,037 | ---- | C] () -- C:\Users\Terka\Desktop\Total Commander.lnk
[2011/08/24 09:45:40 | 000,000,545 | ---- | C] () -- C:\windows\UC.PIF
[2011/08/24 09:45:40 | 000,000,545 | ---- | C] () -- C:\windows\RAR.PIF
[2011/08/24 09:45:40 | 000,000,545 | ---- | C] () -- C:\windows\PKZIP.PIF
[2011/08/24 09:45:40 | 000,000,545 | ---- | C] () -- C:\windows\PKUNZIP.PIF
[2011/08/24 09:45:40 | 000,000,545 | ---- | C] () -- C:\windows\NOCLOSE.PIF
[2011/08/24 09:45:40 | 000,000,545 | ---- | C] () -- C:\windows\LHA.PIF
[2011/08/24 09:45:40 | 000,000,545 | ---- | C] () -- C:\windows\ARJ.PIF
[2011/08/23 21:52:29 | 000,129,984 | ---- | C] () -- C:\Users\Terka\Documents\cc_20110823_215227.reg
[2011/08/23 18:33:56 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt
[2011/08/23 10:50:39 | 000,000,837 | ---- | C] () -- C:\Users\Terka\.recently-used.xbel
[2011/08/23 10:40:10 | 001,031,134 | ---- | C] () -- C:\Users\Terka\Desktop\IMG_5648.JPG
[2011/08/15 11:54:13 | 001,045,500 | ---- | C] () -- C:\Users\Terka\Desktop\270620111103.jpg
[2011/08/15 11:53:59 | 001,068,891 | ---- | C] () -- C:\Users\Terka\Desktop\270620111104.jpg
[2011/08/12 20:41:07 | 000,001,305 | -HS- | C] () -- C:\Users\Terka\Desktop\AlbumArt_{0B5F1FE5-C942-4323-930F-A95BD4BF247F}_Large.jpg
[2011/08/12 20:41:07 | 000,000,729 | -HS- | C] () -- C:\Users\Terka\Desktop\AlbumArt_{0B5F1FE5-C942-4323-930F-A95BD4BF247F}_Small.jpg
[2011/08/12 17:52:05 | 000,001,305 | -HS- | C] () -- C:\Users\Terka\Desktop\Folder.jpg
[2011/08/12 17:52:05 | 000,000,729 | -HS- | C] () -- C:\Users\Terka\Desktop\AlbumArtSmall.jpg
[2011/08/12 17:51:38 | 007,035,084 | ---- | C] () -- C:\Users\Terka\Desktop\07 - Hot N' Cold.mp3
[2011/08/12 17:50:30 | 005,798,149 | ---- | C] () -- C:\Users\Terka\Desktop\02 - I Kissed A Girl.mp3
[2011/08/10 17:27:39 | 004,433,683 | ---- | C] () -- C:\Users\Terka\Desktop\IMG_5367.JPG
[2011/08/10 17:27:38 | 006,619,068 | ---- | C] () -- C:\Users\Terka\Desktop\IMG_5366.JPG
[2011/07/30 18:44:50 | 000,025,345 | ---- | C] () -- C:\Users\Terka\Documents\Pokyny pro tabor.odt
[2011/07/29 20:12:03 | 000,001,950 | ---- | C] () -- C:\Users\Terka\Desktop\Counter Strike 1.6 Non Steam.lnk
[2011/06/19 20:29:41 | 000,003,584 | ---- | C] () -- C:\Users\Terka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/27 17:04:56 | 000,000,030 | -H-- | C] () -- C:\windows\~mem001.sys
[2011/03/27 17:04:56 | 000,000,014 | ---- | C] () -- C:\windows\mm.sys
[2011/03/27 17:04:55 | 000,024,576 | ---- | C] () -- C:\windows\Metronome 4.0 Uninstall.exe
[2011/03/19 18:45:12 | 001,497,494 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/02/03 23:58:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/25 20:34:30 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/08/25 20:34:30 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/08/05 03:51:33 | 000,001,341 | ---- | C] () -- C:\windows\vm332Rmv.ini
[2010/05/27 09:55:42 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/05/27 09:55:42 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/05/27 09:55:42 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/13 23:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 23:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 23:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/08/24 17:33:18 | 000,000,000 | ---D | M] -- C:\Users\Terka\AppData\Roaming\BitTorrent
[2011/08/24 12:59:58 | 000,000,000 | ---D | M] -- C:\Users\Terka\AppData\Roaming\GHISLER
[2011/07/22 17:28:59 | 000,000,000 | ---D | M] -- C:\Users\Terka\AppData\Roaming\gtk-2.0
[2011/08/23 18:49:14 | 000,000,000 | ---D | M] -- C:\Users\Terka\AppData\Roaming\ICQ
[2011/08/24 17:41:22 | 000,000,000 | ---D | M] -- C:\Users\Terka\AppData\Roaming\IObit
[2011/02/06 17:04:49 | 000,000,000 | ---D | M] -- C:\Users\Terka\AppData\Roaming\OpenOffice.org
[2011/07/31 21:06:45 | 000,000,000 | ---D | M] -- C:\Users\Terka\AppData\Roaming\SoftGrid Client
[2011/03/31 20:59:59 | 000,000,000 | ---D | M] -- C:\Users\Terka\AppData\Roaming\TP
[2011/08/27 12:41:48 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BitTorrent
[2011/08/27 11:57:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GHISLER
[2011/08/27 12:41:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\gtk-2.0
[2011/08/27 12:41:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ICQ
[2011/08/27 12:41:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IObit
[2011/08/27 12:42:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org
[2011/08/26 19:07:41 | 000,032,586 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2010/12/15 23:23:37 | 000,000,020 | ---- | M] ()(C:\windows\?öj) -- C:\windows\ðöj
[2010/12/15 23:23:37 | 000,000,020 | ---- | C] ()(C:\windows\?öj) -- C:\windows\ðöj

< End of report >

Hunter · #13 Příspěvek od **Hunter** » 27 srp 2011 20:26

A EXTRAS.TXT

OTL Extras logfile created on: 8/27/2011 9:16:58 PM - Run 1
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Terka\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3.74 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 45.72% Memory free
7.48 Gb Paging File | 5.35 Gb Available in Paging File | 71.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421.81 Gb Total Space | 234.76 Gb Free Space | 55.65% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 27.50 Gb Free Space | 94.83% Space Free | Partition Type: NTFS

Computer Name: TERKA-PC | User Name: Terka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = 1
"DisableThumbnailCache" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{17CA32D1-73BD-4990-B8F6-369D8D34B05D}" = Microsoft Antimalware Service CS-CZ Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1F494B8A-D6E6-4540-9A74-F773B63164A6}" = Port Locker
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5ACF5427-B4E4-4F85-A512-151E0BECF7E3}" = RtLED
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-006D-0405-1000-0000000FF1CE}" = Microsoft Office Klikni a spusť 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client CS-CZ Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0A4175B489A1B4A6E07E11B063A6263480C51D71" = Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"DE7217D2A8B057F15EC6E52329FDAB84231521E8" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
"Elantech" = ETDWare PS/2-x64 7.0.4.17_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02C0A02E-AB30-446C-B4C3-A03310D95F53}" = Windows Live UX Platform Language Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CE226F3-EB27-4ECD-BBF5-F088716779FD}" = Energy Management
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{463F67F4-58D0-4C0D-BBC9-D0CC4E56D1B8}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0405-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - čeština
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0405-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}" = Port Locker
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AC76BA86-7AD7-1033-7B44-A90100000001}" = Adobe Reader 9.0.1
"{ACF31D9F-70C2-40A1-9C7A-28BA16E64B56}" = BioExcess
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F493761C-E465-4B9E-9FC1-A312F161DE0A}" = Active Protection System
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FAB43061-FEFB-46E8-A159-96710395DB5E}" = OpenOffice.org 3.2
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine
"GamePlayLabs Plugin" = GamePlayLabs Plugin
"InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}" = Port Locker
"InstallShield_{ACF31D9F-70C2-40A1-9C7A-28BA16E64B56}" = BioExcess
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware verze 1.51.1.1800
"Metronome 4.0" = Metronome 4.0
"Mozilla Firefox 6.0 (x86 cs)" = Mozilla Firefox 6.0 (x86 cs)
"N360" = Norton 360
"NVIDIA.Updatus" = NVIDIA Updatus
"Office14.Click2Run" = Microsoft Office Klikni a spusť 2010
"Temp File Cleaner" = Temp File Cleaner
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 1.1.9
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3088223708-2509084807-2590491698-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/27/2011 6:26:39 AM | Computer Name = Terka-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1500
Description = Systém Windows vás nemůže přihlásit, protože nelze načíst váš profil.
Zkontrolujte, zda jste připojeni k síti a zda síť pracuje správně. PODROBNOSTI
– Přístup byl odepřen.

Error - 8/27/2011 6:36:38 AM | Computer Name = Terka-PC | Source = CVHSVC | ID = 100
Description = Pouze informace Tuto akci nelze dokončit. Opakujte akci znovu. Pokud
potíže potrvají, obraťte se na produktovou podporu společnosti Microsoft.

Error - 8/27/2011 6:45:04 AM | Computer Name = Terka-PC | Source = CVHSVC | ID = 100
Description = Pouze informace Error: Product {90140011-0066-0405-0000-0000000FF1CE}
found in the registry but SoftGrid doesn't know about it, skipping...

Error - 8/27/2011 6:45:04 AM | Computer Name = Terka-PC | Source = CVHSVC | ID = 100
Description = Pouze informace Product registration is corrupted for {90140011-0066-0405-0000-0000000FF1CE}

Error - 8/27/2011 6:45:04 AM | Computer Name = Terka-PC | Source = CVHSVC | ID = 100
Description = Pouze informace Error: Product {90140011-0066-0405-0000-0000000FF1CE}
found in the registry but SoftGrid doesn't know about it, skipping...

Error - 8/27/2011 6:45:04 AM | Computer Name = Terka-PC | Source = CVHSVC | ID = 100
Description = Pouze informace Product registration is corrupted for {90140011-0066-0405-0000-0000000FF1CE}

Error - 8/27/2011 6:45:04 AM | Computer Name = Terka-PC | Source = CVHSVC | ID = 100
Description = Pouze informace Error: Product {90140011-0066-0405-0000-0000000FF1CE}
found in the registry but SoftGrid doesn't know about it, skipping...

Error - 8/27/2011 6:45:04 AM | Computer Name = Terka-PC | Source = CVHSVC | ID = 100
Description = Pouze informace Product registration is corrupted for {90140011-0066-0405-0000-0000000FF1CE}

Error - 8/27/2011 6:45:04 AM | Computer Name = Terka-PC | Source = CVHSVC | ID = 100
Description = Pouze informace Tuto akci nelze dokončit. Opakujte akci znovu. Pokud
potíže potrvají, obraťte se na produktovou podporu společnosti Microsoft.

Error - 8/27/2011 6:45:04 AM | Computer Name = Terka-PC | Source = Application Virtualization Client | ID = 3037
Description = {tid=C40} Aplikaci Application Virtualization Client se nepodařilo
otevřít OfficeVirt 9014006604050000.

[ System Events ]
Error - 8/27/2011 1:12:09 PM | Computer Name = Terka-PC | Source = Microsoft Antimalware | ID = 5101
Description = %%860 grace period has expired. Protection against viruses, spyware,
and other potentially unwanted software is disabled. Expiration Reason: %%873 Expiration
Date (UTC): ?27.?8.?2011 17:12:09 Error Code: 0x80092003 Error Description: Při čtení
nebo zápisu do souboru došlo k chybě

Error - 8/27/2011 1:12:30 PM | Computer Name = Terka-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Nespecifikovaná chyba Reason: %%842

Error - 8/27/2011 1:12:30 PM | Computer Name = Terka-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%886 Error Code: 0x80070002 Error description: Systém nemůže nalézt uvedený soubor.
Reason: %%892

Error - 8/27/2011 1:12:30 PM | Computer Name = Terka-PC | Source = Service Control Manager | ID = 7000
Description = Služba Microsoft Network Inspection neuspěla při spuštění v důsledku
následující chyby: %%2

Error - 8/27/2011 1:12:37 PM | Computer Name = Terka-PC | Source = Service Control Manager | ID = 7023
Description = Služba Microsoft Antimalware Service byla ukončena s následující chybou:
%%-2147017840

Error - 8/27/2011 1:32:22 PM | Computer Name = Terka-PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR3.

Error - 8/27/2011 1:32:23 PM | Computer Name = Terka-PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR3.

Error - 8/27/2011 1:32:23 PM | Computer Name = Terka-PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR3.

Error - 8/27/2011 1:32:24 PM | Computer Name = Terka-PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR3.

Error - 8/27/2011 3:15:31 PM | Computer Name = Terka-PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR4.

< End of report >

#14 Příspěvek od **Caroprd111** » 27 srp 2011 20:43

Vyberte si pouze jeden antivir a zbývající odinstalujte.

Znovu spusťte OTL a do spodního bílého okna vložte následující skript. Poté klikněte na Opravit, PC se restartuje, výsledný log vložte sem.

Kód: Vybrat vše

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]

:OTL
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3088223708-2509084807-2590491698-1001\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3088223708-2509084807-2590491698-1001\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O2:64bit: - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-21-3088223708-2509084807-2590491698-1000..\RunOnce: [mctadmin] File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O31 - SafeBoot: AlternateShell - services32.exe
[2011/08/24 09:45:40 | 000,000,545 | ---- | C] () -- C:\windows\UC.PIF
[2011/08/24 09:45:40 | 000,000,545 | ---- | C] () -- C:\windows\RAR.PIF
[2011/08/24 09:45:40 | 000,000,545 | ---- | C] () -- C:\windows\PKZIP.PIF
[2011/08/24 09:45:40 | 000,000,545 | ---- | C] () -- C:\windows\PKUNZIP.PIF
[2011/08/24 09:45:40 | 000,000,545 | ---- | C] () -- C:\windows\NOCLOSE.PIF
[2011/08/24 09:45:40 | 000,000,545 | ---- | C] () -- C:\windows\LHA.PIF
[2011/08/24 09:45:40 | 000,000,545 | ---- | C] () -- C:\windows\ARJ.PIF
[2011/03/27 17:04:56 | 000,000,030 | -H-- | C] () -- C:\windows\~mem001.sys
[2011/03/27 17:04:56 | 000,000,014 | ---- | C] () -- C:\windows\mm.sys
[2011/03/27 17:04:55 | 000,024,576 | ---- | C] () -- C:\windows\Metronome 4.0 Uninstall.exe
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

Hunter · #15 Příspěvek od **Hunter** » 27 srp 2011 21:16

Diky udelam to. AV tam ale je snad jenom jeden? Pouze jsem vypnul Defender, pak tam zustava N360. A odinstaluji tedy MAlwareB.?

VIRY.CZ

Kontrola logu

Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu