Spomalený notebook, zamrza, veľmi dĺha odozva

[Naximuss]

Ahoj,
prosím o pomoc, notebook mi začal pracovať strašne pomaly, procesor ma výkon 100% a to len po spustení win
písanie má 1-3 odozvu aj teraz keď to tu píšem
niekedy ide 5-10 minút v poriadku ale potom sa zase spomalí

Logfile of random's system information tool 1.09 (written by random/random)
Run by Krásavec at 2012-03-10 13:54:20
Microsoft Windows 7 Home Premium
System drive C: has 14 GB (5%) free of 291 GB
Total RAM: 4063 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:56:48, on 10. 3. 2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal

Running processes:
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Smart Turn Off\SMLookA.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Aplikacie\Adobe\Adobe Reader\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Aplikacie\Mozilla Firefox\firefox.exe
C:\Aplikacie\Mozilla Firefox\plugin-container.exe
C:\Aplikacie\Malwarebytes' Anti-Malware\mbam.exe
C:\Aplikacie\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\trend micro\Krásavec.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll (file missing)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Aplikacie\Adobe\Adobe Reader\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Aplikacie\Adobe\Adobe Reader\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Aplikacie\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Aplikacie\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Aplikacie\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [Steam] "C:\Aplikacie\Steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Previesť cieľ odkazu do formátu Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Previesť do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Pridať cieľ odkazu do existujúceho súboru PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Pridať do existujúceho súboru PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Pridať do blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Pridať do blogu v programe Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: DCService.exe - Unknown owner - C:\ProgramData\DatacardService\DCService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Aplikacie\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - IDT, Inc. - (no file)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14006 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
winlogon.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 31625184
\??\C:\Windows\system32\conhost.exe "932863688423065762434088214-733514633-11808302895352911181706804485-1882933606
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe
C:\ProgramData\DatacardService\DCService.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
"C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe"
"C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"
"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
WLIDSvcM.exe 2280
"C:\ProgramData\DatacardService\DCSHelper.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" /background
"C:\Program Files\Java\jre6\bin\jusched.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Smart Turn Off\SMLookA.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe" /Start
"C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
"C:\Aplikacie\Adobe\Adobe Reader\Acrobat\acrotray.exe"
"C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
taskeng.exe {9D9B44C6-A112-459A-8F6D-39E2A2811A3F}
"c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe" -Embedding
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"
"C:\Aplikacie\Malwarebytes' Anti-Malware\mbamservice.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
taskmgr.exe /3
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Aplikacie\Mozilla Firefox\firefox.exe"
"C:\Aplikacie\Mozilla Firefox\plugin-container.exe" --channel=3452.b1c6a80.1183771291 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" E5641B0F3E1DD745 -greomni "C:\Aplikacie\Mozilla Firefox\omni.ja" 3452 "\\.\pipe\gecko-crash-server-pipe.3452" plugin
"C:\Aplikacie\Malwarebytes' Anti-Malware\mbam.exe"
"C:\Aplikacie\Malwarebytes' Anti-Malware\mbamgui.exe" /startalways
"C:\Users\Krásavec\Desktop\STIAHNUTE\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Krásavec\AppData\Roaming\Mozilla\Firefox\Profiles\xyphbcj3.default

prefs.js - "browser.startup.homepage" - "http://www.google.sk/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.25"
prefs.js - "keyword.URL" - "http://www.google.com/search?hl=en&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Aplikacie\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

C:\Aplikacie\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Aplikacie\Mozilla Firefox\plugins\
npdeployJava1.dll

C:\Aplikacie\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-27 43520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
CescrtHlpr Object - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-02-18 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-02-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - facemoods Toolbar - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-08-15 1814312]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2009-08-13 456192]
"SmartMenu"=C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [2009-08-25 610872]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-27 171520]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 1436736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2009-08-20 2363392]
"HPADVISOR"=C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2009-09-29 1685048]
"ISUSPM Startup"=C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-08-09 221184]
"Pando Media Booster"=C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [2011-07-05 3077528]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun []
"AlcoholAutomount"=C:\Aplikacie\Alcohol 120\AxAutoMntSrv.exe [2010-08-20 33120]
"Steam"=C:\Aplikacie\Steam\steam.exe [2011-12-22 1242448]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-02 98304]
"HPCam_Menu"=c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"QlbCtrl.exe"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-08-20 322104]
"Easybits Recovery"=C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [2009-09-02 60464]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
""= []
"WirelessAssistant"=C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2009-07-23 498744]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Adobe Acrobat Speed Launcher"=C:\Aplikacie\Adobe\Adobe Reader\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
"Acrobat Assistant 8.0"=C:\Aplikacie\Adobe\Adobe Reader\Acrobat\Acrotray.exe [2008-06-11 640376]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"ISUSScheduler"=C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2004-08-09 81920]
"PWRISOVM.EXE"=C:\Aplikacie\PowerISO\PWRISOVM.EXE [2009-11-09 180224]
"facemoods"=C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe /md I []
"Malwarebytes' Anti-Malware"=C:\Aplikacie\Malwarebytes' Anti-Malware\mbamgui.exe [2012-01-13 460872]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

C:\Users\Krásavec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Lingea Update Center.lnk - C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe
SM LookA.lnk - C:\Program Files (x86)\Smart Turn Off\SMLookA.exe
visiondefense.lnk - C:\Aplikacie\Vision Defense\Vision Defense.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2009-05-12 275360]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\SysWow64\EZUPBH~1.DLL [2009-11-27 52272]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-03-10 12:47:29 ----D---- C:\Program Files\CCleaner
2012-03-10 12:39:19 ----D---- C:\Program Files\trend micro
2012-03-10 12:39:18 ----D---- C:\rsit
2012-02-28 18:06:38 ----A---- C:\Windows\SYSWOW64\srvany.exe
2012-02-18 22:22:26 ----A---- C:\Windows\SYSWOW64\javaws.exe
2012-02-18 22:22:26 ----A---- C:\Windows\SYSWOW64\javaw.exe
2012-02-18 22:22:26 ----A---- C:\Windows\SYSWOW64\java.exe

======List of files/folders modified in the last 1 month======

2012-03-10 13:53:37 ----D---- C:\Windows\Temp
2012-03-10 12:51:05 ----D---- C:\Users\Krásavec\AppData\Roaming\Winamp
2012-03-10 12:51:05 ----D---- C:\Users\Krásavec\AppData\Roaming\Media Player Classic
2012-03-10 12:51:05 ----D---- C:\Users\Krásavec\AppData\Roaming\DAEMON Tools Lite
2012-03-10 12:51:02 ----D---- C:\Users\Krásavec\AppData\Roaming\uTorrent
2012-03-10 12:50:50 ----D---- C:\Windows\Panther
2012-03-10 12:50:50 ----D---- C:\Windows\ModemLogs
2012-03-10 12:50:50 ----D---- C:\Windows\Logs
2012-03-10 12:50:50 ----D---- C:\Windows\inf
2012-03-10 12:50:50 ----D---- C:\Windows\debug
2012-03-10 12:50:50 ----D---- C:\Windows
2012-03-10 12:47:29 ----RD---- C:\Program Files
2012-03-10 12:32:07 ----D---- C:\Windows\System32
2012-03-10 12:32:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-03-10 11:12:17 ----D---- C:\Windows\system32\config
2012-03-10 11:02:41 ----A---- C:\ProgramData\HPWALog.txt
2012-03-10 11:02:40 ----HD---- C:\ProgramData
2012-03-09 21:59:46 ----D---- C:\Windows\Prefetch
2012-03-09 21:35:38 ----D---- C:\Windows\system32\drivers
2012-03-09 19:49:16 ----SHD---- C:\System Volume Information
2012-03-07 21:46:51 ----D---- C:\Users\Krásavec\AppData\Roaming\Gmail Notifier
2012-03-06 07:13:37 ----D---- C:\Windows\system32\catroot2
2012-02-28 18:06:38 ----D---- C:\Windows\SysWOW64
2012-02-25 03:04:20 ----SHD---- C:\Windows\Installer
2012-02-25 03:04:20 ----SHD---- C:\Config.Msi
2012-02-25 03:04:20 ----D---- C:\Program Files (x86)\Essentials Codec Pack
2012-02-18 22:22:42 ----D---- C:\Program Files (x86)\Common Files
2012-02-18 22:22:16 ----A---- C:\Windows\SYSWOW64\deployJava1.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 27216]
R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2009-07-08 30008]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-04 408600]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-09-26 526392]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-25 270912]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 189440]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-11-09 91568]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-11-19 314016]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-11-19 43680]
R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [2009-07-08 41272]
R3 AtiHdmiService;ATI Service for HD Audio Codec; C:\Windows\system32\drivers\AtiHdmi.sys [2009-06-29 116752]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-02 6036480]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-08-25 2978296]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2009-04-29 18432]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2010-05-22 83456]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2009-07-21 140712]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-12-10 23152]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-07-13 233472]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys [2009-08-13 487936]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-08-15 286768]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 a6m3fihl;a6m3fihl; C:\Windows\system32\drivers\a6m3fihl.sys []
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
S3 agiefu70;agiefu70; C:\Windows\system32\drivers\agiefu70.sys []
S3 akavaea4;akavaea4; C:\Windows\system32\drivers\akavaea4.sys []
S3 DIRECTIO;DIRECTIO; \??\C:\Aplikacie\PerformanceTest\DirectIo.sys [2010-06-30 21056]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 114560]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2010-03-25 120704]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 109056]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe [2009-03-02 89600]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-07-02 203264]
R2 DCService.exe;DCService.exe; C:\ProgramData\DatacardService\DCService.exe [2010-05-08 229376]
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2009-09-24 125440]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2009-07-08 30520]
R2 MBAMService;MBAMService; C:\Aplikacie\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-07-06 247152]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe [2009-08-13 240640]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 hpqwmiex;hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 KMService;KMService; C:\Windows\syswow64\srvany.exe [2003-04-18 8192]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-09-06 651720]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe [2009-06-06 250616]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-03-16 407336]

-----------------EOF-----------------

[vyosek]

Zdravim a pekny den preji

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill SCR:
  http://download.bleepingcomputer.com/grinler/rkill.scr
  
  Rkill PIF:
  http://download.bleepingcomputer.com/grinler/rkill.pif

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[Naximuss]

Ahoj,
ďakujem za pomoc, urobil som to presne podľa návodu, akurát bolo pri combofix-e písane, že to bude trvať 10-30 minút a mne to doteraz trvalo vyše 2 hodín po ukončení sa notebook trochu zrýchlil, ale stále dosť seká a je pomalý
** Update: po ďalšom reštarte už beží super
tu je log z combofix

ComboFix 12-03-10.02 - Krásavec . 03. 2012 17:06:52.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.421.1051.18.4063.2496 [GMT 1:00]
Running from: c:\users\Krßsavec\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\KRSAVE~1\Desktop\KOLEKCIA\EROTIK~1.MIL\FL8026~1.exe
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\Fonts\ftrabd__.ttf
c:\windows\Fonts\ftrabk__.ttf
c:\windows\Fonts\ftrabki_.ttf
c:\windows\Fonts\ftrahv__.ttf
c:\windows\Fonts\ftralt__.ttf
c:\windows\Fonts\ftramd__.ttf
c:\windows\IsUn0405.exe
c:\windows\jestertb.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\tmp4ABA.tmp
c:\windows\SysWow64\tmp4ACB.tmp
F:\Autorun.inf
J:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-02-10 to 2012-03-10 )))))))))))))))))))))))))))))))
.
.
2012-03-10 17:35 . 2012-03-10 17:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-03-10 17:35 . 2012-03-10 17:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-10 11:47 . 2012-03-10 11:47 -------- d-----w- c:\program files\CCleaner
2012-03-10 11:39 . 2012-03-10 12:56 -------- d-----w- c:\program files\trend micro
2012-03-10 11:39 . 2012-03-10 11:39 -------- d-----w- C:\rsit
2012-03-09 18:49 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CDDBD46A-CEE5-40B8-92F5-6DF65E410F4E}\mpengine.dll
2012-02-28 17:06 . 2003-04-18 18:06 8192 ----a-w- c:\windows\SysWow64\srvany.exe
2012-02-18 21:22 . 2012-02-18 21:22 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-10 18:56 . 2012-02-10 18:55 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F1E9856-FA43-4F7E-AC2B-49BBEF3287B4}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-18 21:22 . 2011-10-30 10:21 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-08 07:13 . 2011-08-10 07:02 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2010-12-23 11:53 279656 ------w- c:\windows\system32\MpSigStub.exe
2008-03-09 05:25 . 2010-10-29 21:33 236 ----a-w- c:\program files (x86)\Common Files\dx.reg
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-07-05 3077528]
"AlcoholAutomount"="c:\aplikacie\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
"Steam"="c:\aplikacie\Steam\steam.exe" [2011-12-22 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Adobe Acrobat Speed Launcher"="c:\aplikacie\Adobe\Adobe Reader\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\aplikacie\Adobe\Adobe Reader\Acrobat\Acrotray.exe" [2008-06-11 640376]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"PWRISOVM.EXE"="c:\aplikacie\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"Malwarebytes' Anti-Malware"="c:\aplikacie\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 DIRECTIO;DIRECTIO;c:\aplikacie\PerformanceTest\DirectIo.sys [2010-06-30 21056]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola siete od spoločnosti Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-05-08 229376]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 MBAMService;MBAMService;c:\aplikacie\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-08-13 456192]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-27 171520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.facemoods.com/?a=ddr
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Previesť cieľ odkazu do formátu Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Previesť do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Pridať cieľ odkazu do existujúceho súboru PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Pridať do existujúceho súboru PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - (no file)
Wow6432Node-HKCU-Run-DAEMON Tools Lite - c:\program files (x86)\DAEMON Tools Lite\DTLite.exe
Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Another War - c:\windows\IsUn0405.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-EB Documentation_is1 - h:\gs\The Creative Assembly\Rome - Total War Anthology\EB Documentation\unins000.exe
AddRemove-EB Trivial Script_is1 - h:\gs\The Creative Assembly\Rome - Total War Anthology\EBTrivialScript\unins000.exe
AddRemove-GTA San Andreas SK - f:\gs\Rockstar Games\GTA San Andreas\Uninstall GTA_SA_SK.exe
AddRemove-Recruitment Viewer_is1 - h:\gs\The Creative Assembly\Rome - Total War Anthology\Recruitment Viewer\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Common Files\Lingea Shared\luc.exe
c:\program files (x86)\Smart Turn Off\SMLookA.exe
c:\aplikacie\Vision Defense\Vision Defense.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Completion time: 2012-03-10 19:08:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-10 18:08
.
Pre-Run: 14 996 365 312 bytes free
Post-Run: 14 487 203 840 bytes free
.
- - End Of File - - 7384CECD3814526D5526FCDD2C4C8A3E

[vyosek]

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

• Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
• Spustte a kliknete na Deletion
• Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  DDS::
  uStart Page = hxxp://start.facemoods.com/?a=ddr
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "SunJavaUpdateSched"=-
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "ISUSPM Startup"=-
  "Pando Media Booster"=-
  "AlcoholAutomount"=-
  "Steam"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  "HP Software Update"=-
  "Adobe Reader Speed Launcher"=-]
  "Adobe Acrobat Speed Launcher"=-
  "Acrobat Assistant 8.0"=-
  "ISUSScheduler"=-
  "PWRISOVM.EXE"=-
  "Malwarebytes' Anti-Malware"=-
  "SunJavaUpdateSched"=-
  
  Folder::
  C:\Program Files (x86)\DAEMON Tools Toolbar
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[Naximuss]

Ďakujem, tú su tie logy

############################## | UsbFix 7.059 | [Deletion]

User: Krásavec (Administrator) # KRÁSAVCOV [Hewlett-Packard HP Pavilion dv6 Notebook PC]
Updated 16/09/2011 by El Desaparecido
Started at 06:42:20 | 11/03/2012
Website: http://eldesaparecido.com
Submit your sample: http://eldesaparecido.com/support.php
Contact: contact@eldesaparecido.com

CPU: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
CPU 2: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Microsoft Windows 7 Home Premium (6.1.7600 64-Bit) #
Internet Explorer 8.0.7600.16385

Windows Firewall: Disabled /!\
RAM -> 4063 Mb
C:\ (%systemdrive%) -> Fixed drive # 285 Gb (15 Mb free - 5%) [] # NTFS
D:\ -> Fixed drive # 13 Gb (2 Mb free - 14%) [RECOVERY] # NTFS
E:\ -> CD-ROM
F:\ -> Fixed drive # 596 Gb (30 Mb free - 5%) [SAMSUNG] # FAT32
G:\ -> CD-ROM
H:\ -> CD-ROM
I:\ -> CD-ROM
J:\ -> Fixed drive # 596 Gb (14 Mb free - 2%) [SAMSUNG] # FAT32
K:\ -> Fixed drive # 932 Gb (772 Mb free - 83%) [SAMSUNG] # NTFS

################## | Files # Infected Folders |

Deleted ! C:\Users\Krásavec\Počítač - odkaz.lnk
Deleted ! C:\$RECYCLE.BIN\S-1-5-21-1593312618-3450129454-4001934851-1000
Deleted ! D:\$RECYCLE.BIN\S-1-5-21-1593312618-3450129454-4001934851-1000
Deleted ! K:\$RECYCLE.BIN\S-1-5-21-1593312618-3450129454-4001934851-1000
Deleted ! K:\autorun.inf

(!) Temporary files deleted.


################## | Registry |

Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Adobe Reader Speed Launcher

################## | Mountpoints2 |


################## | Listing |

[11/03/2012 - 06:45:53 | SHD ] C:\$RECYCLE.BIN
[31/10/2010 - 14:26:06 | D ] C:\Adobe
[10/02/2012 - 09:25:20 | D ] C:\Aplikacie
[28/11/2009 - 08:35:02 | D ] C:\boot
[14/07/2009 - 02:38:58 | RASH | 383562] C:\bootmgr
[10/03/2012 - 19:08:47 | N | 16959] C:\ComboFix.txt
[25/02/2012 - 03:04:20 | D ] C:\Config.Msi
[14/07/2009 - 06:08:56 | SHD ] C:\Documents and Settings
[06/11/2011 - 12:45:02 | N | 10] C:\error.txt
[07/11/2007 - 07:00:40 | N | 17734] C:\eula.1028.txt
[07/11/2007 - 07:00:40 | N | 17734] C:\eula.1031.txt
[07/11/2007 - 07:00:40 | N | 10134] C:\eula.1033.txt
[07/11/2007 - 07:00:40 | N | 17734] C:\eula.1036.txt
[07/11/2007 - 07:00:40 | N | 17734] C:\eula.1040.txt
[07/11/2007 - 07:00:40 | N | 118] C:\eula.1041.txt
[07/11/2007 - 07:00:40 | N | 17734] C:\eula.1042.txt
[07/11/2007 - 07:00:40 | N | 17734] C:\eula.2052.txt
[07/11/2007 - 07:00:40 | N | 17734] C:\eula.3082.txt
[07/11/2007 - 07:00:40 | N | 1110] C:\globdata.ini
[10/03/2012 - 19:39:36 | ASH | 3195420672] C:\hiberfil.sys
[25/08/2009 - 01:53:39 | D ] C:\HP
[07/11/2007 - 07:00:40 | N | 843] C:\install.ini
[07/11/2007 - 07:03:18 | N | 76304] C:\install.res.1028.dll
[07/11/2007 - 07:03:18 | N | 96272] C:\install.res.1031.dll
[07/11/2007 - 07:03:18 | N | 91152] C:\install.res.1033.dll
[07/11/2007 - 07:03:18 | N | 97296] C:\install.res.1036.dll
[07/11/2007 - 07:03:18 | N | 95248] C:\install.res.1040.dll
[07/11/2007 - 07:03:18 | N | 81424] C:\install.res.1041.dll
[07/11/2007 - 07:03:18 | N | 79888] C:\install.res.1042.dll
[07/11/2007 - 07:03:18 | N | 75792] C:\install.res.2052.dll
[07/11/2007 - 07:03:18 | N | 96272] C:\install.res.3082.dll
[11/12/2010 - 09:57:37 | N | 0] C:\lll.txt
[27/11/2009 - 21:17:34 | RD ] C:\MSOCache
[31/12/2011 - 12:26:11 | D ] C:\My Music
[10/03/2012 - 19:39:58 | ASH | 4260560896] C:\pagefile.sys
[14/07/2009 - 04:20:08 | D ] C:\PerfLogs
[10/03/2012 - 12:47:29 | D ] C:\Program Files
[25/09/2011 - 17:39:35 | D ] C:\Program Files (x86)
[10/03/2012 - 19:40:09 | D ] C:\ProgramData
[01/02/2011 - 18:26:25 | N | 18650] C:\protokol o instalaci cestiny do hry starcraft.txt
[10/03/2012 - 19:09:16 | D ] C:\Qoobox
[02/09/2010 - 16:40:17 | D ] C:\Recovery
[10/03/2012 - 16:41:29 | N | 457] C:\rkill.log
[10/03/2012 - 12:39:29 | D ] C:\rsit
[02/09/2010 - 16:45:15 | D ] C:\SwSetup
[11/03/2012 - 02:29:56 | SHD ] C:\System Volume Information
[02/09/2010 - 16:40:21 | D ] C:\SYSTEM.SAV
[26/09/2011 - 09:36:23 | D ] C:\temp
[25/02/2011 - 20:56:58 | N | 4273] C:\test.spr
[11/03/2012 - 06:45:53 | D ] C:\UsbFix
[11/03/2012 - 06:42:23 | A | 4451] C:\UsbFix.txt
[23/12/2011 - 10:04:16 | D ] C:\Users
[07/11/2007 - 07:00:40 | N | 5686] C:\vcredist.bmp
[07/11/2007 - 07:09:22 | N | 1442522] C:\VC_RED.cab
[07/11/2007 - 07:12:28 | N | 232960] C:\VC_RED.MSI
[15/09/2010 - 11:02:10 | D ] C:\Vysledky
[10/03/2012 - 19:09:05 | D ] C:\Windows
[11/03/2012 - 06:45:53 | D ] D:\$RECYCLE.BIN
[02/09/2010 - 16:45:16 | D ] D:\boot
[14/07/2009 - 19:39:00 | ASH | 383562] D:\bootmgr
[02/09/2010 - 16:45:15 | N | 0] D:\BT_HP.FLG
[25/08/2009 - 12:20:55 | N | 462] D:\CSP.DAT
[25/08/2009 - 12:28:18 | N | 12017] D:\DeployRp.log
[02/09/2010 - 16:45:16 | D ] D:\hp
[02/09/2010 - 16:45:10 | N | 8] D:\HP_WSD.dat
[02/09/2010 - 16:45:15 | N | 22] D:\language.ini
[02/09/2010 - 16:45:16 | D ] D:\preload
[02/09/2010 - 16:45:16 | D ] D:\Recovery
[25/08/2009 - 12:28:14 | N | 0] D:\RPCONFIG.LOG
[11/03/2012 - 02:30:01 | SHD ] D:\System Volume Information
[02/09/2010 - 16:45:16 | D ] D:\system.sav
[04/01/2011 - 14:51:52 | D ] F:\SamsungSoftware
[30/08/2010 - 10:27:04 | N | 4268032] F:\AppInst.exe
[04/03/2011 - 17:24:56 | D ] F:\Filmy
[05/03/2011 - 12:18:50 | D ] F:\GS
[05/03/2011 - 14:42:42 | SHD ] F:\$RECYCLE.BIN
[10/03/2011 - 07:05:56 | D ] F:\Serialy
[13/03/2011 - 09:26:56 | D ] F:\NAH
[17/03/2011 - 21:57:44 | N | 37888] F:\Humanistic Psychology Overview (History).doc
[09/10/2010 - 19:42:48 | D ] F:\Zo statistiky
[31/05/2011 - 08:13:06 | D ] F:\Dokumenty
[13/06/2011 - 01:00:18 | D ] F:\msdownld.tmp
[17/07/2011 - 23:25:00 | D ] F:\all
[27/04/2011 - 14:57:58 | D ] J:\SamsungSoftware
[30/08/2010 - 09:27:04 | N | 4268032] J:\AppInst.exe
[23/08/2011 - 13:17:28 | D ] J:\New Files
[24/08/2011 - 09:07:38 | SHD ] J:\$RECYCLE.BIN
[01/07/2011 - 23:36:34 | D ] J:\World Music
[08/04/2011 - 21:28:28 | D ] J:\POLEMIC
[25/08/2011 - 10:47:08 | N | 100431872] J:\Fable.III-SKIDROW.part01.rar
[25/08/2011 - 10:48:22 | N | 100431872] J:\Fable.III-SKIDROW.part02.rar
[25/08/2011 - 10:49:40 | N | 100431872] J:\Fable.III-SKIDROW.part03.rar
[25/08/2011 - 10:51:02 | N | 100431872] J:\Fable.III-SKIDROW.part04.rar
[25/08/2011 - 10:52:24 | N | 100431872] J:\Fable.III-SKIDROW.part05.rar
[25/08/2011 - 10:53:46 | N | 100431872] J:\Fable.III-SKIDROW.part06.rar
[25/08/2011 - 10:55:10 | N | 100431872] J:\Fable.III-SKIDROW.part07.rar
[25/08/2011 - 10:56:34 | N | 100431872] J:\Fable.III-SKIDROW.part08.rar
[25/08/2011 - 10:57:56 | N | 100431872] J:\Fable.III-SKIDROW.part09.rar
[25/08/2011 - 10:59:18 | N | 100431872] J:\Fable.III-SKIDROW.part10.rar
[25/08/2011 - 11:00:40 | N | 100431872] J:\Fable.III-SKIDROW.part11.rar
[25/08/2011 - 11:02:02 | N | 100431872] J:\Fable.III-SKIDROW.part12.rar
[25/08/2011 - 11:03:24 | N | 100431872] J:\Fable.III-SKIDROW.part13.rar
[25/08/2011 - 11:04:42 | N | 100431872] J:\Fable.III-SKIDROW.part14.rar
[25/08/2011 - 11:06:02 | N | 100431872] J:\Fable.III-SKIDROW.part15.rar
[25/08/2011 - 11:07:24 | N | 100431872] J:\Fable.III-SKIDROW.part16.rar
[25/08/2011 - 11:08:42 | N | 100431872] J:\Fable.III-SKIDROW.part17.rar
[25/08/2011 - 11:10:00 | N | 100431872] J:\Fable.III-SKIDROW.part18.rar
[25/08/2011 - 11:11:18 | N | 100431872] J:\Fable.III-SKIDROW.part19.rar
[25/08/2011 - 11:12:40 | N | 100431872] J:\Fable.III-SKIDROW.part20.rar
[25/08/2011 - 11:13:58 | N | 100431872] J:\Fable.III-SKIDROW.part21.rar
[25/08/2011 - 11:15:12 | N | 100431872] J:\Fable.III-SKIDROW.part22.rar
[25/08/2011 - 11:16:18 | N | 100431872] J:\Fable.III-SKIDROW.part23.rar
[25/08/2011 - 11:17:24 | N | 100431872] J:\Fable.III-SKIDROW.part24.rar
[25/08/2011 - 11:18:30 | N | 100431872] J:\Fable.III-SKIDROW.part25.rar
[25/08/2011 - 11:19:48 | N | 100431872] J:\Fable.III-SKIDROW.part26.rar
[25/08/2011 - 11:21:08 | N | 100431872] J:\Fable.III-SKIDROW.part27.rar
[25/08/2011 - 11:22:28 | N | 100431872] J:\Fable.III-SKIDROW.part28.rar
[25/08/2011 - 11:23:44 | N | 100431872] J:\Fable.III-SKIDROW.part29.rar
[25/08/2011 - 11:25:04 | N | 100431872] J:\Fable.III-SKIDROW.part30.rar
[25/08/2011 - 11:26:24 | N | 100431872] J:\Fable.III-SKIDROW.part31.rar
[25/08/2011 - 11:27:34 | N | 100431872] J:\Fable.III-SKIDROW.part32.rar
[25/08/2011 - 11:28:52 | N | 100431872] J:\Fable.III-SKIDROW.part33.rar
[25/08/2011 - 11:30:10 | N | 100431872] J:\Fable.III-SKIDROW.part34.rar
[25/08/2011 - 11:31:26 | N | 100431872] J:\Fable.III-SKIDROW.part35.rar
[25/08/2011 - 11:32:44 | N | 100431872] J:\Fable.III-SKIDROW.part36.rar
[25/08/2011 - 11:34:04 | N | 100431872] J:\Fable.III-SKIDROW.part37.rar
[25/08/2011 - 11:35:26 | N | 100431872] J:\Fable.III-SKIDROW.part38.rar
[25/08/2011 - 11:36:48 | N | 100431872] J:\Fable.III-SKIDROW.part39.rar
[25/08/2011 - 11:38:08 | N | 100431872] J:\Fable.III-SKIDROW.part40.rar
[25/08/2011 - 11:39:28 | N | 100431872] J:\Fable.III-SKIDROW.part41.rar
[25/08/2011 - 11:40:40 | N | 100431872] J:\Fable.III-SKIDROW.part42.rar
[25/08/2011 - 11:41:56 | N | 100431872] J:\Fable.III-SKIDROW.part43.rar
[25/08/2011 - 11:43:10 | N | 100431872] J:\Fable.III-SKIDROW.part44.rar
[25/08/2011 - 11:44:26 | N | 100431872] J:\Fable.III-SKIDROW.part45.rar
[25/08/2011 - 11:45:44 | N | 100431872] J:\Fable.III-SKIDROW.part46.rar
[25/08/2011 - 11:46:58 | N | 100431872] J:\Fable.III-SKIDROW.part47.rar
[25/08/2011 - 11:48:16 | N | 100431872] J:\Fable.III-SKIDROW.part48.rar
[25/08/2011 - 11:49:32 | N | 100431872] J:\Fable.III-SKIDROW.part49.rar
[25/08/2011 - 11:50:48 | N | 100431872] J:\Fable.III-SKIDROW.part50.rar
[25/08/2011 - 11:52:08 | N | 100431872] J:\Fable.III-SKIDROW.part51.rar
[25/08/2011 - 11:53:24 | N | 100431872] J:\Fable.III-SKIDROW.part52.rar
[25/08/2011 - 11:54:40 | N | 100431872] J:\Fable.III-SKIDROW.part53.rar
[25/08/2011 - 11:55:56 | N | 100431872] J:\Fable.III-SKIDROW.part54.rar
[25/08/2011 - 11:57:12 | N | 100431872] J:\Fable.III-SKIDROW.part55.rar
[25/08/2011 - 11:58:22 | N | 100431872] J:\Fable.III-SKIDROW.part56.rar
[25/08/2011 - 11:59:48 | N | 100431872] J:\Fable.III-SKIDROW.part57.rar
[25/08/2011 - 12:01:06 | N | 100431872] J:\Fable.III-SKIDROW.part58.rar
[25/08/2011 - 12:02:20 | N | 100431872] J:\Fable.III-SKIDROW.part59.rar
[25/08/2011 - 12:03:40 | N | 100431872] J:\Fable.III-SKIDROW.part60.rar
[25/08/2011 - 12:04:48 | N | 100431872] J:\Fable.III-SKIDROW.part61.rar
[25/08/2011 - 12:05:56 | N | 100431872] J:\Fable.III-SKIDROW.part62.rar
[25/08/2011 - 12:07:08 | N | 100431872] J:\Fable.III-SKIDROW.part63.rar
[25/08/2011 - 12:08:22 | N | 100431872] J:\Fable.III-SKIDROW.part64.rar
[25/08/2011 - 12:09:46 | N | 100431872] J:\Fable.III-SKIDROW.part65.rar
[25/08/2011 - 12:11:14 | N | 100431872] J:\Fable.III-SKIDROW.part66.rar
[25/08/2011 - 12:12:38 | N | 100431872] J:\Fable.III-SKIDROW.part67.rar
[25/08/2011 - 12:14:06 | N | 100431872] J:\Fable.III-SKIDROW.part68.rar
[25/08/2011 - 12:15:32 | N | 100431872] J:\Fable.III-SKIDROW.part69.rar
[25/08/2011 - 12:16:54 | N | 100431872] J:\Fable.III-SKIDROW.part70.rar
[25/08/2011 - 12:18:20 | N | 100431872] J:\Fable.III-SKIDROW.part71.rar
[25/08/2011 - 12:19:42 | N | 100431872] J:\Fable.III-SKIDROW.part72.rar
[25/08/2011 - 12:21:08 | N | 100431872] J:\Fable.III-SKIDROW.part73.rar
[25/08/2011 - 12:22:32 | N | 100431872] J:\Fable.III-SKIDROW.part74.rar
[25/08/2011 - 12:23:52 | N | 100431872] J:\Fable.III-SKIDROW.part75.rar
[25/08/2011 - 12:25:16 | N | 100431872] J:\Fable.III-SKIDROW.part76.rar
[25/08/2011 - 12:26:36 | N | 100431872] J:\Fable.III-SKIDROW.part77.rar
[25/08/2011 - 12:28:00 | N | 100431872] J:\Fable.III-SKIDROW.part78.rar
[25/08/2011 - 12:29:24 | N | 100431872] J:\Fable.III-SKIDROW.part79.rar
[25/08/2011 - 12:30:50 | N | 100431872] J:\Fable.III-SKIDROW.part80.rar
[25/08/2011 - 12:31:44 | N | 71073907] J:\Fable.III-SKIDROW.part81.rar
[14/07/2011 - 18:03:58 | D ] J:\Fable III Crack & Update ONLY-SKIDROW
[01/09/2011 - 15:17:34 | SHD ] J:\System Volume Information
[01/09/2011 - 15:17:56 | D ] J:\UT
[04/09/2011 - 18:48:20 | D ] J:\Fly
[07/09/2011 - 10:55:30 | N | 78820280] J:\Svoboda_books_and_others.rar
[04/03/2011 - 16:57:34 | D ] J:\Soft
[18/11/2011 - 22:48:30 | D ] J:\Config.Msi
[10/03/2011 - 06:59:42 | D ] J:\Hudba
[11/03/2012 - 06:45:53 | SHD ] K:\$RECYCLE.BIN
[08/10/2011 - 16:47:32 | N | 930159753] K:\BackUp_a2_7.4.11.part1.rar
[08/10/2011 - 18:33:24 | N | 930159753] K:\BackUp_a2_7.4.11.part2.rar
[08/10/2011 - 20:24:24 | N | 930159753] K:\BackUp_a2_7.4.11.part3.rar
[08/10/2011 - 21:49:22 | N | 930159753] K:\BackUp_a2_7.4.11.part4.rar
[08/10/2011 - 23:17:02 | N | 930159753] K:\BackUp_a2_7.4.11.part5.rar
[09/10/2011 - 00:48:12 | N | 833670459] K:\BackUp_a2_7.4.11.part6.rar
[10/03/2012 - 21:29:58 | D ] K:\Black Ops
[04/09/2011 - 17:14:16 | N | 996147200] K:\call-of-juarez-part1.rar
[04/09/2011 - 18:52:02 | N | 940010991] K:\call-of-juarez-part2.rar
[05/09/2011 - 11:16:24 | N | 734003200] K:\Call.of.Duty.4.by.gm4n.of.PowerUploaders.part01.rar
[05/09/2011 - 12:15:08 | N | 734003200] K:\Call.of.Duty.4.by.gm4n.of.PowerUploaders.part02.rar
[05/09/2011 - 13:12:02 | N | 734003200] K:\Call.of.Duty.4.by.gm4n.of.PowerUploaders.part03.rar
[05/09/2011 - 14:07:26 | N | 734003200] K:\Call.of.Duty.4.by.gm4n.of.PowerUploaders.part04.rar
[05/09/2011 - 15:05:12 | N | 734003200] K:\Call.of.Duty.4.by.gm4n.of.PowerUploaders.part05.rar
[05/09/2011 - 17:57:22 | N | 734003200] K:\Call.of.Duty.4.by.gm4n.of.PowerUploaders.part06.rar
[05/09/2011 - 19:19:58 | N | 734003200] K:\Call.of.Duty.4.by.gm4n.of.PowerUploaders.part07.rar
[05/09/2011 - 20:40:54 | N | 734003200] K:\Call.of.Duty.4.by.gm4n.of.PowerUploaders.part08.rar
[05/09/2011 - 22:07:00 | N | 734003200] K:\Call.of.Duty.4.by.gm4n.of.PowerUploaders.part09.rar
[05/09/2011 - 22:26:38 | N | 183767119] K:\Call.of.Duty.4.by.gm4n.of.PowerUploaders.part10.rar
[07/09/2011 - 10:48:54 | N | 1073741824] K:\CoD_WaW.part01.rar
[07/09/2011 - 14:41:42 | N | 1073741824] K:\CoD_WaW.part02.rar
[07/09/2011 - 16:31:10 | N | 1073741824] K:\CoD_WaW.part03.rar
[07/09/2011 - 19:46:20 | N | 1073741824] K:\CoD_WaW.part04.rar
[07/09/2011 - 22:10:50 | N | 1073741824] K:\CoD_WaW.part05.rar
[08/09/2011 - 10:56:22 | N | 1073741824] K:\CoD_WaW.part06.rar
[08/09/2011 - 00:17:26 | N | 1073741824] K:\CoD_WaW.part07.rar
[08/09/2011 - 12:56:02 | N | 1073741824] K:\CoD_WaW.part08.rar
[08/09/2011 - 16:31:30 | N | 1073741824] K:\CoD_WaW.part09.rar
[08/09/2011 - 17:29:18 | N | 144987176] K:\CoD_WaW.part10.rar
[22/10/2011 - 08:35:02 | N | 999000000] K:\KristuvSvatyGral.part01.rar
[22/10/2011 - 10:03:06 | N | 999000000] K:\KristuvSvatyGral.part02.rar
[22/10/2011 - 12:38:00 | N | 999000000] K:\KristuvSvatyGral.part03.rar
[22/10/2011 - 20:10:56 | N | 999000000] K:\KristuvSvatyGral.part04.rar
[22/10/2011 - 21:20:10 | N | 999000000] K:\KristuvSvatyGral.part05.rar
[22/10/2011 - 22:29:28 | N | 999000000] K:\KristuvSvatyGral.part06.rar
[22/10/2011 - 23:38:32 | N | 999000000] K:\KristuvSvatyGral.part07.rar
[23/10/2011 - 00:47:36 | N | 999000000] K:\KristuvSvatyGral.part08.rar
[23/10/2011 - 01:04:10 | N | 239083872] K:\KristuvSvatyGral.part09.rar
[06/09/2011 - 10:48:44 | N | 1033895936] K:\mw2.by.gm4n.of.PowerUploaders.part01.rar
[06/09/2011 - 12:43:06 | N | 1033895936] K:\mw2.by.gm4n.of.PowerUploaders.part02.rar
[07/09/2011 - 00:39:28 | N | 1033895936] K:\mw2.by.gm4n.of.PowerUploaders.part03.rar
[07/09/2011 - 12:17:26 | N | 1033895936] K:\mw2.by.gm4n.of.PowerUploaders.part04.rar
[08/09/2011 - 00:43:42 | N | 1033895936] K:\mw2.by.gm4n.of.PowerUploaders.part05.rar
[08/09/2011 - 02:12:42 | N | 1033895936] K:\mw2.by.gm4n.of.PowerUploaders.part06.rar
[08/09/2011 - 13:21:56 | N | 1033895936] K:\mw2.by.gm4n.of.PowerUploaders.part07.rar
[08/09/2011 - 15:52:14 | N | 1033895936] K:\mw2.by.gm4n.of.PowerUploaders.part08.rar
[09/09/2011 - 03:18:46 | N | 1033895936] K:\mw2.by.gm4n.of.PowerUploaders.part09.rar
[09/09/2011 - 12:59:50 | N | 1033895936] K:\mw2.by.gm4n.of.PowerUploaders.part10.rar
[09/09/2011 - 14:53:10 | N | 1033895936] K:\mw2.by.gm4n.of.PowerUploaders.part11.rar
[09/09/2011 - 15:49:18 | N | 514563348] K:\mw2.by.gm4n.of.PowerUploaders.part12.rar
[18/02/2012 - 08:42:43 | D ] K:\presun
[16/02/2011 - 17:26:36 | N | 82726] K:\SAMSUNG_EHDD.ico
[10/02/2012 - 01:35:57 | D ] K:\SE
[10/02/2012 - 22:17:30 | SHD ] K:\System Volume Information
[03/12/2011 - 22:41:56 | N | 2097152000] K:\Tropico 4.part1.rar
[04/12/2011 - 06:20:02 | N | 1895285532] K:\Tropico 4.part2.rar
[10/02/2012 - 00:02:26 | D ] K:\ZALOHA 1
[10/02/2012 - 00:02:39 | D ] K:\ZALOHA 2

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
D:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
F:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
J:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
K:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_KRÁSAVCOV.zip
http://eldesaparecido.com/support.php
Thank you for your contribution.

################## | E.O.F |


a z combofix:



ComboFix 12-03-10.02 - Krásavec . 03. 2012 7:00.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.421.1051.18.4063.2529 [GMT 1:00]
Running from: c:\users\Krßsavec\Desktop\ComboFix.exe
Command switches used :: c:\users\Krßsavec\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-11 to 2012-03-11 )))))))))))))))))))))))))))))))
.
.
2012-03-11 06:07 . 2012-03-11 06:07 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-03-11 06:07 . 2012-03-11 06:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-11 05:41 . 2012-03-11 05:55 -------- d-----w- C:\UsbFix
2012-03-11 01:31 . 2012-03-11 01:31 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0CDBEC5B-5F44-4AE6-BF0B-BD0F6B45C11A}\offreg.dll
2012-03-11 01:30 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0CDBEC5B-5F44-4AE6-BF0B-BD0F6B45C11A}\mpengine.dll
2012-03-10 11:47 . 2012-03-10 11:47 -------- d-----w- c:\program files\CCleaner
2012-03-10 11:39 . 2012-03-10 12:56 -------- d-----w- c:\program files\trend micro
2012-03-10 11:39 . 2012-03-10 11:39 -------- d-----w- C:\rsit
2012-02-28 17:06 . 2003-04-18 18:06 8192 ----a-w- c:\windows\SysWow64\srvany.exe
2012-02-18 21:22 . 2012-02-18 21:22 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-10 18:56 . 2012-02-10 18:55 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F1E9856-FA43-4F7E-AC2B-49BBEF3287B4}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-11 05:55 . 2012-03-11 05:46 9690 ----a-w- C:\UsbFix_Upload_Me_KRÁSAVCOV.zip
2012-02-18 21:22 . 2011-10-30 10:21 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-08 07:13 . 2011-08-10 07:02 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2010-12-23 11:53 279656 ------w- c:\windows\system32\MpSigStub.exe
2008-03-09 05:25 . 2010-10-29 21:33 236 ----a-w- c:\program files (x86)\Common Files\dx.reg
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-10_17.44.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-03-10 17:37 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-11 06:08 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-11 06:08 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-10 17:37 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-11 06:08 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-03 22:23 . 2012-03-03 22:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-03-03 22:23 . 2012-03-10 21:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2009-11-27 20:01 . 2012-03-10 18:41 58152 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-11-27 20:01 . 2012-03-10 17:42 58152 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-10 18:41 71070 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-08-25 00:31 . 2012-03-10 18:49 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-25 00:31 . 2012-03-10 16:01 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-10 16:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-10 18:49 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-01 08:25 . 2012-03-11 05:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-01 08:25 . 2012-03-10 17:44 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-01 08:25 . 2012-03-10 17:44 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-01 08:25 . 2012-03-11 05:53 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-01 08:25 . 2012-03-10 17:44 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-01 08:25 . 2012-03-11 05:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-02 15:36 . 2012-03-10 17:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-02 15:36 . 2012-03-10 18:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-02 15:36 . 2012-03-10 17:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-02 15:36 . 2012-03-10 18:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-11 06:08 . 2012-03-11 06:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-10 17:37 . 2012-03-10 17:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-10 17:37 . 2012-03-10 17:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-11 06:08 . 2012-03-11 06:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-03-10 11:32 618108 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-10 19:20 618108 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-10 11:32 107388 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-10 19:20 107388 c:\windows\system32\perfc009.dat
- 2009-07-14 05:12 . 2012-03-10 16:01 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-03-10 18:49 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-03-10 17:36 413612 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-11 06:07 413612 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-09-07 02:21 . 2012-03-10 17:36 9791308 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1593312618-3450129454-4001934851-1000-12288.dat
+ 2010-09-07 02:21 . 2012-03-11 06:07 9791308 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1593312618-3450129454-4001934851-1000-12288.dat
- 2009-07-14 02:34 . 2012-03-10 15:25 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-03-10 21:19 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-07-05 3077528]
"AlcoholAutomount"="c:\aplikacie\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
"Steam"="c:\aplikacie\Steam\steam.exe" [2011-12-22 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"Adobe Acrobat Speed Launcher"="c:\aplikacie\Adobe\Adobe Reader\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\aplikacie\Adobe\Adobe Reader\Acrobat\Acrotray.exe" [2008-06-11 640376]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"PWRISOVM.EXE"="c:\aplikacie\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"Malwarebytes' Anti-Malware"="c:\aplikacie\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 DIRECTIO;DIRECTIO;c:\aplikacie\PerformanceTest\DirectIo.sys [2010-06-30 21056]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola siete od spoločnosti Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-05-08 229376]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 MBAMService;MBAMService;c:\aplikacie\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-08-13 456192]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-27 171520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Previesť cieľ odkazu do formátu Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Previesť do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Pridať cieľ odkazu do existujúceho súboru PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Pridať do existujúceho súboru PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath -
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Common Files\Lingea Shared\luc.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Smart Turn Off\SMLookA.exe
c:\aplikacie\Vision Defense\Vision Defense.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-03-11 07:12:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-11 06:12
ComboFix2.txt 2012-03-10 18:08
.
Pre-Run: 16 003 588 096 bytes free
Post-Run: 15 923 195 904 bytes free
.
- - End Of File - - F742A383F11BB0541DEC295B7855CD28

[vyosek]

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222

• Provedte aktualizaci
• Provedte uplny sken - nic nemazte
• MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

[Naximuss]

Ahoj, ďakujem za pomoc, tu je log z Malwarebytes

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Verzia databázy: v2012.03.13.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Krásavec :: KRÁSAVCOV [administrátor]

Ochrana: Zapnuté

13. 3. 2012 11:22:04
mbam-log-2012-03-13 (12-36-33).txt

Typ kontroly: Úplná kontrola
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 452918
Uplynutý čas: 1 hod, 8 min, 17 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 1
C:\Users\Krásavec\Desktop\STIAHNUTE\Microsoft Office 2010 Activator [ kk ]\mini-KMS_Activator_v1.051.exe (PUP.RiskwareTool.CK) -> Žiadna úloha nevykonaná.

(koniec)

[vyosek]

Odinstalujte nelegalni SW

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ukoncete vsechny programy
• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Pockejte na dokonceni PreScanu
• Zvolte moznost Prohledat (scan)
• Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte

[Naximuss]

Ahoj, dnes som sa vrátil po týždni domov a znova mi to začalo spomaľovať , výkon cpu vyskočí po 10 minútach na 90-100%

tu je log z RogueKiller

RogueKiller V7.3.1 [03/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operačný systém: Windows 7 (6.1.7600 ) 64 bits version
Spustené v : Normálny režim
Užívateľ: Krásavec [Práva Správcu]
Mode: Kontrola -- Date: 03/16/2012 21:35:33

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrov: 4 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač: [NENAHRATÉ] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEKT-60V5T1 +++++
--- User ---
[MBR] 08e7d57d55d2f856f0393c825feb65ea
[BSP] 800ee430cbfc59125240e447e376b311 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 291454 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 597307392 | Size: 13590 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Samsung G2 Portable USB Device +++++
--- User ---
[MBR] f9aa3d73e4bb0444c2943137d3454d51
[BSP] 982443382d60bfdff0f65bb696b751a2 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 64 | Size: 610477 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: Samsung G2 Portable USB Device +++++
--- User ---
[MBR] 8ee7f252ad7269569cfe9b7a803e826f
[BSP] 3f1d7fa85082f0698a7256ebb08487a9 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 64 | Size: 610477 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončené : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

[vyosek]

Je videt ktery proces CPU zatezuje

[Naximuss]

Teraz to zaťažuje procesor pri spustení akéhokoľvek procesu takmer dvojnásobne,
takto to vyzeralo, keď sa po 5 minútach štartovania


By naximuss at 2012-03-17

takto to vyzerá keď som spustil a nechal hrať bsplayer


By naximuss at 2012-03-17

a takto to vyzerá keď tu práve píšem


By naximuss at 2012-03-17

ešte sa mi niečo podobné v živote nestalo, pritom navonok sa nič nepriehrieva, vetranie beží v poriadku...
*POZNÁMKA: po spustení som niektoré aplikácie vypol, aby ma pre istotu ešte viac nespomaľovali (boli to Steam, Lingea Update, Vision Defence, PowerIso a HP Support Assistant - tie aplikácie mám dlho a problém som s nimi nikdy nemal)

[vyosek]

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
• Zaskrtnete okenko Pro vsechny uzivatele
• Zaskrtnete okenko Kontrola na havet "LOP"
• Zaskrtnete okenko Kontrola na havet "Purity"
• Stari souboru zmente z 30 dnu na 7 dnu
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  CREATERESTOREPOINT
  
  netsvcs
  drivers32
  savembr:0
  
  /md5start
  atapi.sys
  autochk.exe
  cdrom.sys
  explorer.exe
  hal.dll
  scecli.dll
  svchost.exe
  tcpip.sys
  userinit.exe
  winlogon.exe
  /md5stop
  
  %systemroot%*.* /U /s
  %SYSTEMDRIVE%\*.exe
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\drivers\*.sys /3
  %systemroot%\system32\*.* /3
  %SYSTEMDRIVE%\*.exe
  
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
  
  %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
  %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
  %PROGRAMFILES%\Opera\opera.exe /md5
  %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5
  
  %SystemDrive%\PhysicalMBR.bin /md5 
  
  *crack* /s
  *keygen* /s
  *loader* /s

• Kliknete na tlacitko Prohledat
• Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

[Naximuss]

Ahoj, ten scan OTL mi beží už viac ako 4 hodiny nezacyklilo sa to? lebo mám pocit, že ten Manual File scan beží odznova.
Na notebooku nič nerobím, iba som si túto stranku nechal otvorenú. Výkon cpu beží na 100%

[vyosek]

Restart do nouzoveho rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti) a spustte jej znovu

[Naximuss]

Tu je log OLT:
OTL logfile created on: 17.3.2012 19:46:01 - Run 1
OTL by OldTimer - Version 3.2.39.0 Folder = C:\Users\Krásavec\Desktop\STIAHNUTE
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Slovensko | Language: SKY | Date Format: d. M. yyyy

3,97 Gb Total Physical Memory | 2,98 Gb Available Physical Memory | 75,22% Memory free
7,93 Gb Paging File | 7,00 Gb Available in Paging File | 88,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,62 Gb Total Space | 21,63 Gb Free Space | 7,60% Space Free | Partition Type: NTFS
Drive D: | 13,27 Gb Total Space | 1,89 Gb Free Space | 14,26% Space Free | Partition Type: NTFS

Computer Name: KRÁSAVCOV | User Name: Krásavec | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012.03.17 19:43:39 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Aplikacie\Mozilla Firefox\firefox.exe
PRC - [2012.03.17 14:05:20 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Krásavec\Desktop\STIAHNUTE\OTL.exe


========== Modules (No Company Name) ==========

MOD - [2012.03.17 19:43:39 | 001,969,080 | ---- | M] () -- C:\Aplikacie\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.04.27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011.04.27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009.08.13 21:09:00 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.08 12:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009.07.02 22:16:00 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.03.02 22:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe -- (AESTFilters)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Aplikacie\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.03.16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.09.06 11:50:02 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.05.08 12:48:36 | 000,229,376 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.08.13 21:09:00 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe -- (STacSV)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.06 01:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.03.02 22:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe -- (AESTFilters)
SRV - [2009.02.22 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Stopped] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2003.04.18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.09.26 08:51:06 | 000,526,392 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.09.25 17:53:33 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.04.27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010.11.19 11:58:57 | 000,314,016 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.11.19 11:58:53 | 000,043,680 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.09.13 15:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2010.05.22 14:49:30 | 000,083,456 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010.03.25 10:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010.03.20 11:56:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2009.11.09 04:28:08 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009.08.25 01:31:30 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.08.15 07:54:00 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.08.13 21:09:00 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.07.21 04:39:00 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.07.13 23:31:00 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.08 12:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009.07.08 12:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009.07.02 22:51:00 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.29 19:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009.06.29 18:00:00 | 000,116,752 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.04.29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2010.06.30 10:34:50 | 000,021,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Aplikacie\PerformanceTest\DirectIo.sys -- (DIRECTIO)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B1CA4EFD-2C92-4FD1-AF8E-E2C191E5961A}
IE:64bit: - HKLM\..\SearchScopes\{B1CA4EFD-2C92-4FD1-AF8E-E2C191E5961A}: "URL" = http://www.bing.com/search?q={searchTer ... -SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {B1CA4EFD-2C92-4FD1-AF8E-E2C191E5961A}
IE - HKLM\..\SearchScopes\{B1CA4EFD-2C92-4FD1-AF8E-E2C191E5961A}: "URL" = http://www.bing.com/search?q={searchTer ... -SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1593312618-3450129454-4001934851-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-1593312618-3450129454-4001934851-1000\..\SearchScopes,DefaultScope = {B1CA4EFD-2C92-4FD1-AF8E-E2C191E5961A}
IE - HKU\S-1-5-21-1593312618-3450129454-4001934851-1000\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={ ... rer:source?}
IE - HKU\S-1-5-21-1593312618-3450129454-4001934851-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKU\S-1-5-21-1593312618-3450129454-4001934851-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1593312618-3450129454-4001934851-1000\..\SearchScopes\{B1CA4EFD-2C92-4FD1-AF8E-E2C191E5961A}: "URL" = http://www.bing.com/search?q={searchTer ... -SearchBox
IE - HKU\S-1-5-21-1593312618-3450129454-4001934851-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Aplikacie\Mozilla Firefox\components [2012.03.17 19:43:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Aplikacie\Mozilla Firefox\plugins [2011.12.22 23:29:55 | 000,000,000 | ---D | M]

[2011.03.26 00:02:52 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml

O1 HOSTS File: ([2012.03.11 07:08:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKU\S-1-5-21-1593312618-3450129454-4001934851-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKU\S-1-5-21-1593312618-3450129454-4001934851-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Aplikacie\Adobe\Adobe Reader\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Aplikacie\Adobe\Adobe Reader\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Aplikacie\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Aplikacie\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1593312618-3450129454-4001934851-1000..\Run: [AlcoholAutomount] C:\Aplikacie\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-1593312618-3450129454-4001934851-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1593312618-3450129454-4001934851-1000..\Run: [Steam] C:\Aplikacie\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1593312618-3450129454-4001934851-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1593312618-3450129454-4001934851-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-1593312618-3450129454-4001934851-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O7 - HKU\S-1-5-21-1593312618-3450129454-4001934851-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Previesť cieľ odkazu do formátu Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Previesť do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Pridať cieľ odkazu do existujúceho súboru PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Pridať do existujúceho súboru PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Previesť cieľ odkazu do formátu Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Previesť do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Pridať cieľ odkazu do existujúceho súboru PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Pridať do existujúceho súboru PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7D758D2-D006-4EE0-A622-B33A923B5CEB}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.03.11 06:55:19 | 000,000,000 | R--D | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012.03.11 06:55:19 | 000,000,000 | R--D | M] - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Error creating restore point.

NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.aacacm - C:\Windows\SysWow64\AACACM.acm (fccHandler)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\SysWow64\ff_acm.acm ()
Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3pacm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://lame.sourceforge.net/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.LAGS - C:\Windows\SysWow64\lagarith.dll ( )
Drivers32: vidc.x264 - C:\Windows\SysWow64\x264vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2012.03.11 14:21:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.03.11 07:12:52 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.03.11 06:55:19 | 000,000,000 | R--D | C] -- C:\Autorun.inf
[2012.03.11 06:41:46 | 000,000,000 | ---D | C] -- C:\UsbFix
[2011.02.23 17:18:08 | 000,311,248 | ---- | C] (Adobe Systems, Inc.) -- C:\Windows\system32\config\systemprofile\AppData\Local\Temp
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2012.03.17 19:47:05 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.03.17 19:43:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.17 19:43:02 | 3195,420,672 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.17 13:27:32 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.17 13:27:32 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.17 03:06:43 | 000,729,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.17 03:06:43 | 000,618,108 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.17 03:06:43 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.17 03:00:05 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.03.11 07:08:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.03.11 06:55:21 | 000,009,690 | ---- | M] () -- C:\UsbFix_Upload_Me_KRÁSAVCOV.zip
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.03.17 14:43:24 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.03.11 06:46:54 | 000,009,690 | ---- | C] () -- C:\UsbFix_Upload_Me_KRÁSAVCOV.zip
[2012.03.10 16:52:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.03.10 16:52:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.03.10 16:52:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.03.10 16:52:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.03.10 16:52:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.02.28 18:06:38 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011.10.22 13:12:46 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat
[2011.09.05 21:50:51 | 000,000,304 | ---- | C] () -- C:\Windows\game.ini
[2011.08.08 21:20:13 | 000,722,802 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.08 14:33:03 | 000,151,013 | ---- | C] () -- C:\ProgramData\1312810111.bdinstall.bin
[2011.08.05 14:02:35 | 000,000,004 | ---- | C] () -- C:\Windows\info147.sys
[2011.07.06 00:29:24 | 000,152,876 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.05.13 08:58:12 | 002,785,280 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011.05.12 11:53:30 | 000,147,456 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011.04.11 18:09:18 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.26 20:02:44 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2011.03.19 10:06:02 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.03.19 10:04:28 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.02.13 10:33:22 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.02.10 05:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2010.12.21 17:47:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.11.19 10:26:19 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\wnaspi32.dll
[2010.11.19 10:23:28 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\GIF89.DLL
[2010.11.18 11:36:25 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2010.11.18 11:36:25 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2010.10.29 22:33:44 | 000,000,236 | ---- | C] () -- C:\Program Files (x86)\Common Files\dx.reg
[2010.10.29 22:33:43 | 000,874,502 | ---- | C] () -- C:\Windows\SysWow64\kernel32new.dll
[2010.10.29 22:33:43 | 000,716,153 | ---- | C] () -- C:\Windows\SysWow64\unins000.exe
[2010.10.29 22:33:43 | 000,681,478 | ---- | C] () -- C:\Windows\SysWow64\msvcrtnew.dll
[2010.10.29 22:33:43 | 000,002,685 | ---- | C] () -- C:\Windows\SysWow64\unins000.dat

========== LOP Check ==========

[2012.03.13 08:18:18 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< >

< >


< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 02:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\SysNative\autochk.exe
[2009.07.14 02:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2009.08.25 10:22:18 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.25 10:22:18 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\SoftwareDistribution\Download\00236e2e422dab929dcda56260d05350\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\ERDNT\cache86\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\SoftwareDistribution\Download\00236e2e422dab929dcda56260d05350\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\SoftwareDistribution\Download\00236e2e422dab929dcda56260d05350\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.25 10:22:18 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\SoftwareDistribution\Download\00236e2e422dab929dcda56260d05350\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009.08.25 10:22:18 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\SysNative\hal.dll
[2009.07.14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll

< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache86\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\ERDNT\cache64\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Aplikacie\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2010.04.09 12:06:28 | 001,898,376 | ---- | M] (Microsoft Corporation) MD5=7FC877A25796D8ADF539E64703FCA7E1 -- C:\Windows\ERDNT\cache64\tcpip.sys
[2010.04.09 12:06:28 | 001,898,376 | ---- | M] (Microsoft Corporation) MD5=7FC877A25796D8ADF539E64703FCA7E1 -- C:\Windows\SysNative\drivers\tcpip.sys
[2010.04.09 12:06:28 | 001,898,376 | ---- | M] (Microsoft Corporation) MD5=7FC877A25796D8ADF539E64703FCA7E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_0f2ca8c580036f65\tcpip.sys
[2009.07.14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2010.04.09 08:56:29 | 001,892,232 | ---- | M] (Microsoft Corporation) MD5=A9C0F786AC1F736891D05CE0A1D29DEB -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_0f9ea52499331463\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Aplikacie\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< >

< %systemroot%*.* /U /s >
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[12 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\00236e2e422dab929dcda56260d05350\*.tmp files -> C:\Windows\SoftwareDistribution\Download\00236e2e422dab929dcda56260d05350\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\0d0c2f40d428b2ca9a601a61e3d11182\*.tmp files -> C:\Windows\SoftwareDistribution\Download\0d0c2f40d428b2ca9a601a61e3d11182\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\2a39983fd145eeb6514efd03971ef2c3\*.tmp files -> C:\Windows\SoftwareDistribution\Download\2a39983fd145eeb6514efd03971ef2c3\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\2b5ff5b6a256d9d4ed1803d1e8bf9c52\*.tmp files -> C:\Windows\SoftwareDistribution\Download\2b5ff5b6a256d9d4ed1803d1e8bf9c52\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\a1e581821ceee028e0879d4fba563f51\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a1e581821ceee028e0879d4fba563f51\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\b31c960d33fd740b715f0dc72b6b0b56\*.tmp files -> C:\Windows\SoftwareDistribution\Download\b31c960d33fd740b715f0dc72b6b0b56\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\bed42f9374cff6cebd1c325c9fb173f5\*.tmp files -> C:\Windows\SoftwareDistribution\Download\bed42f9374cff6cebd1c325c9fb173f5\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\c19ee461de0c8579a5beb781d014cfaa\*.tmp files -> C:\Windows\SoftwareDistribution\Download\c19ee461de0c8579a5beb781d014cfaa\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\da4463397caf4338fc547a263ebe279e\*.tmp files -> C:\Windows\SoftwareDistribution\Download\da4463397caf4338fc547a263ebe279e\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\dd7f5a04cdc0968835cddb4a93095274\*.tmp files -> C:\Windows\SoftwareDistribution\Download\dd7f5a04cdc0968835cddb4a93095274\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\e787260fa2437591647f5d86cda6c33f\*.tmp files -> C:\Windows\SoftwareDistribution\Download\e787260fa2437591647f5d86cda6c33f\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\f5a91034011cdabd33f9c1ceb91d6b3b\*.tmp files -> C:\Windows\SoftwareDistribution\Download\f5a91034011cdabd33f9c1ceb91d6b3b\*.tmp -> ]
[1 C:\Windows\System32\config\systemprofile\AppData\Local\Hewlett-Packard\HPAdvisor.exe_Url_mcixdsg4ikd5i1gipqgefy0tj33souow\3.3.9512.3162\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Hewlett-Packard\HPAdvisor.exe_Url_mcixdsg4ikd5i1gipqgefy0tj33souow\3.3.9512.3162\*.tmp -> ]
[1 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Hewlett-Packard\HPAdvisor.exe_Url_mcixdsg4ikd5i1gipqgefy0tj33souow\3.3.9512.3162\*.tmp files -> C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Hewlett-Packard\HPAdvisor.exe_Url_mcixdsg4ikd5i1gipqgefy0tj33souow\3.3.9512.3162\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.10.10 09:31:21 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\Adobe
[2010.09.02 16:46:39 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\ATI
[2011.08.08 20:08:30 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\AVG10
[2011.01.12 21:49:47 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\BSplayer PRO
[2010.11.25 23:00:55 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\Codemasters
[2010.10.03 13:45:21 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\CyberLink
[2010.11.19 09:31:17 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\DAEMON Tools
[2012.03.10 12:51:05 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\DAEMON Tools Lite
[2010.11.19 09:31:17 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\DAEMON Tools Pro
[2011.12.25 00:01:06 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\dvdcss
[2011.04.23 20:16:43 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\FairStars Audio Converter Pro
[2011.06.24 14:58:27 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\Games
[2011.02.16 16:21:32 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\GHISLER
[2012.03.07 21:46:51 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\Gmail Notifier
[2010.09.29 17:30:46 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\Hewlett-Packard
[2010.09.02 16:45:10 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\hpqlog
[2010.09.02 16:50:41 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\HpUpdate
[2010.09.02 16:45:21 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\Identities
[2011.04.07 20:48:39 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\JAM Software
[2011.12.09 17:34:15 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\Kalypso Media
[2011.07.15 12:23:14 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\Leadertech
[2011.07.14 17:14:21 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\Lionhead Studios
[2011.07.05 15:22:46 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\LolClient
[2010.09.29 14:36:30 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\Macromedia
[2011.08.09 07:38:16 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\Malwarebytes
[2009.08.25 10:19:46 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\Media Center Programs
[2012.03.10 12:51:05 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\Media Player Classic
[2012.01.15 15:04:14 | 000,000,000 | --SD | M] -- C:\Users\Krásavec\AppData\Roaming\Microsoft
[2011.03.08 13:57:58 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\Microsoft Games
[2011.08.10 21:29:41 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\Mount&Blade
[2011.08.11 13:40:37 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\Mount&Blade Warband
[2010.12.21 17:47:33 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\Mozilla
[2010.12.11 11:10:49 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\Nero
[2011.08.23 10:25:23 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\Nitro PDF
[2011.06.12 23:58:24 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\Nullsoft
[2011.08.23 10:03:55 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\OpenCandy
[2011.08.23 10:10:12 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\PrimoPDF
[2011.08.08 14:29:28 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\QuickScan
[2011.04.08 07:22:14 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\Recruitment Viewer
[2010.11.25 23:00:16 | 000,000,000 | RH-D | M] -- C:\Users\Krásavec\AppData\Roaming\SecuROM
[2011.04.15 19:29:50 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\The Creative Assembly
[2012.01.19 15:42:24 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\Tropico 4
[2011.03.25 17:20:29 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\Ubisoft
[2012.03.17 13:52:41 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\uTorrent
[2010.12.28 20:26:01 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\vlc
[2010.09.29 14:36:28 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\WildTangent
[2011.06.12 23:49:34 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\Win7codecs
[2012.03.11 09:44:41 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\Winamp
[2010.09.06 11:32:13 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\WinRAR
[2011.05.31 14:14:14 | 000,000,000 | ---D | M] -- C:\Users\Krásavec\AppData\Roaming\XRay Engine

< %APPDATA%\*.exe /s >
[2011.08.23 10:03:57 | 000,416,160 | ---- | M] () -- C:\Users\Krásavec\AppData\Roaming\OpenCandy\OpenCandy_1A5AFD1C3F35408EBF2492C43413B095\LatestDLMgr.exe
[2011.08.23 10:06:26 | 033,975,384 | ---- | M] () -- C:\Users\Krásavec\AppData\Roaming\OpenCandy\OpenCandy_1A5AFD1C3F35408EBF2492C43413B095\NitroPDFen64_p2v1Installer.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"LightScribe Control Panel" = C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden -- [2009.08.20 12:25:58 | 002,363,392 | ---- | M] (Hewlett-Packard Company)
"HPADVISOR" = C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW -- [2009.09.29 15:26:44 | 001,685,048 | ---- | M] (Hewlett-Packard)
"ISUSPM Startup" = C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup -- [2004.08.09 05:03:58 | 000,221,184 | ---- | M] (InstallShield Software Corporation)
"Pando Media Booster" = C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe -- [2011.07.05 12:59:07 | 003,077,528 | ---- | M] ()
"AlcoholAutomount" = "C:\Aplikacie\Alcohol 120\AxAutoMntSrv.exe" -automount -- [2010.08.20 12:03:08 | 000,033,120 | ---- | M] (Alcohol Soft Development Team)
"Steam" = "C:\Aplikacie\Steam\steam.exe" -silent -- [2011.12.22 21:12:52 | 001,242,448 | ---- | M] (Valve Corporation)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2011.04.22 20:29:16 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=64EFAF916C4009F1B84153D0BB491FB0 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.03.17 19:47:05 | 000,000,512 | ---- | M] () MD5=08E7D57D55D2F856F0393C825FEB65EA -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2011.02.18 16:23:21 | 000,002,748 | ---- | M] () -- \Aplikacie\Empire Total War\data\UI\Campaign UI\Pips\military-crackdown-repression.tga
[2011.05.23 21:38:52 | 000,000,114 | ---- | M] () -- \Aplikacie\JDownloader\jd\img\hosterlogos\cracked.com.png
[2011.12.09 16:43:45 | 000,004,328 | ---- | M] () -- \Aplikacie\JDownloader\jd\plugins\hoster\CrackedCom.class
[2011.08.04 20:35:23 | 000,020,178 | ---- | M] () -- \Users\Krásavec\AppData\Roaming\uTorrent\SR2020 6.8.1+crack.1.torrent
[2011.06.24 12:15:18 | 000,019,998 | ---- | M] () -- \Users\Krásavec\AppData\Roaming\uTorrent\SR2020 6.8.1+crack.torrent
[2009.09.25 16:47:22 | 000,000,573 | ---- | M] () -- \Users\Krásavec\Desktop\Down\Mystery - Openers & Routines\misc (19)\roleplaying (8)\Smoke Crack C&F Frame.txt
[2011.08.04 20:35:23 | 000,020,178 | ---- | M] () -- \Users\Krásavec\Desktop\STIAHNUTE\O-Demonoid.me-O_Supreme_Ruler_2020_(or_gold_or_GC)_6_8_1_Patch_crack_8968945.0744.torrent
[2010.06.12 02:38:30 | 001,500,062 | ---- | M] () -- \Users\Krásavec\Desktop\Zuf\Keys_To_Power_Persuasion_Course_cracked\Keys_To_Power_Persuasion_Course_cracked\Keys_To_Power_Persuasion_Course_cracked.pdf

< *keygen* /s >

< *loader* /s >
[2008.03.18 06:31:00 | 000,009,216 | R--- | M] () -- \Aplikacie\Adobe\Adobe Reader\PDFMaker\AutoCAD\OD\AecDummyLoader_2.05_8.dll
[2011.02.16 11:20:44 | 000,214,528 | ---- | M] () -- \Aplikacie\JDownloader\JDownloader.exe
[2011.02.16 11:20:44 | 000,593,293 | ---- | M] () -- \Aplikacie\JDownloader\JDownloader.jar
[2011.03.26 00:03:32 | 000,001,261 | ---- | M] () -- \Aplikacie\JDownloader\JDownloader.log
[2010.12.15 13:59:32 | 000,218,816 | ---- | M] () -- \Aplikacie\JDownloader\JDownloaderBETA.exe
[2010.12.15 13:59:32 | 000,218,816 | ---- | M] () -- \Aplikacie\JDownloader\JDownloaderD3D.exe
[2011.03.26 00:05:40 | 000,000,105 | ---- | M] () -- \Aplikacie\JDownloader\jd\img\hosterlogos\uploader.pl.png
[2011.12.09 16:41:06 | 000,007,073 | ---- | M] () -- \Aplikacie\JDownloader\jd\plugins\hoster\UploaderPl.class
[2010.12.14 17:30:40 | 000,032,222 | ---- | M] () -- \Aplikacie\JDownloader\licenses\jdownloader.license
[2008.03.18 06:31:00 | 000,009,216 | R--- | M] () -- \Program Files (x86)\Adobe\Acrobat 9.0\PDFMaker\AutoCAD\OD\AecDummyLoader_2.05_8.dll
[2010.03.24 19:12:34 | 000,249,680 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2010.03.24 19:12:34 | 000,018,264 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2009.09.18 23:49:08 | 000,058,664 | ---- | M] () -- \Program Files (x86)\CyberLink\DVD Suite\koan\pyloader.dll
[2009.07.06 20:20:32 | 002,184,488 | ---- | M] () -- \Program Files (x86)\CyberLink\Shared files\Plugin\5.0\CES_3DLoaderFBX.dll
[2009.10.07 10:42:28 | 000,053,248 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\HP Setup\ContentDownloader.exe
[2009.10.07 10:30:48 | 000,005,974 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\HP Setup\ContentDownloader.exe.config
[2009.10.02 21:39:24 | 000,010,498 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\Media\DVD\System\KernelCtrl\ImageLoader.kc
[2009.10.02 21:39:24 | 000,010,146 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\Media\DVD\System\KernelCtrl\ImageLoader2.kc
[2009.10.02 21:39:24 | 000,003,499 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\Media\DVD\Widget\langloader.kc
[2009.10.02 21:39:24 | 000,012,438 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\Media\DVD\Widget\layoutloader.kc
[2009.09.25 12:48:22 | 000,003,124 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\Media\iTV\Kernel\Partner\FLVLoader.html
[2009.09.25 12:48:22 | 000,000,974 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\Media\iTV\Kernel\Partner\FLVLoader.swf
[2009.09.25 12:48:32 | 000,009,317 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\Media\iTV\mm\MediaCtrl\ImageDownloader.kc
[2009.09.25 12:48:32 | 000,009,737 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\Media\iTV\mm\MediaCtrl\ImageLoader.kc
[2009.09.25 12:48:40 | 000,003,552 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\Media\iTV\Widget\langloader.kc
[2009.09.25 12:48:40 | 000,012,573 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\Media\iTV\Widget\layoutloader.kc
[2009.10.06 21:57:20 | 000,010,905 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\Media\Live TV\mm\MediaCtrl\ImageLoader.kc
[2009.10.06 21:57:26 | 000,003,521 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\Media\Live TV\Widget\langloader.kc
[2009.10.06 21:57:26 | 000,012,542 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\Media\Live TV\Widget\layoutloader.kc
[2009.10.02 11:39:46 | 002,475,304 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\Media\Webcam\CES_3DLoaderFBX.dll
[2009.10.02 11:41:24 | 000,058,664 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\Media\Webcam\koan\pyloader.dll
[2009.10.02 11:39:20 | 000,014,262 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\Media\Webcam\subsys\Uploader\PyUploader.kc
[2009.10.02 11:42:02 | 000,165,160 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\Media\Webcam\subsys\Uploader\_PyUploader.pyd
[2009.10.05 22:08:58 | 002,475,304 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\Dump\CES\CES_3DLoaderFBX.dll
[2009.10.05 22:10:12 | 000,058,664 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Koan\pyloader.dll
[2009.10.05 22:10:56 | 000,011,870 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\TouchSmart\Media\System\KernelCtrl\ImageLoader.kc
[2009.10.05 22:10:56 | 000,025,809 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\TouchSmart\Media\System\KernelCtrl\ImageLoader2.kc
[2009.10.05 22:10:56 | 000,003,236 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\TouchSmart\Media\System\KernelCtrl\URLDownloader.kc
[2009.10.05 22:11:00 | 000,003,952 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Widget\langloader.kc
[2009.10.05 22:11:00 | 000,013,920 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Widget\layoutloader.kc
[2009.06.26 17:13:48 | 000,674,544 | ---- | M] () -- \Program Files (x86)\HP Games\HP Game Console\WTDownloader.exe
[2009.05.31 03:21:00 | 000,071,008 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2009.05.31 03:21:00 | 000,073,568 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader64.dll
[2010.03.24 19:35:48 | 000,370,512 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll
[2010.03.24 19:35:48 | 000,018,264 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2009.11.27 22:42:04 | 000,007,697 | ---- | M] () -- \Program Files\Java\jdk1.6.0_15\demo\jvmti\hprof\src\hprof_loader.c
[2009.11.27 22:42:04 | 000,002,173 | ---- | M] () -- \Program Files\Java\jdk1.6.0_15\demo\jvmti\hprof\src\hprof_loader.h
[2009.11.27 22:41:58 | 000,000,455 | ---- | M] () -- \Program Files\Java\jdk1.6.0_15\lib\visualvm\platform9\config\Modules\org-openide-loaders.xml
[2009.11.27 22:41:59 | 001,063,930 | ---- | M] () -- \Program Files\Java\jdk1.6.0_15\lib\visualvm\platform9\modules\org-openide-loaders.jar
[2009.11.27 22:41:59 | 000,000,373 | ---- | M] () -- \Program Files\Java\jdk1.6.0_15\lib\visualvm\platform9\update_tracking\org-openide-loaders.xml
[2010.03.15 10:27:20 | 000,054,784 | ---- | M] () -- \Program Files\WinRAR\Formats\ace32loader.exe
[2011.03.26 00:03:06 | 000,000,362 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader Support.lnk
[2011.03.26 00:03:06 | 000,000,893 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader.lnk
[2011.03.26 00:03:09 | 000,000,868 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader\Uninstall JDownloader.lnk
[2009.09.23 13:39:12 | 000,000,232 | ---- | M] () -- \ProgramData\Nero\OnlineServices\NOSWebConfig\MySpace\uploadError.xml
[2009.06.26 17:14:40 | 000,000,747 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\Common\css\online_loader.css
[2009.06.26 17:14:46 | 000,000,640 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\Common\img\mini_loader_off.gif
[2009.06.26 17:14:46 | 000,002,068 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\Common\img\mini_loader_on.gif
[2009.06.26 17:14:46 | 000,012,527 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\Common\img\windowed_loader_75.gif
[2009.06.26 17:14:48 | 000,003,194 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\Common\js\online_loader.js
[2009.06.26 17:18:14 | 000,000,659 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\de\Online_Loader.html
[2009.06.26 17:15:10 | 000,003,083 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\de\img\going_online_loader.gif
[2009.06.26 17:15:10 | 000,003,241 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\de\img\onlineloader_retry.gif
[2009.06.26 17:15:08 | 000,000,600 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\de\swf\loader_web.swf
[2009.06.26 17:18:42 | 000,000,659 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\en\Online_Loader.html
[2009.06.26 17:14:58 | 000,003,065 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\en\img\going_online_loader.gif
[2009.06.26 17:14:58 | 000,003,097 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\en\img\onlineloader_retry.gif
[2009.06.26 17:14:56 | 000,000,600 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\en\swf\loader_web.swf
[2009.06.26 17:17:40 | 000,000,659 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\en-us\Online_Loader.html
[2009.06.26 17:15:04 | 000,000,600 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\en-us\fs_wire\swf\loader_web.swf
[2009.06.26 17:15:04 | 000,003,065 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\en-us\img\going_online_loader.gif
[2009.06.26 17:15:04 | 000,003,097 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\en-us\img\onlineloader_retry.gif
[2009.06.26 17:19:12 | 000,000,659 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\es\Online_Loader.html
[2009.06.26 17:15:06 | 000,003,199 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\es\img\going_online_loader.gif
[2009.06.26 17:15:06 | 000,003,515 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\es\img\onlineloader_retry.gif
[2009.06.26 17:15:06 | 000,000,600 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\es\swf\loader_web.swf
[2009.06.26 17:19:40 | 000,000,659 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\es-es\Online_Loader.html
[2009.06.26 17:15:12 | 000,003,031 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\es-es\img\going_online_loader.gif
[2009.06.26 17:15:12 | 000,003,665 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\es-es\img\onlineloader_retry.gif
[2009.06.26 17:15:10 | 000,000,600 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\es-es\swf\loader_web.swf
[2009.06.26 17:20:10 | 000,000,659 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\fr\Online_Loader.html
[2009.06.26 17:15:08 | 000,003,143 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\fr\img\going_online_loader.gif
[2009.06.26 17:15:08 | 000,003,545 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\fr\img\onlineloader_retry.gif
[2009.06.26 17:15:08 | 000,000,600 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\fr\swf\loader_web.swf
[2009.06.26 17:20:38 | 000,000,659 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\it\Online_Loader.html
[2009.06.26 17:15:14 | 000,003,186 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\it\img\going_online_loader.gif
[2009.06.26 17:15:14 | 000,003,368 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\it\img\onlineloader_retry.gif
[2009.06.26 17:15:12 | 000,000,600 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\it\swf\loader_web.swf
[2009.06.26 17:21:08 | 000,000,659 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\ko-kr\Online_Loader.html
[2009.06.26 17:15:02 | 000,003,160 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\ko-kr\img\going_online_loader.gif
[2009.06.26 17:15:02 | 000,003,054 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\ko-kr\img\onlineloader_retry.gif
[2009.06.26 17:15:00 | 000,000,600 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\ko-kr\swf\loader_web.swf
[2009.06.26 17:21:36 | 000,000,659 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\zh\Online_Loader.html
[2009.06.26 17:14:56 | 000,003,111 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\zh\img\going_online_loader.gif
[2009.06.26 17:14:56 | 000,003,092 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\zh\img\onlineloader_retry.gif
[2009.06.26 17:14:56 | 000,000,600 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\zh\swf\loader_web.swf
[2009.06.26 17:22:04 | 000,000,659 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\zh-cn\Online_Loader.html
[2009.06.26 17:14:54 | 000,002,778 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\zh-cn\img\going_online_loader.gif
[2009.06.26 17:14:54 | 000,003,219 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\zh-cn\img\onlineloader_retry.gif
[2009.06.26 17:14:54 | 000,000,600 | ---- | M] () -- \ProgramData\WildTangent\My HP Game Console\UI\htdocs2\zh-cn\swf\loader_web.swf
[2009.07.06 20:20:32 | 002,184,488 | ---- | M] () -- \SwSetup\CyberDVD\Stage1\PDIR\ShareFiles\Share\Plugin\5.0\CES_3DLoaderFBX.dll
[2011.03.26 00:03:06 | 000,000,362 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader Support.lnk
[2011.03.26 00:03:06 | 000,000,893 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader.lnk
[2011.03.26 00:03:09 | 000,000,868 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\JDownloader\Uninstall JDownloader.lnk
[2009.09.23 13:39:12 | 000,000,232 | ---- | M] () -- \Users\All Users\Nero\OnlineServices\NOSWebConfig\MySpace\uploadError.xml
[2009.06.26 17:14:40 | 000,000,747 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\Common\css\online_loader.css
[2009.06.26 17:14:46 | 000,000,640 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\Common\img\mini_loader_off.gif
[2009.06.26 17:14:46 | 000,002,068 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\Common\img\mini_loader_on.gif
[2009.06.26 17:14:46 | 000,012,527 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\Common\img\windowed_loader_75.gif
[2009.06.26 17:14:48 | 000,003,194 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\Common\js\online_loader.js
[2009.06.26 17:18:14 | 000,000,659 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\de\Online_Loader.html
[2009.06.26 17:15:10 | 000,003,083 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\de\img\going_online_loader.gif
[2009.06.26 17:15:10 | 000,003,241 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\de\img\onlineloader_retry.gif
[2009.06.26 17:15:08 | 000,000,600 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\de\swf\loader_web.swf
[2009.06.26 17:18:42 | 000,000,659 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\en\Online_Loader.html
[2009.06.26 17:14:58 | 000,003,065 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\en\img\going_online_loader.gif
[2009.06.26 17:14:58 | 000,003,097 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\en\img\onlineloader_retry.gif
[2009.06.26 17:14:56 | 000,000,600 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\en\swf\loader_web.swf
[2009.06.26 17:17:40 | 000,000,659 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\en-us\Online_Loader.html
[2009.06.26 17:15:04 | 000,000,600 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\en-us\fs_wire\swf\loader_web.swf
[2009.06.26 17:15:04 | 000,003,065 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\en-us\img\going_online_loader.gif
[2009.06.26 17:15:04 | 000,003,097 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\en-us\img\onlineloader_retry.gif
[2009.06.26 17:19:12 | 000,000,659 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\es\Online_Loader.html
[2009.06.26 17:15:06 | 000,003,199 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\es\img\going_online_loader.gif
[2009.06.26 17:15:06 | 000,003,515 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\es\img\onlineloader_retry.gif
[2009.06.26 17:15:06 | 000,000,600 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\es\swf\loader_web.swf
[2009.06.26 17:19:40 | 000,000,659 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\es-es\Online_Loader.html
[2009.06.26 17:15:12 | 000,003,031 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\es-es\img\going_online_loader.gif
[2009.06.26 17:15:12 | 000,003,665 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\es-es\img\onlineloader_retry.gif
[2009.06.26 17:15:10 | 000,000,600 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\es-es\swf\loader_web.swf
[2009.06.26 17:20:10 | 000,000,659 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\fr\Online_Loader.html
[2009.06.26 17:15:08 | 000,003,143 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\fr\img\going_online_loader.gif
[2009.06.26 17:15:08 | 000,003,545 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\fr\img\onlineloader_retry.gif
[2009.06.26 17:15:08 | 000,000,600 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\fr\swf\loader_web.swf
[2009.06.26 17:20:38 | 000,000,659 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\it\Online_Loader.html
[2009.06.26 17:15:14 | 000,003,186 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\it\img\going_online_loader.gif
[2009.06.26 17:15:14 | 000,003,368 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\it\img\onlineloader_retry.gif
[2009.06.26 17:15:12 | 000,000,600 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\it\swf\loader_web.swf
[2009.06.26 17:21:08 | 000,000,659 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\ko-kr\Online_Loader.html
[2009.06.26 17:15:02 | 000,003,160 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\ko-kr\img\going_online_loader.gif
[2009.06.26 17:15:02 | 000,003,054 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\ko-kr\img\onlineloader_retry.gif
[2009.06.26 17:15:00 | 000,000,600 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\ko-kr\swf\loader_web.swf
[2009.06.26 17:21:36 | 000,000,659 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\zh\Online_Loader.html
[2009.06.26 17:14:56 | 000,003,111 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\zh\img\going_online_loader.gif
[2009.06.26 17:14:56 | 000,003,092 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\zh\img\onlineloader_retry.gif
[2009.06.26 17:14:56 | 000,000,600 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\zh\swf\loader_web.swf
[2009.06.26 17:22:04 | 000,000,659 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\zh-cn\Online_Loader.html
[2009.06.26 17:14:54 | 000,002,778 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\zh-cn\img\going_online_loader.gif
[2009.06.26 17:14:54 | 000,003,219 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\zh-cn\img\onlineloader_retry.gif
[2009.06.26 17:14:54 | 000,000,600 | ---- | M] () -- \Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\zh-cn\swf\loader_web.swf