preventivka_díky

Zpráva

northendcz · #1 Příspěvek od **northendcz** » 09 zář 2012 14:33

Logfile of random's system information tool 1.09 (written by random/random)
Run by Northend at 2012-09-09 15:31:42
Microsoft Windows 7 Starter
System drive C: has 18 GB (29%) free of 62 GB
Total RAM: 2037 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:32:04, on 9.9.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\windows\Explorer.EXE
C:\windows\system32\Dwm.exe
C:\windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Y soft\SafeQ Client\Client\SafeQ Client.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
C:\Users\Northend\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\hkcmd.exe
C:\windows\system32\igfxtray.exe
C:\windows\system32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files\Trillian\trillian.exe
c:\program files\trillian\plugins\skypekit.exe
C:\windows\system32\conhost.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskmgr.exe
C:\Users\Northend\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Northend\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Northend\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Northend\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Northend\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Northend\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Northend\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Northend\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Northend\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Northend\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Northend\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Northend\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\Northend\Desktop\RSIT.exe
C:\Program Files\trend micro\Northend.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: W2PBrowser Browser Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SafeQ Client] "C:\Program Files\Y Soft\SafeQ Client\Client\SafeQ Client.exe"
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Northend\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\Northend\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\windows\System32\SUPDSvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

--
End of file - 7792 bytes

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-459703492-136551128-3912174221-1000Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-459703492-136551128-3912174221-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-07-05 453544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA609D72-8482-4076-8991-8CDAE5B93BCB}]
W2PBrowser Class - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [2010-08-23 1236992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-07-05 157616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-07-14 9378408]
"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2010-08-31 1806728]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-03-07 4241512]
"SafeQ Client"=C:\Program Files\Y Soft\SafeQ Client\Client\SafeQ Client.exe [2010-09-29 262144]
"Cisco AnyConnect Secure Mobility Agent for Windows"=C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2012-01-13 527312]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"Google Update"=C:\Users\Northend\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-18 136176]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SRS Premium Sound.lnk - C:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut6_96BE12D997374F89986526ECCB660D4F.exe

C:\Users\Northend\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Northend\AppData\Roaming\Dropbox\bin\Dropbox.exe
Trillian.lnk - C:\Program Files\Trillian\trillian.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-04-19 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"msacm.divxa32"=msaud32_divx.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - "C:\windows\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2012-08-21 17:00:11 ----D---- C:\Program Files\Oracle
2012-08-21 16:59:37 ----A---- C:\windows\system32\javaws.exe
2012-08-21 16:59:24 ----A---- C:\windows\system32\javaw.exe
2012-08-21 16:59:24 ----A---- C:\windows\system32\java.exe
2012-08-12 11:15:24 ----D---- C:\windows\Minidump

======List of files/folders modified in the last 1 month======

2012-09-09 15:31:58 ----D---- C:\windows\Temp
2012-09-09 15:31:56 ----D---- C:\windows\Prefetch
2012-09-09 15:31:47 ----D---- C:\Program Files\trend micro
2012-09-09 15:25:20 ----D---- C:\windows\inf
2012-09-09 15:25:19 ----D---- C:\Windows
2012-09-08 15:12:35 ----D---- C:\Users\Northend\AppData\Roaming\Dropbox
2012-09-07 13:10:40 ----D---- C:\Users\Northend\AppData\Roaming\vlc
2012-09-06 18:46:19 ----D---- C:\windows\system32\config
2012-09-06 18:44:21 ----SHD---- C:\System Volume Information
2012-09-02 15:01:22 ----D---- C:\windows\System32
2012-09-02 15:01:22 ----A---- C:\windows\system32\PerfStringBackup.INI
2012-09-02 10:00:32 ----D---- C:\Program Files\Trillian
2012-08-28 15:53:51 ----D---- C:\Program Files\FreeRapid-0.86u1
2012-08-26 16:52:17 ----SHD---- C:\windows\Installer
2012-08-26 16:52:12 ----D---- C:\Users\Northend\AppData\Roaming\Mozilla
2012-08-21 17:00:11 ----RD---- C:\Program Files
2012-08-13 08:59:52 ----D---- C:\windows\system32\wdi

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2009-06-04 330264]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswRdr;aswRdr; C:\windows\System32\Drivers\aswrdr2.sys [2012-03-07 44376]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2012-03-07 612184]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2012-03-07 337880]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2012-03-07 53848]
R1 SABI;SAMSUNG Kernel Driver For Windows 7; \??\C:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [2012-03-07 20696]
R2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athr.sys [2010-09-02 1247744]
R3 ETD;ELAN PS/2 Port Input Device; C:\windows\system32\DRIVERS\ETD.sys [2010-08-31 100744]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2010-04-19 4806144]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHDA.sys [2010-07-14 3137128]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\windows\system32\DRIVERS\serscan.sys [2009-07-14 9216]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\windows\system32\DRIVERS\wacommousefilter.sys [2010-10-05 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\windows\system32\DRIVERS\wacomvhid.sys [2010-10-05 14120]
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 acsock;acsock; C:\windows\system32\DRIVERS\acsock.sys [2012-01-13 87976]
S3 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 fssfltr;FssFltr; C:\windows\system32\DRIVERS\fssfltr.sys [2010-04-28 54632]
S3 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-14 139776]
S3 sisagp;SIS AGP Bus Filter; C:\windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 viaagp;VIA AGP Bus Filter; C:\windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vpnva;Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows; C:\windows\system32\DRIVERS\vpnva.sys [2011-12-15 23464]
S3 wacmoumonitor;Wacom Mode Helper; C:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-05 16240]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-03-07 44768]
R2 TabletServicePen;TabletServicePen; C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2010-10-21 4869488]
R2 TouchServicePen;Wacom Consumer Touch Service; C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2010-10-21 416112]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-01-13 476112]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-14 116648]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2012-03-18 85096]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-04-28 704872]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-14 116648]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-10 136120]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Samsung UPD Service;Samsung UPD Service; C:\windows\System32\SUPDSvc.exe [2010-08-09 131888]

-----------------EOF-----------------

#2 Příspěvek od **Márty84** » 09 zář 2012 17:47

Zdravim

Na logu se pracuje, bude to nejakou dobu trvat.

#3 Příspěvek od **Márty84** » 09 zář 2012 17:57

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne

Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe a ulozte nejlepe na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Do leveho okna zkopirujte tento skript (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]

:services
gupdate
gupdatem
gusvc

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-459703492-136551128-3912174221-1000Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-459703492-136551128-3912174221-1000UA.job

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"googletalk"=-
"SunJavaUpdateSched"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=-

Kliknete na MoveIt a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu sem dejte log, ktery na vas vyskoci, nebo bude zde C:\_OTM\MovedFiles\xxxxxxxx_xxxxxx (misto tech x budou cisla, predstavujici datum a cas spusteni)

Udelejte !!!uplnou!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

northendcz · #4 Příspěvek od **northendcz** » 10 zář 2012 09:30

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Northend
->Temp folder emptied: 147205 bytes
->Temporary Internet Files folder emptied: 604444 bytes
->Java cache emptied: 3836515 bytes
->Google Chrome cache emptied: 263936861 bytes
->Flash cache emptied: 680 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3262 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50507 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 556 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 256.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Northend
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service gusvc stopped successfully!
Service gusvc deleted successfully!
========== FILES ==========
File/Folder C:\windows\system32\*.tmp.dll not found.
File/Folder C:\windows\system32\SET*.tmp not found.
File/Folder C:\windows\*.tmp not found.
C:\windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-459703492-136551128-3912174221-1000Core.job moved successfully.
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-459703492-136551128-3912174221-1000UA.job moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\googletalk deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.

OTM by OldTimer - Version 3.1.21.0 log created on 09102012_102049

Files moved on Reboot...
File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

northendcz · #5 Příspěvek od **northendcz** » 10 zář 2012 10:50

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Verze databáze: v2012.09.10.02

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Northend :: NORTHENDNETBOOK [administrátor]

10.9.2012 10:34:29
mbam-log-2012-09-10 (11-50-04).txt

Typ: Úplná kontrola (C:\|D:\|E:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 308800
Uplynulý čas: 1 hodin, 14 minut, 23 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 3
C:\Program Files\QtOctave\octave\libexec\octave\packages\image-1.0.4\i686-pc-msdosmsvc-api-v32\bwfill.oct (Trojan.Dropper) -> Žádná instrukce nebyla provedena.
D:\-=INSTALL=-\AutoCAD_2008_CZ\AutoCAD 2008 CZ\AutoCAD-2008-keygen.exe (RiskWare.Tool.CK) -> Žádná instrukce nebyla provedena.
D:\-=INSTALL=-\google sketchUP\Keygen\keygen.exe (Trojan.Agent.CK) -> Žádná instrukce nebyla provedena.

(konec)

#6 Příspěvek od **Márty84** » 10 zář 2012 13:56

OTM provedlo co melo.

Nalezy MBAM doporucuji smazat.

Pak MBAM odinstalujte.

Nainstalujte SP1

Vlozte novy log z RSIT a napiste, jak to s pc vypada

northendcz · #7 Příspěvek od **northendcz** » 10 zář 2012 18:10

SP1 znamená service pack pro win?
-odinstalováno
rsit log udělám po instalaci SP1 (ať je to co je to)
pc je nejspíše rychlejší, (ale možná je to subjektivní je to jen malý netbook ten rychlej nikdy nebude)
poradíš s tím SP1? kde to stáhnout?

Edit1: Povolil jsem automatické aktualizace, už to něco tahá, uvidíme...
EDIT2: Po pár restartech a aktualizaci aktualizačního programu se stáhlo mnoho aktualizací... čekám na RSIT

#8 Příspěvek od **Márty84** » 10 zář 2012 18:30

Ano, SP1 znamena Service Pack 1 a spravne, stahnout ho pres automaticke aktualizace je nejlepsi

Az prohlednu RSIT, zkusime tam hodit jeste jeden skener a treba to jeste trosku zrychlime

northendcz · #9 Příspěvek od **northendcz** » 11 zář 2012 08:03

Logfile of random's system information tool 1.09 (written by random/random)
Run by Northend at 2012-09-11 09:00:27
Microsoft Windows 7 Starter
System drive C: has 12 GB (20%) free of 62 GB
Total RAM: 2037 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:00:54, on 11.9.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Y soft\SafeQ Client\Client\SafeQ Client.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Users\Northend\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Trillian\trillian.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\hkcmd.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\igfxtray.exe
C:\windows\system32\igfxpers.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Users\Northend\AppData\Local\Google\Chrome\Application\chrome.exe
c:\program files\trillian\plugins\skypekit.exe
C:\windows\system32\conhost.exe
C:\Users\Northend\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Northend\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Northend\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Northend\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Northend\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Northend\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Users\Northend\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Northend\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Northend\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Northend\Desktop\RSIT.exe
C:\Program Files\trend micro\Northend.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: W2PBrowser Browser Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SafeQ Client] "C:\Program Files\Y Soft\SafeQ Client\Client\SafeQ Client.exe"
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\Northend\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\windows\System32\SUPDSvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

--
End of file - 6604 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-07-05 453544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA609D72-8482-4076-8991-8CDAE5B93BCB}]
W2PBrowser Class - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [2010-08-23 1236992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-07-05 157616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-07-14 9378408]
"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2010-08-31 1806728]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-03-07 4241512]
"SafeQ Client"=C:\Program Files\Y Soft\SafeQ Client\Client\SafeQ Client.exe [2010-09-29 262144]
"Cisco AnyConnect Secure Mobility Agent for Windows"=C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2012-01-13 527312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SRS Premium Sound.lnk - C:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut6_96BE12D997374F89986526ECCB660D4F.exe

C:\Users\Northend\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Northend\AppData\Roaming\Dropbox\bin\Dropbox.exe
Trillian.lnk - C:\Program Files\Trillian\trillian.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-04-19 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"msacm.divxa32"=msaud32_divx.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - "C:\windows\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2012-09-10 22:42:41 ----A---- C:\windows\system32\MRT.exe
2012-09-10 22:30:01 ----A---- C:\windows\system32\PresentationHostProxy.dll
2012-09-10 22:30:01 ----A---- C:\windows\system32\PresentationHost.exe
2012-09-10 22:30:01 ----A---- C:\windows\system32\mscoree.dll
2012-09-10 22:30:00 ----A---- C:\windows\system32\netfxperf.dll
2012-09-10 22:30:00 ----A---- C:\windows\system32\dfshim.dll
2012-09-10 21:58:46 ----A---- C:\windows\system32\wmi.dll
2012-09-10 21:58:46 ----A---- C:\windows\system32\drivers\fs_rec.sys
2012-09-10 21:58:45 ----A---- C:\windows\system32\wintrust.dll
2012-09-10 21:58:45 ----A---- C:\windows\system32\imagehlp.dll
2012-09-10 21:57:11 ----A---- C:\windows\system32\browserchoice.exe
2012-09-10 21:49:34 ----A---- C:\windows\system32\drivers\usbvideo.sys
2012-09-10 21:49:34 ----A---- C:\windows\system32\drivers\ks.sys
2012-09-10 21:47:53 ----D---- C:\Program Files\MSXML 4.0
2012-09-10 21:46:52 ----A---- C:\windows\system32\wcncsvc.dll
2012-09-10 21:44:07 ----A---- C:\windows\system32\comctl32.dll
2012-09-10 21:44:02 ----A---- C:\windows\system32\win32spl.dll
2012-09-10 21:44:02 ----A---- C:\windows\system32\spoolsv.exe
2012-09-10 21:43:56 ----A---- C:\windows\system32\msi.dll
2012-09-10 21:43:53 ----A---- C:\windows\system32\mfc40u.dll
2012-09-10 21:43:53 ----A---- C:\windows\system32\mfc40.dll
2012-09-10 21:43:07 ----A---- C:\windows\system32\KernelBase.dll
2012-09-10 21:43:06 ----A---- C:\windows\system32\kernel32.dll
2012-09-10 21:43:06 ----A---- C:\windows\system32\conhost.exe
2012-09-10 21:43:05 ----AH---- C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-09-10 21:43:05 ----A---- C:\windows\system32\winsrv.dll
2012-09-10 21:43:01 ----AH---- C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-09-10 21:43:01 ----AH---- C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-09-10 21:43:01 ----AH---- C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-09-10 21:43:01 ----AH---- C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-09-10 21:43:00 ----AH---- C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-09-10 21:43:00 ----AH---- C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-09-10 21:43:00 ----AH---- C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-09-10 21:43:00 ----AH---- C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-09-10 21:43:00 ----AH---- C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-09-10 21:43:00 ----AH---- C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-09-10 21:42:59 ----AH---- C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-09-10 21:42:59 ----AH---- C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-09-10 21:42:59 ----AH---- C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-09-10 21:42:59 ----AH---- C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-09-10 21:42:59 ----AH---- C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-09-10 21:42:59 ----AH---- C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-09-10 21:42:58 ----AH---- C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-09-10 21:42:58 ----AH---- C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-09-10 21:42:58 ----AH---- C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-09-10 21:42:58 ----AH---- C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-09-10 21:42:58 ----AH---- C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-09-10 21:42:58 ----AH---- C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-09-10 21:42:57 ----AH---- C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-09-10 21:42:57 ----AH---- C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-09-10 21:42:57 ----AH---- C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-09-10 21:42:57 ----AH---- C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-09-10 21:42:57 ----AH---- C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-09-10 21:42:52 ----A---- C:\windows\system32\drivers\bowser.sys
2012-09-10 21:42:45 ----A---- C:\windows\system32\poqexec.exe
2012-09-10 21:42:40 ----A---- C:\windows\system32\win32k.sys
2012-09-10 21:42:32 ----A---- C:\windows\system32\msvcrt.dll
2012-09-10 21:42:29 ----A---- C:\windows\system32\inetcomm.dll
2012-09-10 21:42:24 ----A---- C:\windows\system32\vbscript.dll
2012-09-10 21:42:14 ----A---- C:\windows\system32\tzres.dll
2012-09-10 21:41:41 ----A---- C:\windows\system32\mssrch.dll
2012-09-10 21:41:40 ----A---- C:\windows\system32\tquery.dll
2012-09-10 21:41:37 ----A---- C:\windows\system32\SearchIndexer.exe
2012-09-10 21:41:37 ----A---- C:\windows\system32\mssvp.dll
2012-09-10 21:41:36 ----A---- C:\windows\system32\mssph.dll
2012-09-10 21:41:35 ----A---- C:\windows\system32\SearchProtocolHost.exe
2012-09-10 21:41:35 ----A---- C:\windows\system32\SearchFilterHost.exe
2012-09-10 21:41:35 ----A---- C:\windows\system32\mssphtb.dll
2012-09-10 21:41:34 ----A---- C:\windows\system32\msscntrs.dll
2012-09-10 21:41:32 ----A---- C:\windows\system32\drivers\partmgr.sys
2012-09-10 21:41:28 ----A---- C:\windows\system32\oleaut32.dll
2012-09-10 21:41:27 ----A---- C:\windows\system32\oleacc.dll
2012-09-10 21:41:25 ----A---- C:\windows\system32\packager.dll
2012-09-10 21:40:40 ----A---- C:\windows\system32\mf.dll
2012-09-10 21:40:39 ----A---- C:\windows\system32\FntCache.dll
2012-09-10 21:40:37 ----A---- C:\windows\system32\WMVDECOD.DLL
2012-09-10 21:40:35 ----A---- C:\windows\system32\mfreadwrite.dll
2012-09-10 21:40:34 ----A---- C:\windows\system32\ExplorerFrame.dll
2012-09-10 21:40:33 ----A---- C:\windows\system32\XpsRasterService.dll
2012-09-10 21:40:28 ----A---- C:\windows\system32\drivers\rdpwd.sys
2012-09-10 21:40:03 ----A---- C:\windows\system32\umpnpmgr.dll
2012-09-10 21:39:56 ----A---- C:\windows\system32\lsasrv.dll
2012-09-10 21:39:55 ----A---- C:\windows\system32\webio.dll
2012-09-10 21:39:52 ----A---- C:\windows\system32\sspisrv.dll
2012-09-10 21:39:52 ----A---- C:\windows\system32\sspicli.dll
2012-09-10 21:39:52 ----A---- C:\windows\system32\secur32.dll
2012-09-10 21:39:52 ----A---- C:\windows\system32\lsass.exe
2012-09-10 21:39:41 ----A---- C:\windows\system32\XpsGdiConverter.dll
2012-09-10 21:39:36 ----A---- C:\windows\system32\kerberos.dll
2012-09-10 21:39:32 ----A---- C:\windows\system32\profsvc.dll
2012-09-10 21:39:25 ----A---- C:\windows\system32\srcore.dll
2012-09-10 21:39:20 ----A---- C:\windows\system32\FXSCOVER.exe
2012-09-10 21:39:13 ----A---- C:\windows\system32\CPFilters.dll
2012-09-10 21:39:09 ----A---- C:\windows\system32\sbe.dll
2012-09-10 21:38:31 ----A---- C:\windows\system32\rdrmemptylst.exe
2012-09-10 21:38:30 ----A---- C:\windows\system32\rdpwsx.dll
2012-09-10 21:38:30 ----A---- C:\windows\system32\rdpcorekmts.dll
2012-09-10 21:35:22 ----A---- C:\windows\system32\StructuredQuery.dll
2012-09-10 21:35:18 ----A---- C:\windows\system32\odbc32.dll
2012-09-10 21:34:25 ----A---- C:\windows\system32\mshtml.dll
2012-09-10 21:34:11 ----A---- C:\windows\system32\iertutil.dll
2012-09-10 21:34:09 ----A---- C:\windows\system32\mstime.dll
2012-09-10 21:34:09 ----A---- C:\windows\system32\msfeeds.dll
2012-09-10 21:34:08 ----A---- C:\windows\system32\iepeers.dll
2012-09-10 21:34:08 ----A---- C:\windows\system32\iedkcs32.dll
2012-09-10 21:34:07 ----A---- C:\windows\system32\msfeedsbs.dll
2012-09-10 21:34:06 ----A---- C:\windows\system32\mshtmled.dll
2012-09-10 21:34:06 ----A---- C:\windows\system32\licmgr10.dll
2012-09-10 21:34:05 ----A---- C:\windows\system32\msfeedssync.exe
2012-09-10 21:33:47 ----A---- C:\windows\system32\schannel.dll
2012-09-10 21:33:45 ----A---- C:\windows\system32\drivers\ksecpkg.sys
2012-09-10 21:33:45 ----A---- C:\windows\system32\drivers\cng.sys
2012-09-10 21:33:44 ----A---- C:\windows\system32\ncrypt.dll
2012-09-10 21:33:44 ----A---- C:\windows\system32\drivers\ksecdd.sys
2012-09-10 21:33:38 ----A---- C:\windows\system32\d3d10warp.dll
2012-09-10 21:33:37 ----A---- C:\windows\system32\d2d1.dll
2012-09-10 21:33:35 ----A---- C:\windows\system32\DWrite.dll
2012-09-10 21:33:35 ----A---- C:\windows\system32\d3d10_1core.dll
2012-09-10 21:33:35 ----A---- C:\windows\system32\d3d10_1.dll
2012-09-10 21:33:30 ----A---- C:\windows\system32\ntdll.dll
2012-09-10 21:33:24 ----A---- C:\windows\system32\rdpcore.dll
2012-09-10 21:33:23 ----A---- C:\windows\system32\drivers\tdtcp.sys
2012-09-10 21:33:16 ----A---- C:\windows\system32\drivers\dxgkrnl.sys
2012-09-10 21:33:14 ----A---- C:\windows\system32\drivers\dxgmms1.sys
2012-09-10 21:33:14 ----A---- C:\windows\system32\cdd.dll
2012-09-10 21:33:07 ----A---- C:\windows\system32\drivers\afd.sys
2012-09-10 21:32:50 ----A---- C:\windows\system32\ieframe.dll
2012-09-10 21:32:49 ----A---- C:\windows\system32\upnp.dll
2012-09-10 21:32:48 ----A---- C:\windows\system32\urlmon.dll
2012-09-10 21:32:46 ----A---- C:\windows\system32\wininet.dll
2012-09-10 21:32:44 ----A---- C:\windows\system32\winhttp.dll
2012-09-10 21:32:44 ----A---- C:\windows\system32\WebClnt.dll
2012-09-10 21:32:44 ----A---- C:\windows\system32\davclnt.dll
2012-09-10 21:32:43 ----A---- C:\windows\system32\wscsvc.dll
2012-09-10 21:32:43 ----A---- C:\windows\system32\wscapi.dll
2012-09-10 21:32:43 ----A---- C:\windows\system32\slwga.dll
2012-09-10 21:32:43 ----A---- C:\windows\system32\ieui.dll
2012-09-10 21:32:42 ----A---- C:\windows\system32\jsproxy.dll
2012-09-10 21:32:26 ----A---- C:\windows\system32\drivers\fvevol.sys
2012-09-10 21:32:08 ----A---- C:\windows\system32\ntoskrnl.exe
2012-09-10 21:32:07 ----A---- C:\windows\system32\ntkrnlpa.exe
2012-09-10 21:31:51 ----A---- C:\windows\system32\ntshrui.dll
2012-09-10 21:31:48 ----A---- C:\windows\system32\XpsPrint.dll
2012-09-10 21:31:45 ----A---- C:\windows\system32\drivers\mrxsmb10.sys
2012-09-10 21:31:43 ----A---- C:\windows\system32\drivers\mrxsmb20.sys
2012-09-10 21:31:43 ----A---- C:\windows\system32\drivers\mrxsmb.sys
2012-09-10 21:31:38 ----A---- C:\windows\explorer.exe
2012-09-10 21:31:11 ----A---- C:\windows\system32\EncDec.dll
2012-09-10 21:31:08 ----A---- C:\windows\system32\drivers\srv2.sys
2012-09-10 21:31:08 ----A---- C:\windows\system32\drivers\srv.sys
2012-09-10 21:31:07 ----A---- C:\windows\system32\drivers\srvnet.sys
2012-09-10 21:31:03 ----A---- C:\windows\system32\taskschd.dll
2012-09-10 21:31:03 ----A---- C:\windows\system32\schedsvc.dll
2012-09-10 21:31:02 ----A---- C:\windows\system32\wmicmiplugin.dll
2012-09-10 21:31:02 ----A---- C:\windows\system32\taskeng.exe
2012-09-10 21:31:01 ----A---- C:\windows\system32\taskcomp.dll
2012-09-10 21:31:01 ----A---- C:\windows\system32\schtasks.exe
2012-09-10 21:30:53 ----A---- C:\windows\system32\ole32.dll
2012-09-10 21:30:49 ----A---- C:\windows\system32\msxml6.dll
2012-09-10 21:30:46 ----A---- C:\windows\system32\msxml3.dll
2012-09-10 21:30:41 ----A---- C:\windows\system32\mfc42.dll
2012-09-10 21:30:38 ----A---- C:\windows\system32\mfc42u.dll
2012-09-10 21:30:35 ----A---- C:\windows\system32\dnsapi.dll
2012-09-10 21:30:34 ----A---- C:\windows\system32\dnsrslvr.dll
2012-09-10 21:30:34 ----A---- C:\windows\system32\dnscacheugc.exe
2012-09-10 21:30:29 ----A---- C:\windows\system32\drivers\tcpip.sys
2012-09-10 21:30:21 ----A---- C:\windows\system32\odbcjt32.dll
2012-09-10 21:30:21 ----A---- C:\windows\system32\odbccp32.dll
2012-09-10 21:30:20 ----A---- C:\windows\system32\odbccu32.dll
2012-09-10 21:30:20 ----A---- C:\windows\system32\odbccr32.dll
2012-09-10 21:30:19 ----A---- C:\windows\system32\odbctrac.dll
2012-09-10 21:30:15 ----A---- C:\windows\system32\csrsrv.dll
2012-09-10 21:30:12 ----A---- C:\windows\system32\jscript.dll
2012-09-10 21:29:58 ----A---- C:\windows\system32\quartz.dll
2012-09-10 21:29:56 ----A---- C:\windows\system32\qdvd.dll
2012-09-10 21:29:53 ----A---- C:\windows\system32\consent.exe
2012-09-10 21:29:47 ----A---- C:\windows\system32\drivers\Diskdump.sys
2012-09-10 21:29:45 ----A---- C:\windows\system32\atmfd.dll
2012-09-10 21:29:43 ----A---- C:\windows\system32\atmlib.dll
2012-09-10 21:29:41 ----A---- C:\windows\system32\t2embed.dll
2012-09-10 21:29:38 ----A---- C:\windows\system32\srvsvc.dll
2012-09-10 21:29:24 ----A---- C:\windows\system32\crypt32.dll
2012-09-10 21:29:23 ----A---- C:\windows\system32\cryptsvc.dll
2012-09-10 21:29:23 ----A---- C:\windows\system32\cryptnet.dll
2012-09-10 21:28:46 ----A---- C:\windows\system32\shell32.dll
2012-09-10 21:28:41 ----A---- C:\windows\system32\xmllite.dll
2012-09-10 21:28:38 ----A---- C:\windows\system32\prevhost.exe
2012-09-10 21:28:35 ----A---- C:\windows\system32\browcli.dll
2012-09-10 21:28:34 ----A---- C:\windows\system32\netapi32.dll
2012-09-10 21:28:34 ----A---- C:\windows\system32\browser.dll
2012-09-10 21:28:28 ----A---- C:\windows\system32\psisdecd.dll
2012-09-10 21:28:20 ----A---- C:\windows\system32\localspl.dll
2012-09-10 21:28:11 ----A---- C:\windows\system32\mstscax.dll
2012-09-10 21:28:09 ----A---- C:\windows\system32\mstsc.exe
2012-09-10 21:27:55 ----A---- C:\windows\system32\drivers\dfsc.sys
2012-09-10 19:14:35 ----A---- C:\windows\system32\wups2.dll
2012-09-10 19:14:35 ----A---- C:\windows\system32\wuauclt.exe
2012-09-10 19:14:34 ----A---- C:\windows\system32\wucltux.dll
2012-09-10 19:14:32 ----A---- C:\windows\system32\wuaueng.dll
2012-09-10 19:14:11 ----A---- C:\windows\system32\wups.dll
2012-09-10 19:14:10 ----A---- C:\windows\system32\wudriver.dll
2012-09-10 19:14:10 ----A---- C:\windows\system32\wuapi.dll
2012-09-10 19:13:59 ----A---- C:\windows\system32\wuwebv.dll
2012-09-10 19:13:59 ----A---- C:\windows\system32\wuapp.exe
2012-09-10 10:33:12 ----D---- C:\Users\Northend\AppData\Roaming\Malwarebytes
2012-09-10 10:32:40 ----D---- C:\ProgramData\Malwarebytes
2012-09-10 10:20:49 ----D---- C:\_OTM
2012-08-21 17:00:11 ----D---- C:\Program Files\Oracle
2012-08-21 16:59:37 ----A---- C:\windows\system32\javaws.exe
2012-08-21 16:59:24 ----A---- C:\windows\system32\javaw.exe
2012-08-21 16:59:24 ----A---- C:\windows\system32\java.exe
2012-08-12 11:15:24 ----D---- C:\windows\Minidump

======List of files/folders modified in the last 1 month======

2012-09-11 09:00:44 ----D---- C:\Program Files\trend micro
2012-09-11 09:00:25 ----D---- C:\windows\Temp
2012-09-11 08:52:10 ----RSD---- C:\windows\assembly
2012-09-11 08:52:10 ----D---- C:\windows\Microsoft.NET
2012-09-11 08:22:34 ----D---- C:\windows\system32\config
2012-09-11 08:06:52 ----D---- C:\Users\Northend\AppData\Roaming\Dropbox
2012-09-11 08:06:00 ----D---- C:\Program Files\Trillian
2012-09-11 08:04:50 ----D---- C:\windows\System32
2012-09-11 08:04:24 ----D---- C:\windows\winsxs
2012-09-11 00:19:59 ----D---- C:\windows\system32\drivers
2012-09-11 00:19:58 ----D---- C:\windows\AppPatch
2012-09-11 00:19:57 ----RSD---- C:\windows\Fonts
2012-09-11 00:19:57 ----D---- C:\windows\system32\cs-CZ
2012-09-11 00:19:57 ----D---- C:\Program Files\Windows Mail
2012-09-11 00:19:57 ----D---- C:\Program Files\Common Files\System
2012-09-11 00:19:49 ----D---- C:\Program Files\Internet Explorer
2012-09-11 00:19:47 ----D---- C:\Windows
2012-09-11 00:19:42 ----D---- C:\windows\inf
2012-09-11 00:19:41 ----D---- C:\windows\system32\migration
2012-09-11 00:19:36 ----D---- C:\windows\system32\DriverStore
2012-09-11 00:18:53 ----SHD---- C:\windows\Installer
2012-09-11 00:18:15 ----A---- C:\windows\system32\PerfStringBackup.INI
2012-09-11 00:17:07 ----D---- C:\windows\system32\en-US
2012-09-11 00:17:05 ----D---- C:\Program Files\Microsoft.NET
2012-09-11 00:16:06 ----D---- C:\windows\Prefetch
2012-09-11 00:15:36 ----SHD---- C:\System Volume Information
2012-09-10 23:39:46 ----D---- C:\windows\rescache
2012-09-10 22:42:47 ----D---- C:\windows\debug
2012-09-10 22:34:14 ----D---- C:\windows\system32\catroot
2012-09-10 22:33:14 ----D---- C:\windows\system32\catroot2
2012-09-10 21:47:53 ----RD---- C:\Program Files
2012-09-10 19:04:27 ----D---- C:\windows\Sun
2012-09-10 10:32:40 ----HD---- C:\ProgramData
2012-09-10 10:22:15 ----D---- C:\windows\Tasks
2012-09-10 10:22:03 ----D---- C:\windows\system32\drivers\etc
2012-09-07 13:10:40 ----D---- C:\Users\Northend\AppData\Roaming\vlc
2012-08-28 15:53:51 ----D---- C:\Program Files\FreeRapid-0.86u1
2012-08-26 16:52:12 ----D---- C:\Users\Northend\AppData\Roaming\Mozilla
2012-08-13 08:59:52 ----D---- C:\windows\system32\wdi

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2009-06-04 330264]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswRdr;aswRdr; C:\windows\System32\Drivers\aswrdr2.sys [2012-03-07 44376]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2012-03-07 612184]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2012-03-07 337880]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2012-03-07 53848]
R1 SABI;SAMSUNG Kernel Driver For Windows 7; \??\C:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [2012-03-07 20696]
R2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athr.sys [2010-09-02 1247744]
R3 ETD;ELAN PS/2 Port Input Device; C:\windows\system32\DRIVERS\ETD.sys [2010-08-31 100744]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2010-04-19 4806144]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHDA.sys [2010-07-14 3137128]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\windows\system32\DRIVERS\serscan.sys [2009-07-14 9216]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\windows\system32\DRIVERS\wacommousefilter.sys [2010-10-05 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\windows\system32\DRIVERS\wacomvhid.sys [2010-10-05 14120]
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 acsock;acsock; C:\windows\system32\DRIVERS\acsock.sys [2012-01-13 87976]
S3 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 fssfltr;FssFltr; C:\windows\system32\DRIVERS\fssfltr.sys [2010-04-28 54632]
S3 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-14 139776]
S3 sisagp;SIS AGP Bus Filter; C:\windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 viaagp;VIA AGP Bus Filter; C:\windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vpnva;Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows; C:\windows\system32\DRIVERS\vpnva.sys [2011-12-15 23464]
S3 wacmoumonitor;Wacom Mode Helper; C:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-05 16240]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-03-07 44768]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 TabletServicePen;TabletServicePen; C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2010-10-21 4869488]
R2 TouchServicePen;Wacom Consumer Touch Service; C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2010-10-21 416112]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-01-13 476112]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2012-03-18 85096]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-04-28 704872]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Samsung UPD Service;Samsung UPD Service; C:\windows\System32\SUPDSvc.exe [2010-08-09 131888]

-----------------EOF-----------------

#10 Příspěvek od **Márty84** » 11 zář 2012 08:44

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

northendcz · #11 Příspěvek od **northendcz** » 11 zář 2012 15:59

OTL logfile created on: 9/11/2012 2:55:58 PM - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Northend\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1.99 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 55.35% Memory free
3.98 Gb Paging File | 2.49 Gb Available in Paging File | 62.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 61.00 Gb Total Space | 11.91 Gb Free Space | 19.52% Space Free | Partition Type: NTFS
Drive D: | 64.18 Gb Total Space | 19.08 Gb Free Space | 29.73% Space Free | Partition Type: NTFS
Drive E: | 10.18 Gb Total Space | 3.47 Gb Free Space | 34.03% Space Free | Partition Type: FAT32

Computer Name: NORTHENDNETBOOK | User Name: Northend | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/11 14:55:05 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Northend\Desktop\OTL.exe
PRC - [2012/07/27 00:00:00 | 003,284,992 | ---- | M] () -- c:\Program Files\Trillian\plugins\skypekit.exe
PRC - [2012/07/27 00:00:00 | 002,380,752 | ---- | M] (Cerulean Studios) -- C:\Program Files\Trillian\trillian.exe
PRC - [2012/05/24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Northend\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/03/07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/01/13 19:18:07 | 000,527,312 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2012/01/13 19:17:40 | 000,476,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2011/07/16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/10/21 09:38:32 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe
PRC - [2010/10/21 09:38:32 | 002,953,584 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
PRC - [2010/10/21 09:38:32 | 001,153,392 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
PRC - [2010/10/21 09:38:32 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe
PRC - [2010/09/29 15:12:44 | 000,262,144 | ---- | M] () -- C:\Program Files\Y soft\SafeQ Client\Client\SafeQ Client.exe
PRC - [2010/08/31 05:59:40 | 001,806,728 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2010/08/27 03:52:12 | 002,782,064 | ---- | M] (Samsung Electronics) -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2010/08/19 10:22:36 | 000,775,336 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
PRC - [2010/08/12 21:25:48 | 001,599,368 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
PRC - [2010/08/11 09:34:40 | 004,384,560 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2010/08/05 07:16:04 | 002,208,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
PRC - [2010/08/04 17:22:46 | 000,862,064 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/07/30 10:20:18 | 001,752,680 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/07/20 08:22:26 | 001,316,144 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
PRC - [2010/02/10 16:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/09/30 08:59:26 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/30 04:58:45 | 000,442,392 | ---- | M] () -- C:\Users\Northend\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll
MOD - [2012/08/30 04:58:44 | 012,237,336 | ---- | M] () -- C:\Users\Northend\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
MOD - [2012/08/30 04:58:42 | 003,997,720 | ---- | M] () -- C:\Users\Northend\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
MOD - [2012/08/30 04:57:27 | 000,526,872 | ---- | M] () -- C:\Users\Northend\AppData\Local\Google\Chrome\Application\21.0.1180.89\libglesv2.dll
MOD - [2012/08/30 04:57:26 | 000,104,984 | ---- | M] () -- C:\Users\Northend\AppData\Local\Google\Chrome\Application\21.0.1180.89\libegl.dll
MOD - [2012/08/30 04:57:15 | 000,144,424 | ---- | M] () -- C:\Users\Northend\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll
MOD - [2012/08/30 04:57:13 | 000,266,792 | ---- | M] () -- C:\Users\Northend\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll
MOD - [2012/08/30 04:57:12 | 002,480,680 | ---- | M] () -- C:\Users\Northend\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll
MOD - [2012/07/27 00:00:00 | 003,284,992 | ---- | M] () -- c:\Program Files\Trillian\plugins\skypekit.exe
MOD - [2012/07/27 00:00:00 | 000,187,392 | ---- | M] () -- C:\Program Files\Trillian\libpng15.dll
MOD - [2012/07/27 00:00:00 | 000,065,536 | ---- | M] () -- C:\Program Files\Trillian\libungif.dll
MOD - [2012/07/27 00:00:00 | 000,059,904 | ---- | M] () -- C:\Program Files\Trillian\zlib1.dll
MOD - [2012/04/24 00:37:48 | 000,630,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/03/22 00:29:45 | 005,025,792 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/01/04 04:51:18 | 003,182,592 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/01/04 04:51:14 | 004,550,656 | ---- | M] () -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2011/10/31 11:16:44 | 000,009,728 | ---- | M] () -- c:\Users\Northend\AppData\Roaming\Trillian\languages\cs\buddy.dll
MOD - [2011/10/31 11:16:44 | 000,007,168 | ---- | M] () -- c:\Users\Northend\AppData\Roaming\Trillian\languages\cs\events.dll
MOD - [2011/10/31 11:16:44 | 000,006,144 | ---- | M] () -- c:\Users\Northend\AppData\Roaming\Trillian\languages\cs\talk.dll
MOD - [2011/10/31 11:16:44 | 000,004,608 | ---- | M] () -- c:\Users\Northend\AppData\Roaming\Trillian\languages\cs\trillian.dll
MOD - [2011/10/31 11:16:44 | 000,002,048 | ---- | M] () -- c:\Users\Northend\AppData\Roaming\Trillian\languages\cs\toolkit.dll
MOD - [2011/08/09 17:00:37 | 000,035,840 | ---- | M] () -- C:\Windows\System32\slc.dll
MOD - [2010/10/21 09:38:34 | 000,962,416 | ---- | M] () -- C:\Program Files\Tablet\Pen\libxml2.dll
MOD - [2010/09/29 15:12:44 | 000,262,144 | ---- | M] () -- C:\Program Files\Y soft\SafeQ Client\Client\SafeQ Client.exe
MOD - [2010/09/29 14:24:04 | 000,005,120 | ---- | M] () -- C:\Program Files\Y soft\SafeQ Client\Client\cs-CZ\SafeQ Client.resources.dll
MOD - [2010/07/05 12:42:58 | 000,203,776 | ---- | M] () -- C:\Program Files\Samsung\Movie Color Enhancer\WinCRT.dll
MOD - [2010/05/07 16:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2009/06/10 23:22:40 | 000,010,752 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll

========== Services (SafeList) ==========

SRV - [2012/03/18 22:08:38 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2012/03/07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/13 19:17:40 | 000,476,112 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2010/10/21 09:38:32 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2010/10/21 09:38:32 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2010/08/09 21:04:04 | 000,131,888 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\System32\SUPDSvc.exe -- (Samsung UPD Service)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2012/03/07 02:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 02:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 02:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/03/07 02:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 02:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/07 02:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/01/13 19:07:30 | 000,087,976 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsock.sys -- (acsock)
DRV - [2011/12/15 17:26:09 | 000,023,464 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2010/10/05 13:26:10 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2010/10/05 13:26:02 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2010/10/05 13:26:00 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2010/09/02 09:05:00 | 001,247,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/07/08 10:28:46 | 000,322,336 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... -SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-459703492-136551128-3912174221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-459703492-136551128-3912174221-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-459703492-136551128-3912174221-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Northend\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Northend\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Northend\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Northend\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

========== Chrome ==========

CHR - homepage: http://qip.ru
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://qip.ru
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Northend\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Northend\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Northend\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Northend\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files\TabletPlugins\npwacom.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Northend\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Northend\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Ozn\u00E1men\u00ED Google+ = C:\Users\Northend\AppData\Local\Google\Chrome\User Data\Default\Extensions\boemmnepglcoinjcdlfcpcbmhiecichi\1.0.1.619_0\
CHR - Extension: Calendar and Countdown = C:\Users\Northend\AppData\Local\Google\Chrome\User Data\Default\Extensions\caplfhpahpkhhckglldpmdmjclabckhc\2012.8.31.1_0\
CHR - Extension: Chrome YouTube Downloader = C:\Users\Northend\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja\2.6.10_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\Northend\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Northend\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.42_0\
CHR - Extension: goo.gl URL Shortener = C:\Users\Northend\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk\0.7.2_0\
CHR - Extension: Kontrola e-mailu Google = C:\Users\Northend\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\
CHR - Extension: Kontrola e-mailu Google = C:\Users\Northend\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.2_0\
CHR - Extension: Roz\u0161\u00ED\u0159en\u00ED Odb\u011Bry RSS (od Googlu) = C:\Users\Northend\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.0_0\
CHR - Extension: Gmail = C:\Users\Northend\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/10 10:22:03 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (W2PBrowser Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [SafeQ Client] C:\Program Files\Y Soft\SafeQ Client\Client\SafeQ Client.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Northend\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Northend\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Northend\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-459703492-136551128-3912174221-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-459703492-136551128-3912174221-1000\..Trusted Domains: vsb.cz ([vpn] https in Důvěryhodné servery)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F308C881-6738-4498-9402-E197EA4EFFE3}: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/07/07 09:51:23 | 000,062,239 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ]
O33 - MountPoints2\{d8f94e33-df34-11e1-b457-e81132008df3}\Shell - "" = AutoRun
O33 - MountPoints2\{d8f94e33-df34-11e1-b457-e81132008df3}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\windows\System32\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2012/09/11 14:55:10 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Northend\Desktop\OTL.exe
[2012/09/10 22:30:01 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PresentationHost.exe
[2012/09/10 22:30:01 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PresentationHostProxy.dll
[2012/09/10 22:30:00 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netfxperf.dll
[2012/09/10 21:57:11 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browserchoice.exe
[2012/09/10 21:49:34 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\ks.sys
[2012/09/10 21:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/09/10 21:43:53 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc40.dll
[2012/09/10 21:43:53 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc40u.dll
[2012/09/10 21:43:06 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\conhost.exe
[2012/09/10 21:43:05 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsrv.dll
[2012/09/10 21:43:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/09/10 21:43:01 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012/09/10 21:43:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/09/10 21:43:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012/09/10 21:43:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012/09/10 21:43:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012/09/10 21:43:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/09/10 21:43:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/09/10 21:43:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012/09/10 21:43:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/09/10 21:43:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012/09/10 21:42:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/09/10 21:42:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012/09/10 21:42:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/09/10 21:42:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012/09/10 21:42:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012/09/10 21:42:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012/09/10 21:42:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012/09/10 21:42:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/09/10 21:42:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/09/10 21:42:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012/09/10 21:42:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012/09/10 21:42:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012/09/10 21:42:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/09/10 21:42:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012/09/10 21:42:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012/09/10 21:42:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/09/10 21:42:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012/09/10 21:42:45 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\poqexec.exe
[2012/09/10 21:42:40 | 002,344,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/09/10 21:42:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2012/09/10 21:41:41 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssrch.dll
[2012/09/10 21:41:40 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tquery.dll
[2012/09/10 21:41:37 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssvp.dll
[2012/09/10 21:41:36 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssph.dll
[2012/09/10 21:41:35 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssphtb.dll
[2012/09/10 21:41:34 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msscntrs.dll
[2012/09/10 21:41:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\packager.dll
[2012/09/10 21:40:40 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mf.dll
[2012/09/10 21:40:37 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVDECOD.DLL
[2012/09/10 21:40:35 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfreadwrite.dll
[2012/09/10 21:40:34 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ExplorerFrame.dll
[2012/09/10 21:40:33 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsRasterService.dll
[2012/09/10 21:39:55 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webio.dll
[2012/09/10 21:39:52 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sspisrv.dll
[2012/09/10 21:39:41 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll
[2012/09/10 21:39:25 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srcore.dll
[2012/09/10 21:39:20 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FXSCOVER.exe
[2012/09/10 21:39:13 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CPFilters.dll
[2012/09/10 21:39:09 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sbe.dll
[2012/09/10 21:39:09 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mpg2splt.ax
[2012/09/10 21:38:31 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdrmemptylst.exe
[2012/09/10 21:38:30 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcorekmts.dll
[2012/09/10 21:38:30 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpwsx.dll
[2012/09/10 21:34:09 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2012/09/10 21:34:09 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012/09/10 21:34:08 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2012/09/10 21:34:08 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2012/09/10 21:34:07 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2012/09/10 21:34:06 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2012/09/10 21:34:05 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2012/09/10 21:34:04 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/09/10 21:34:04 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2012/09/10 21:33:44 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncrypt.dll
[2012/09/10 21:33:38 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll
[2012/09/10 21:33:37 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll
[2012/09/10 21:33:35 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2012/09/10 21:33:35 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll
[2012/09/10 21:33:35 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll
[2012/09/10 21:33:24 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcore.dll
[2012/09/10 21:33:14 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\dxgmms1.sys
[2012/09/10 21:33:14 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cdd.dll
[2012/09/10 21:32:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/09/10 21:32:43 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wscapi.dll
[2012/09/10 21:32:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\slwga.dll
[2012/09/10 21:32:42 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/09/10 21:32:08 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2012/09/10 21:32:07 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2012/09/10 21:31:48 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll
[2012/09/10 21:31:38 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe
[2012/09/10 21:31:11 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\EncDec.dll
[2012/09/10 21:31:03 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskschd.dll
[2012/09/10 21:31:02 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmicmiplugin.dll
[2012/09/10 21:31:01 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskcomp.dll
[2012/09/10 21:31:01 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\schtasks.exe
[2012/09/10 21:30:41 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc42.dll
[2012/09/10 21:30:38 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc42u.dll
[2012/09/10 21:30:34 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dnscacheugc.exe
[2012/09/10 21:30:21 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbcjt32.dll
[2012/09/10 21:30:21 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbccp32.dll
[2012/09/10 21:30:20 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbccu32.dll
[2012/09/10 21:30:20 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbccr32.dll
[2012/09/10 21:30:19 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbctrac.dll
[2012/09/10 21:30:15 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\csrsrv.dll
[2012/09/10 21:29:58 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\quartz.dll
[2012/09/10 21:29:56 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qdvd.dll
[2012/09/10 21:29:53 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\consent.exe
[2012/09/10 21:29:50 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\timedate.cpl
[2012/09/10 21:29:47 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\Diskdump.sys
[2012/09/10 21:29:45 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2012/09/10 21:29:43 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2012/09/10 21:29:41 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\t2embed.dll
[2012/09/10 21:28:38 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prevhost.exe
[2012/09/10 21:28:35 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browcli.dll
[2012/09/10 21:28:29 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\psisrndr.ax
[2012/09/10 21:28:28 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\psisdecd.dll
[2012/09/10 21:28:26 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSNP.ax
[2012/09/10 21:28:26 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Mpeg2Data.ax
[2012/09/10 21:28:25 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSDvbNP.ax
[2012/09/10 19:14:35 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups2.dll
[2012/09/10 19:14:34 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wucltux.dll
[2012/09/10 19:14:11 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups.dll
[2012/09/10 19:14:10 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapi.dll
[2012/09/10 19:14:10 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wudriver.dll
[2012/09/10 19:13:59 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuwebv.dll
[2012/09/10 19:13:59 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapp.exe
[2012/09/10 10:33:12 | 000,000,000 | ---D | C] -- C:\Users\Northend\AppData\Roaming\Malwarebytes
[2012/09/10 10:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/10 10:20:49 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/09/10 10:19:54 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\Northend\Desktop\OTM.exe
[2012/09/08 16:19:17 | 000,000,000 | ---D | C] -- C:\Users\Northend\Desktop\fotky
[2012/08/21 17:00:11 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/08/21 16:59:37 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2012/08/21 16:59:24 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2012/08/21 16:59:24 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe

========== Files - Modified Within 30 Days ==========

[2012/09/11 15:05:50 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/09/11 14:55:05 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Northend\Desktop\OTL.exe
[2012/09/11 14:41:47 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/11 09:01:13 | 000,631,292 | ---- | M] () -- C:\windows\System32\perfh005.dat
[2012/09/11 09:01:13 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/09/11 09:01:13 | 000,121,914 | ---- | M] () -- C:\windows\System32\perfc005.dat
[2012/09/11 09:01:13 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/09/11 08:09:16 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/11 08:09:16 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/11 08:03:07 | 000,410,544 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/09/11 08:02:35 | 2136,260,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/10 21:46:09 | 1679,378,432 | ---- | M] () -- C:\Users\Northend\Desktop\the.dictator.2012.480p.brrip.xvid.ac3.cz.avi
[2012/09/10 10:22:03 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2012/09/10 10:19:49 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\Northend\Desktop\OTM.exe
[2012/09/09 16:51:45 | 1622,882,304 | ---- | M] () -- C:\Users\Northend\Desktop\Muzi.v.cernem.3.2012.480p.BRRip.XviD.AC3.CZ.avi
[2012/09/09 16:29:41 | 940,406,784 | ---- | M] () -- C:\Users\Northend\Desktop\Okresni prebor posledni zapas pepika hnatka.avi
[2012/09/09 15:31:06 | 000,781,383 | ---- | M] () -- C:\Users\Northend\Desktop\RSIT.exe
[2012/09/09 15:27:53 | 000,005,028 | ---- | M] () -- C:\Users\Northend\Documents\cc_20120909_152747.reg
[2012/09/08 16:18:49 | 004,668,740 | ---- | M] () -- C:\Users\Northend\Desktop\fotky.zip
[2012/09/06 17:32:58 | 000,002,426 | ---- | M] () -- C:\Users\Northend\Desktop\Google Chrome.lnk
[2012/08/21 16:59:10 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2012/08/21 16:59:10 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe
[2012/08/19 10:31:38 | 000,001,000 | ---- | M] () -- C:\Users\Northend\AppData\Local\SRDownloader.nast
[2012/08/19 10:30:27 | 000,001,480 | ---- | M] () -- C:\Users\Northend\Desktop\SRDownloader – zástupce.lnk

========== Files Created - No Company Name ==========

[2012/09/11 15:05:50 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/09/10 20:53:44 | 1679,378,432 | ---- | C] () -- C:\Users\Northend\Desktop\the.dictator.2012.480p.brrip.xvid.ac3.cz.avi
[2012/09/09 16:30:05 | 1622,882,304 | ---- | C] () -- C:\Users\Northend\Desktop\Muzi.v.cernem.3.2012.480p.BRRip.XviD.AC3.CZ.avi
[2012/09/09 16:15:52 | 940,406,784 | ---- | C] () -- C:\Users\Northend\Desktop\Okresni prebor posledni zapas pepika hnatka.avi
[2012/09/09 15:31:14 | 000,781,383 | ---- | C] () -- C:\Users\Northend\Desktop\RSIT.exe
[2012/09/09 15:27:50 | 000,005,028 | ---- | C] () -- C:\Users\Northend\Documents\cc_20120909_152747.reg
[2012/09/08 16:19:01 | 004,668,740 | ---- | C] () -- C:\Users\Northend\Desktop\fotky.zip
[2012/08/19 10:30:27 | 000,001,480 | ---- | C] () -- C:\Users\Northend\Desktop\SRDownloader – zástupce.lnk
[2012/08/07 17:06:33 | 067,358,249 | ---- | C] () -- C:\Users\Northend\Star Wars Episode I The Phantom Menace (1999) [1080p] CZ EN.mkv
[2012/08/07 10:58:02 | 000,020,643 | ---- | C] () -- C:\Users\Northend\AppData\Local\SRDownloader.err
[2012/08/07 10:58:02 | 000,001,000 | ---- | C] () -- C:\Users\Northend\AppData\Local\SRDownloader.nast
[2012/06/06 19:08:13 | 000,650,752 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2012/06/06 19:08:12 | 000,243,200 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2012/06/06 19:07:53 | 000,175,616 | ---- | C] () -- C:\windows\System32\unrar.dll
[2012/06/06 19:07:43 | 000,079,872 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2012/05/15 20:00:32 | 000,000,013 | ---- | C] () -- C:\Program Files\Mf1.m
[2012/05/15 17:43:45 | 000,000,087 | ---- | C] () -- C:\Users\Northend\.octave_hist
[2012/03/20 12:06:16 | 000,000,296 | ---- | C] () -- C:\windows\setting1.ini
[2012/03/20 12:05:58 | 000,000,158 | ---- | C] () -- C:\windows\ricdb.ini
[2012/03/20 12:05:20 | 006,762,496 | ---- | C] () -- C:\windows\System32\SAFEQVS.DLL
[2012/03/20 12:05:20 | 000,532,480 | ---- | C] () -- C:\windows\System32\SafeQCairoLib.DLL
[2012/03/20 12:05:20 | 000,135,168 | ---- | C] () -- C:\windows\System32\SAFEQUI.DLL
[2012/03/20 12:04:48 | 000,000,310 | ---- | C] () -- C:\windows\setting.ini
[2012/03/19 11:46:52 | 000,007,605 | ---- | C] () -- C:\Users\Northend\AppData\Local\Resmon.ResmonCfg
[2012/03/18 21:13:10 | 000,410,544 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2012/03/18 20:28:34 | 000,000,166 | ---- | C] () -- C:\Users\Northend\AppData\Roaming\Battery Meter_Settings.ini
[2012/03/18 19:51:15 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2012/03/18 19:48:55 | 000,120,688 | ---- | C] () -- C:\windows\Wiainst.exe
[2012/03/18 19:48:08 | 000,552,960 | ---- | C] () -- C:\windows\System32\SnMinDrv.dll
[2012/03/18 19:48:08 | 000,154,112 | ---- | C] () -- C:\windows\System32\SNWIAUI.dll
[2012/03/18 19:48:08 | 000,135,168 | ---- | C] () -- C:\windows\System32\SnImgFlt.dll
[2012/03/18 19:48:08 | 000,094,208 | ---- | C] () -- C:\windows\System32\SnErHdlr.dll
[2012/03/18 19:47:49 | 000,484,656 | ---- | C] () -- C:\windows\ssndii.exe
[2012/03/18 19:46:54 | 000,151,552 | ---- | C] () -- C:\windows\System32\spd__ci.exe
[2012/03/18 19:46:52 | 000,259,888 | ---- | C] () -- C:\windows\SUPDRun.exe
[2012/03/18 19:46:51 | 000,026,624 | ---- | C] () -- C:\windows\System32\spd__l.dll
[2012/03/18 19:46:50 | 000,283,136 | ---- | C] () -- C:\windows\System32\DscPnt.dll
[2010/09/17 03:06:10 | 000,631,292 | ---- | C] () -- C:\windows\System32\perfh005.dat
[2010/09/17 03:06:10 | 000,292,004 | ---- | C] () -- C:\windows\System32\perfi005.dat
[2010/09/17 03:06:10 | 000,121,914 | ---- | C] () -- C:\windows\System32\perfc005.dat
[2010/09/17 03:06:10 | 000,036,232 | ---- | C] () -- C:\windows\System32\perfd005.dat
[2010/09/16 11:00:27 | 000,001,238 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/09/16 10:41:59 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll

========== LOP Check ==========

[2012/03/21 10:58:41 | 000,000,000 | ---D | M] -- C:\Users\Northend\AppData\Roaming\Autodesk
[2012/09/11 14:42:19 | 000,000,000 | ---D | M] -- C:\Users\Northend\AppData\Roaming\Dropbox
[2012/04/20 20:24:00 | 000,000,000 | ---D | M] -- C:\Users\Northend\AppData\Roaming\GHISLER
[2012/05/04 07:49:57 | 000,000,000 | ---D | M] -- C:\Users\Northend\AppData\Roaming\pdfforge
[2012/03/18 19:46:32 | 000,000,000 | ---D | M] -- C:\Users\Northend\AppData\Roaming\Samsung
[2012/04/22 13:10:30 | 000,000,000 | ---D | M] -- C:\Users\Northend\AppData\Roaming\TeamViewer
[2012/08/08 19:25:04 | 000,000,000 | ---D | M] -- C:\Users\Northend\AppData\Roaming\Trillian
[2012/06/04 13:29:16 | 000,000,000 | ---D | M] -- C:\Users\Northend\AppData\Roaming\VitySoft
[2009/07/14 06:53:46 | 000,015,806 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< >

< >

< MD5 for: AGP440.SYS >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe

< MD5 for: CDROM.SYS >
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2012/04/24 06:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2012/04/24 06:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2012/04/24 06:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\System32\cryptsvc.dll
[2012/04/24 06:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll
[2009/07/14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2012/04/24 06:33:53 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=F522279B4717E2BFF269C771FAC2B78E -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: HAL.DLL >
[2009/07/14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009/07/14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: IASTOR.SYS >
[2009/06/04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/06/04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1f15fc3e546800a\iaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\isapnp.sys
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys

< MD5 for: LSASS.EXE >
[2011/11/17 09:09:25 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=05F38CB7CAB3CE8E9A1812D517DA93EF -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_a69c8e86d7476262\lsass.exe
[2011/11/17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\lsass.exe
[2011/11/17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_a828bb43bb2beb28\lsass.exe
[2012/06/02 06:40:31 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=A6034689ACF9D14973F8384AD5A5451E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21225_none_a6eb42a4d70be51e\lsass.exe
[2011/11/17 07:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\System32\lsass.exe
[2011/11/17 07:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_a66c9bbdbde5f8fa\lsass.exe
[2011/11/17 07:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_a656d407bdf6641e\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe
[2012/06/02 06:51:22 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FA7B950E4CA6AA260C4EABA19E03644D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_a8d76e24d42eb666\lsass.exe
[2011/11/17 07:24:04 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FBCB2DFA40862DAA7B1534C9538208A5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\lsass.exe

< MD5 for: NDIS.SYS >
[2009/07/14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009/07/14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\drivers\nvraid.sys
[2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: SMSS.EXE >
[2009/07/14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\System32\smss.exe
[2009/07/14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011/04/25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009/07/14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2012/03/30 12:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\System32\drivers\tcpip.sys
[2012/03/30 12:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\tcpip.sys
[2011/04/25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2012/03/30 12:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2011/04/25 06:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2012/03/30 11:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2010/06/14 08:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2010/06/14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys
[2012/03/30 12:08:19 | 001,303,408 | ---- | M] (Microsoft Corporation) MD5=E47C2844A1605A44178F4281E4D58B3D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[3 C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\windows\Installer\*.tmp files -> C:\windows\Installer\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012/03/18 20:53:18 | 000,000,000 | ---D | M] -- C:\Users\Northend\AppData\Roaming\Adobe
[2012/03/21 10:58:41 | 000,000,000 | ---D | M] -- C:\Users\Northend\AppData\Roaming\Autodesk
[2012/09/11 14:42:19 | 000,000,000 | ---D | M] -- C:\Users\Northend\AppData\Roaming\Dropbox
[2012/07/18 18:23:13 | 000,000,000 | ---D | M] -- C:\Users\Northend\AppData\Roaming\dvdcss
[2012/04/20 20:24:00 | 000,000,000 | ---D | M] -- C:\Users\Northend\AppData\Roaming\GHISLER
[2012/03/19 21:37:27 | 000,000,000 | ---D | M] -- C:\Users\Northend\AppData\Roaming\GRETECH
[2012/03/18 20:02:39 | 000,000,000 | ---D | M] -- C:\Users\Northend\AppData\Roaming\Identities
[2012/03/18 19:45:39 | 000,000,000 | ---D | M] -- C:\Users\Northend\AppData\Roaming\InstallShield
[2012/03/18 20:16:42 | 000,000,000 | ---D | M] -- C:\Users\Northend\AppData\Roaming\Macromedia
[2012/09/10 10:33:12 | 000,000,000 | ---D | M] -- C:\Users\Northend\AppData\Roaming\Malwarebytes
[2012/07/28 22:39:43 | 000,000,000 | --SD | M] -- C:\Users\Northend\AppData\Roaming\Microsoft
[2012/08/26 16:52:12 | 000,000,000 | ---D | M] -- C:\Users\Northend\AppData\Roaming\Mozilla
[2012/05/04 07:49:57 | 000,000,000 | ---D | M] -- C:\Users\Northend\AppData\Roaming\pdfforge
[2012/03/18 19:46:32 | 000,000,000 | ---D | M] -- C:\Users\Northend\AppData\Roaming\Samsung
[2012/04/22 13:10:30 | 000,000,000 | ---D | M] -- C:\Users\Northend\AppData\Roaming\TeamViewer
[2012/08/08 19:25:04 | 000,000,000 | ---D | M] -- C:\Users\Northend\AppData\Roaming\Trillian
[2012/06/04 13:29:16 | 000,000,000 | ---D | M] -- C:\Users\Northend\AppData\Roaming\VitySoft
[2012/09/07 13:10:40 | 000,000,000 | ---D | M] -- C:\Users\Northend\AppData\Roaming\vlc
[2012/04/05 18:19:50 | 000,000,000 | ---D | M] -- C:\Users\Northend\AppData\Roaming\WTablet

< %APPDATA%\*.exe /s >
[2012/05/24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Northend\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012/03/08 17:15:06 | 000,871,704 | ---- | M] (Dropbox, Inc.) -- C:\Users\Northend\AppData\Roaming\Dropbox\bin\DropboxPhotoUpdate.exe
[2012/03/16 03:15:46 | 000,871,616 | ---- | M] (Dropbox, Inc.) -- C:\Users\Northend\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012/05/24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Northend\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2007/03/22 12:46:42 | 000,126,976 | ---- | M] () -- C:\Users\Northend\AppData\Roaming\GRETECH\GomPlayer\GrLauncher.exe
[2012/06/15 17:45:38 | 000,665,600 | ---- | M] (Gretech Corporation) -- C:\Users\Northend\AppData\Roaming\GRETECH\GomPlayer\GrLauncherTempSetup.exe
[2012/06/14 10:01:10 | 000,045,126 | R--- | M] () -- C:\Users\Northend\AppData\Roaming\Microsoft\Installer\{45642795-567E-4B46-85E7-5CDBC8B2F697}\_614939BFE59502FEB6CE41.exe
[2012/06/14 10:01:10 | 000,045,126 | R--- | M] () -- C:\Users\Northend\AppData\Roaming\Microsoft\Installer\{45642795-567E-4B46-85E7-5CDBC8B2F697}\_64130CAC1AF988588B774B.exe
[2012/06/14 10:01:10 | 000,045,126 | R--- | M] () -- C:\Users\Northend\AppData\Roaming\Microsoft\Installer\{45642795-567E-4B46-85E7-5CDBC8B2F697}\_853F67D554F05449430E7E.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2012/09/11 08:09:16 | 000,010,272 | -H-- | M] () -- C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/11 08:09:16 | 000,010,272 | -H-- | M] () -- C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/11 08:03:07 | 000,410,544 | ---- | M] () -- C:\windows\system32\FNTCACHE.DAT
[2012/09/11 09:01:13 | 000,121,914 | ---- | M] () -- C:\windows\system32\perfc005.dat
[2012/09/11 09:01:13 | 000,106,388 | ---- | M] () -- C:\windows\system32\perfc009.dat
[2012/09/11 09:01:13 | 000,631,292 | ---- | M] () -- C:\windows\system32\perfh005.dat
[2012/09/11 09:01:13 | 000,616,008 | ---- | M] () -- C:\windows\system32\perfh009.dat
[2012/09/11 09:01:13 | 001,470,062 | ---- | M] () -- C:\windows\system32\PerfStringBackup.INI

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009/07/14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012/09/11 15:05:50 | 000,000,512 | ---- | M] () MD5=5E1D8F420E2405AEEC5831FE77CD87D2 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2012/08/07 10:42:05 | 000,005,369 | ---- | M] () -- \Program Files\FreeRapid-0.86u1\plugins\crackle.frp

< *keygen* /s >

< *loader* /s >
[2007/01/31 09:07:46 | 000,027,752 | ---- | M] () -- \Program Files\AutoCAD 2008\AecLoader.arx
[2012/01/13 19:17:56 | 000,658,384 | ---- | M] () -- \Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpndownloader.exe
[2012/01/13 19:17:56 | 000,658,384 | ---- | M] () -- \Program Files\Cisco\Cisco AnyConnect VPN Client\vpndownloader.exe
[2006/10/26 14:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006/10/26 14:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2012/08/11 04:53:37 | 000,020,643 | ---- | M] () -- \Users\Northend\AppData\Local\SRDownloader.err
[2012/08/19 10:31:38 | 000,001,000 | ---- | M] () -- \Users\Northend\AppData\Local\SRDownloader.nast
[2012/08/28 15:35:59 | 000,017,033 | ---- | M] () -- \Users\Northend\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja\2.6.10_0\script\Chrome-YouTube-Downloader.js
[2012/08/19 10:30:27 | 000,001,480 | ---- | M] () -- \Users\Northend\Desktop\SRDownloader – zástupce.lnk
[2012/08/07 10:43:59 | 000,904,192 | ---- | M] () -- \Users\Northend\Downloads\SRDownloader.exe
[2011/07/16 06:19:58 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009/07/14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2010/09/17 03:05:13 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2010/09/17 03:05:13 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winload.exe.mui_3bc5b827
[2010/09/17 03:05:13 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winresume.exe.mui_ff8b5358
[2010/09/16 11:01:06 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2010/09/16 11:01:06 | 000,507,568 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed_winload.exe_75835076
[2010/09/16 11:01:06 | 000,442,920 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed_winresume.exe_85cd1215
[2009/07/14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2010/09/17 03:02:48 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009/07/14 03:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009/08/19 09:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009/08/19 09:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2009/07/14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:19:58 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:15:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >

northendcz · #12 Příspěvek od **northendcz** » 11 zář 2012 15:59

< *serial* /s >
[2006/11/28 19:35:14 | 000,002,274 | ---- | M] () -- \Program Files\AutoCAD 2008\WebDepot\RTSerialNumberHelp.html
[2011/11/18 00:52:22 | 000,433,528 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.0.61118.0\System.Runtime.Serialization.dll
[2012/03/21 19:12:09 | 001,164,288 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.0.61118.0\System.Runtime.Serialization.ni.dll
[2009/06/10 23:13:54 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2010/09/17 03:04:30 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2010/08/23 20:04:44 | 000,258,048 | ---- | M] () -- \Program Files\Samsung AnyWeb Print\W2PSerializer.dll
[2012/05/28 09:10:29 | 000,000,052 | ---- | M] () -- \Users\Northend\AppData\Local\Google\Picasa2\cache\cacheindex_serial.pmp
[2010/09/17 03:04:13 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009/06/10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010/09/17 03:04:30 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2009/06/10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2012/09/11 08:25:03 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\35fcbda2532ece23d09a044aa2ef62a4\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2012/09/11 08:49:22 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3848d7865bda88a9e94e03480b5ada2f\System.Runtime.Serialization.ni.dll
[2009/07/14 06:43:53 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\39e53f507d9cbc5c10a2f47c4b0d09dd\System.Runtime.Serialization.ni.dll
[2009/07/14 06:43:05 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\d57d865568209a71d63739fa448ed6df\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2012/09/11 09:19:30 | 000,310,272 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d0ff3383438d688a0118d0fa19ed1dc4\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2012/09/11 09:19:16 | 002,625,024 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\e9f8a45b1063d6c6a62718c88a5623d1\System.Runtime.Serialization.ni.dll
[2012/09/11 00:18:43 | 000,017,840 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\v4.0_4.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012/09/11 00:17:59 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2012/09/11 00:18:43 | 000,099,208 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.RunTime.Serialization.resources\v4.0_4.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.resources.dll
[2012/09/11 00:17:57 | 001,026,936 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2009/06/10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2010/09/17 03:03:55 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009/06/10 23:14:06 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2010/03/18 13:16:28 | 001,026,936 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2010/03/18 13:16:28 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2010/06/15 02:33:16 | 000,017,840 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010/06/15 02:33:16 | 000,099,208 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\cs\System.RunTime.Serialization.resources.dll
[2009/07/14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2010/09/17 03:04:00 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2009/07/14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\drivers\serial.sys
[2010/09/17 03:04:21 | 000,009,728 | ---- | M] () -- \Windows\System32\drivers\cs-CZ\serial.sys.mui
[2009/07/14 00:13:45 | 001,068,032 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\mdmmotsm.inf_x86_neutral_c1415d9789c54b89\smserial.sys
[2009/07/14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys
[2009/07/14 00:09:18 | 000,031,232 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_x86_neutral_63e72c669d043f14\grserial.sys
[2009/07/14 04:18:03 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009/07/14 04:18:03 | 000,015,952 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486_kdcom.dll_db5e7744
[2010/09/17 03:05:04 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed_serialui.dll.mui_7d29d2a3
[2009/07/14 04:18:51 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009/07/14 03:52:33 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896.manifest
[2010/09/17 03:02:32 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0.manifest
[2009/07/14 03:51:52 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9.manifest
[2009/07/14 03:49:26 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009/07/14 03:45:27 | 000,000,866 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_2c93290b67c98d09.manifest
[2009/07/14 03:57:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b.manifest
[2009/06/10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2010/09/17 03:04:13 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_cs-cz_d5c3552dd9b47144\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009/06/10 23:14:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896\System.Runtime.Serialization.dll
[2010/09/17 03:04:30 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0\System.RunTime.Serialization.Resources.dll
[2009/06/10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9\System.Runtime.Serialization.dll
[2009/07/14 00:13:45 | 001,068,032 | ---- | M] () -- \Windows\winsxs\x86_mdmmotsm.inf_31bf3856ad364e35_6.1.7600.16385_none_7a97936f8a972896\smserial.sys
[2010/09/17 03:03:55 | 000,011,776 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_c002c1170ca9a88f\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010/09/17 03:04:00 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed\serialui.dll.mui
[2009/07/14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2010/09/17 03:04:30 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_5d4a68b4b3d26ecc\System.RunTime.Serialization.Resources.dll
[2010/09/17 03:04:21 | 000,009,728 | ---- | M] () -- \Windows\winsxs\x86_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_c48c78a9ad8ff996\serial.sys.mui
[2009/07/14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\serial.sys
[2009/07/14 00:09:18 | 000,031,232 | ---- | M] () -- \Windows\winsxs\x86_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_7280378295916274\grserial.sys
[2009/06/10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b\System.Runtime.Serialization.dll

< *w7lxe* /s >

< End of report >

northendcz · #13 Příspěvek od **northendcz** » 11 zář 2012 16:00

OTL Extras logfile created on: 9/11/2012 2:55:58 PM - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Northend\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1.99 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 55.35% Memory free
3.98 Gb Paging File | 2.49 Gb Available in Paging File | 62.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 61.00 Gb Total Space | 11.91 Gb Free Space | 19.52% Space Free | Partition Type: NTFS
Drive D: | 64.18 Gb Total Space | 19.08 Gb Free Space | 29.73% Space Free | Partition Type: NTFS
Drive E: | 10.18 Gb Total Space | 3.47 Gb Free Space | 34.03% Space Free | Partition Type: FAT32

Computer Name: NORTHENDNETBOOK | User Name: Northend | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{282E1117-13CF-430B-ABD9-74C7ADC3C76C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CA0CCE98-28C4-4CC8-9047-79CBBFDC7E4F}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3D1F35EB-3D8B-4EDB-9431-A3E9D6765F57}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung universal scan driver\iccupdater.exe |
"{48E5A779-A0D1-4D06-AD28-65C9484CCC67}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{62EFEDFA-B390-49CD-97BA-B5A1265DB14F}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{6EEDC09F-92B5-4FF4-BB50-65A0116D1CD8}" = protocol=6 | dir=in | app=c:\users\northend\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{7526BED5-F3F7-45D5-833E-9F2CEF4C4E63}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung universal scan driver\usdagent.exe |
"{8ADFA07F-ECCD-4670-90B3-788B66F38369}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{8BD783EB-E985-4937-AC75-087456693930}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9FE6DDAE-6E34-4CF0-BB6D-34CCCA6A1397}" = protocol=17 | dir=in | app=c:\users\northend\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{AEAD2BCB-818C-42B1-8EB8-03C13A79E975}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{BCACD558-065F-4A88-A33F-EA90D9524F85}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung universal scan driver\iccupdater.exe |
"{C68AE6BF-D12F-41A0-9F37-C12B8EA31240}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{F57A785D-A72F-4445-A2C1-554F55B062A1}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung universal scan driver\usdagent.exe |
"TCP Query User{2F1DFC0C-5446-41AD-AA2A-F7CEA3F95783}C:\program files\java\jre7\launch4j-tmp\frd.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\launch4j-tmp\frd.exe |
"TCP Query User{485691D1-C6B7-4474-B634-2E2EF6B80C4F}C:\program files\trillian\plugins\skypekit.exe" = protocol=6 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe |
"TCP Query User{62CB2459-D30F-47A5-8414-F188E31B8A8B}C:\users\northend\desktop\uconfig.exe" = protocol=6 | dir=in | app=c:\users\northend\desktop\uconfig.exe |
"TCP Query User{9723F198-9B02-40D8-AA56-5CC1EC80DCFE}C:\users\northend\desktop\skype.exe" = protocol=6 | dir=in | app=c:\users\northend\desktop\skype.exe |
"TCP Query User{FEFAC948-783F-49A8-8FB2-F7515C3D11D8}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{1573D836-ADFF-463E-B571-3CDE013D5906}C:\users\northend\desktop\skype.exe" = protocol=17 | dir=in | app=c:\users\northend\desktop\skype.exe |
"UDP Query User{297733F0-A3CF-4793-BF09-F6C0333E7140}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{762BB144-334E-408E-85A0-AB7702386D7F}C:\program files\trillian\plugins\skypekit.exe" = protocol=17 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe |
"UDP Query User{AAD01A38-A49A-4355-8902-503129C2DFAD}C:\program files\java\jre7\launch4j-tmp\frd.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\launch4j-tmp\frd.exe |
"UDP Query User{BD618A68-5657-48FD-8FE9-4FA9DAC55BB0}C:\users\northend\desktop\uconfig.exe" = protocol=17 | dir=in | app=c:\users\northend\desktop\uconfig.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1407B87C-36E3-4FC1-9051-D08B21E1096F}" = Windows Live Sync
"{142D8CA7-2C6F-45A7-83E3-099AAFD99133}" = Samsung Update Plus
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18AA278D-E0B9-4F99-ACCC-070978A38453}" = Easy Resolution Manager
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1DF9729D-2A51-4CA1-B4CE-2B432D7ABA7C}" = Samsung AnyWeb Print
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Nástroj pro odesílání služby Windows Live
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{2FDD487C-A777-4BB5-BD23-56BECE1FF099}" = Windows Live Movie Maker
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{318DBE01-1E6B-4243-84B0-210391FE789A}" = Samsung AnyWeb Print
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40284D5A-EF61-4937-92CD-B7CB20C4C87B}" = Windows Live Fotogalerie
"{45642795-567E-4B46-85E7-5CDBC8B2F697}" = inSSIDer
"{479A749B-1684-4881-8266-BF8DD22251E7}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{559D1FDB-6D5C-4EF3-8F63-5E1E93A0A244}" = Easy Network Manager
"{5783F2D7-6001-0405-0002-0060B0CE6BBA}" = AutoCAD 2008 - Český
"{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}" = EasyBatteryManager
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Start
"{7CF94476-77F9-401E-BEB5-845285735AAB}" = Windows Live Zabezpečení rodiny
"{7EE5F971-C6D8-4A8B-BB1A-B9636BF8222C}_is1" = QtOctave 0.7.2 + Octave 3.0.0
"{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}" = Movie Color Enhancer
"{85BE320B-A37D-42DA-B9BE-20A40B6A05E3}" = Cisco AnyConnect Secure Mobility Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96334581-5554-3E5F-8BC9-924C3C3AC5BE}" = Google Talk Plugin
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}" = REALTEK PCIE Wireless LAN Software
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A95000000001}" = Adobe Reader 9.5.1 - Czech
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX
"{C4582EED-A3FB-4358-8F3F-8C994460DF28}" = EasyFileShare
"{CE6557BF-FA56-4C95-91E3-B8C641679DF0}" = Windows Live Messenger
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{E308B555-8434-4AF8-B66F-729897C75F93}" = BatteryLifeExtender
"{E5A10EF8-DBF3-4251-A9CA-423311DBBFC8}" = Windows Live Mail
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4D69A8D-BB5C-4C3D-A1AD-64C24233EDD6}" = Windows Live Essentials
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{FFB768E4-E427-4553-BC36-A11F5E62A94D}" = Adobe Flash Player 10 ActiveX
"7-Zip" = 7-Zip 9.20
"AutoCAD 2008 - Český" = AutoCAD 2008 - Český
"avast" = avast! Free Antivirus
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"Defraggler" = Defraggler
"Elantech" = ETDWare PS/2-X86 8.0.7.1_WHQL
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GOM Player" = GOM Player
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.8.0
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Pen Tablet Driver" = Bamboo
"Picasa 3" = Picasa 3
"Privates_is1" = Privates
"SafeQ tisk" = SafeQ tisk
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Samsung Universal Scan Driver" = Samsung Universal Scan Driver
"Totalcmd" = Total Commander (Remove or Repair)
"Trillian" = Trillian
"VLC media player" = VLC media player 2.0.1
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-459703492-136551128-3912174221-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/10/2012 2:58:12 PM | Computer Name = NorthendNetBooK | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest
se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 8/10/2012 3:01:11 PM | Computer Name = NorthendNetBooK | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\program files\Samsung\easy display
manager\RunGfxUI64.exe se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 8/13/2012 4:48:11 AM | Computer Name = NorthendNetBooK | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest se nezdařilo. Závislé sestavení
Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 8/13/2012 4:48:12 AM | Computer Name = NorthendNetBooK | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\Samsung\EasyFileShare\Drv\SABI2x64\KStartMem.exe.Manifest
se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 8/13/2012 4:48:44 AM | Computer Name = NorthendNetBooK | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest
se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 8/13/2012 4:51:48 AM | Computer Name = NorthendNetBooK | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\program files\Samsung\easy display
manager\RunGfxUI64.exe se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 8/16/2012 8:15:24 AM | Computer Name = NorthendNetBooK | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest se nezdařilo. Závislé sestavení
Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 8/16/2012 8:15:26 AM | Computer Name = NorthendNetBooK | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\Samsung\EasyFileShare\Drv\SABI2x64\KStartMem.exe.Manifest
se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 8/16/2012 8:16:07 AM | Computer Name = NorthendNetBooK | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest
se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 8/16/2012 8:19:16 AM | Computer Name = NorthendNetBooK | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\program files\Samsung\easy display
manager\RunGfxUI64.exe se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 9/10/2012 2:41:39 PM | Computer Name = NorthendNetBooK | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1084 NULL object. Cannot establish a connection at this time.

Error - 9/10/2012 6:15:07 PM | Computer Name = NorthendNetBooK | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
1280 Invoked Function: WSAGetOverlappedResult Return Code: 10054 (0x00002746) Description:
Stávající pripojení bylo vynucene ukonceno vzdáleným hostitelem.

Error - 9/10/2012 6:15:07 PM | Computer Name = NorthendNetBooK | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
1281 Invoked Function: WSARecv/WSARecvFrom Return Code: 0 (0x00000000) Description:
unknown

Error - 9/10/2012 6:15:07 PM | Computer Name = NorthendNetBooK | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
873 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F)
Description:
SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE

Error - 9/10/2012 6:15:07 PM | Computer Name = NorthendNetBooK | Source = acvpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE

Error - 9/10/2012 6:15:07 PM | Computer Name = NorthendNetBooK | Source = acvpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
1676 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: Stávající
pripojení bylo vynucene ukonceno vzdáleným hostitelem.

Error - 9/10/2012 6:15:07 PM | Computer Name = NorthendNetBooK | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
(0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE

Error - 9/11/2012 2:05:06 AM | Computer Name = NorthendNetBooK | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

Error - 9/11/2012 2:05:51 AM | Computer Name = NorthendNetBooK | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4612
Invoked
Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Žádná další
data nejsou k dispozici.

Error - 9/11/2012 2:05:52 AM | Computer Name = NorthendNetBooK | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1084 NULL object. Cannot establish a connection at this time.

[ System Events ]
Error - 8/19/2012 5:59:32 AM | Computer Name = NorthendNetBooK | Source = volsnap | ID = 393252
Description = Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného
uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error - 8/20/2012 2:26:54 AM | Computer Name = NorthendNetBooK | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby Netman bylo dosaženo časového
limitu (30000 ms).

Error - 8/21/2012 2:47:00 AM | Computer Name = NorthendNetBooK | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: cdrom

Error - 8/21/2012 11:40:21 AM | Computer Name = NorthendNetBooK | Source = volsnap | ID = 393252
Description = Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného
uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error - 8/21/2012 2:16:41 PM | Computer Name = NorthendNetBooK | Source = Service Control Manager | ID = 7038
Description = Služba lmhosts se nemohla přihlásit jako NT AUTHORITY\LocalService
s aktuálně konfigurovaným heslem z důvodu následující chyby: %%50 Chcete-li zajistit
správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management
Console (MMC).

Error - 8/21/2012 2:16:41 PM | Computer Name = NorthendNetBooK | Source = Service Control Manager | ID = 7000
Description = Služba Podpora rozhraní NetBIOS nad protokolem TCP/IP neuspěla při
spuštění v důsledku následující chyby: %%1069

Error - 8/21/2012 2:17:50 PM | Computer Name = NorthendNetBooK | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: cdrom

Error - 8/26/2012 1:21:28 PM | Computer Name = NorthendNetBooK | Source = volsnap | ID = 393252
Description = Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného
uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error - 8/26/2012 4:42:39 PM | Computer Name = NorthendNetBooK | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: cdrom

Error - 8/27/2012 12:22:47 AM | Computer Name = NorthendNetBooK | Source = DCOM | ID = 10010
Description =

< End of report >

#14 Příspěvek od **Márty84** » 11 zář 2012 18:31

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne

Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:otl
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
IE - HKU\S-1-5-21-459703492-136551128-3912174221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-459703492-136551128-3912174221-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Northend\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Northend\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
CHR - homepage: http://qip.ru
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2012/09/10 10:33:12 | 000,000,000 | ---D | C] -- C:\Users\Northend\AppData\Roaming\Malwarebytes
[2012/09/10 10:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[3 C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\windows\Installer\*.tmp files -> C:\windows\Installer\*.tmp -> ]

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

northendcz · #15 Příspěvek od **northendcz** » 11 zář 2012 20:47

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Northend
->Temp folder emptied: 14272930 bytes
->Temporary Internet Files folder emptied: 146410 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 146988452 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5494284 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 159.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Northend
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

========== FILES ==========
File/Folder C:\windows\system32\*.tmp.dll not found.
File/Folder C:\windows\system32\SET*.tmp not found.
File/Folder C:\windows\*.tmp not found.
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-459703492-136551128-3912174221-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-459703492-136551128-3912174221-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Users\Northend\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Users\Northend\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
Use Chrome's Settings page to change the HomePage.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\Northend\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine folder moved successfully.
C:\Users\Northend\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs folder moved successfully.
C:\Users\Northend\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware folder moved successfully.
C:\Users\Northend\AppData\Roaming\Malwarebytes folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware folder moved successfully.
C:\ProgramData\Malwarebytes folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E64.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8545.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPFCD5.tmp\PresentationBuildTasks.dll deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPFCD5.tmp folder deleted successfully.
C:\windows\Installer\MSI33F9.tmp deleted successfully.

OTL by OldTimer - Version 3.2.61.3 log created on 09112012_214044

Files\Folders moved on Reboot...
File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

VIRY.CZ

preventivka_díky

preventivka_díky

Re: preventivka_díky

Re: preventivka_díky

Re: preventivka_díky

Re: preventivka_díky

Re: preventivka_díky

Re: preventivka_díky

Re: preventivka_díky

Re: preventivka_díky

Re: preventivka_díky

Re: preventivka_díky

Re: preventivka_díky

Re: preventivka_díky

Re: preventivka_díky

Re: preventivka_díky