prosím o dořešení problému

Zpráva

Jsln · #1 Příspěvek od **Jsln** » 13 říj 2012 15:03

Zdravím
dle návodu jsem pročistil pc a scan Mwav mi našel níže zkopírovaný vir , pomůžete s jeho odstraněním děkuji

File C:\Soft\TuneUp-2011CZ_testovano_keygen\TuneUp 2011CZ_testovano_keygen\dalsi varianty cdkey,crack\keygen\keygen.exe infected by "SPR/Tool.Keygen.222 (ES)" Virus! Action Taken: File Renamed.

#2 Příspěvek od **stell** » 13 říj 2012 15:45

Zdravim
Ak len tolko,,
Najdi a zmaz zlozku.
C:\Soft\TuneUp-2011CZ_testovano_keygen

Jsln · #3 Příspěvek od **Jsln** » 13 říj 2012 15:51

ok díky ja myslel to smazat .....něčím tedy nějakou aplikací protože je to někam zalezlý .
jinak mwav nenašel nic ale ntb je prostě pomalý ...dlouho trva než nastartuje .

#4 Příspěvek od **stell** » 13 říj 2012 15:59

Ano, verim ti ,pretoze ak tam instalujes smejdy, keygen, crack, a podobne somariny,Mwav odinstalovat,je to zastarali soft.
Vloz sem log z RSIT
http://forum.viry.cz/viewtopic.php?f=13&t=105895

Jsln · #5 Příspěvek od **Jsln** » 16 říj 2012 19:04

stell píše:Ano, verim ti ,pretoze ak tam instalujes smejdy, keygen, crack, a podobne somariny,Mwav odinstalovat,je to zastarali soft.
Vloz sem log z RSIT
http://forum.viry.cz/viewtopic.php?f=13&t=105895

Díky za pomoc

Logfile of random's system information tool 1.09 (written by random/random)
Run by xxx at 2012-10-16 19:53:34
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 47 GB (8%) free of 593 GB
Total RAM: 3830 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:53:55, on 16.10.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Spybot - Search & Destroy\TeaTimer.exe
C:\Kies samsung\Kies\KiesTrayAgent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Kies samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\PROGRA~2\SEARCH~1\SEARCH~1\DATAMN~1.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\xxx.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.glarysoft.com/?src=iehome
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: SearchCore for Browsers - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\SEARCH~1\BROWSE~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [KiesPDLR] C:\Kies samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\PROGRAM FILES\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\PROGRAM FILES\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\windows\SysWOW64\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
O23 - Service: WebOptimizer - Unknown owner - C:\windows\system32\dmwu.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12785 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\vcsFPService.exe
C:\windows\system32\svchost.exe -k NetworkService
atieclxx
C:\windows\system32\WLANExt.exe 32474000
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
\??\C:\windows\system32\conhost.exe "833545544-2142509108867949079986154056123110848010667394282113442908-2066346100
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe"
"C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe"
C:\windows\SysWOW64\IoctlSvc.exe
C:\windows\SysWOW64\PnkBstrA.exe
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe"
"C:\Program Files\Web Assistant\ExtensionUpdaterService.exe"
"taskhost.exe"
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
"C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\wbem\wmiprvse.exe
"C:\Spybot - Search & Destroy\SDWinSec.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
WLIDSvcM.exe 2780
"C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version7\TeamViewer7_Logfile.log
"C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version7\TeamViewer7_Logfile.log
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" /hidden
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\WindowsMobile\wmdc.exe"
"C:\Spybot - Search & Destroy\TeaTimer.exe"
C:\windows\system32\svchost.exe -k WindowsMobile
"C:\Kies samsung\Kies\KiesTrayAgent.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" /hidden
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe" "<hpNotification><Toast><Title>HP Wireless Assistant</Title><Text>Combo: On</Text><IconPath>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WA_tray_32_on.ico</IconPath><ID>11317210</ID><Path>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe</Path><Parameters></Parameters></Toast></hpNotification>"
"C:\Kies samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
"C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe" /background
C:\PROGRA~2\SEARCH~1\SEARCH~1\DATAMN~1.EXE
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=4108.12e0bc40.1837886352 "C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll" Mozilla.Firefox.9.0.1 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.jar" 4108 "\\.\pipe\gecko-crash-server-pipe.4108" plugin
"C:\Users\xxx\Desktop\Staženo\RSITx64.exe"
C:\windows\System32\svchost.exe -k WerSvcGroup

======Scheduled tasks folder======

C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1019480102-3555355392-3892455197-1002Core.job
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1019480102-3555355392-3892455197-1002UA.job
C:\windows\tasks\GlaryInitialize.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\HPCeeScheduleForxxx.job

=========Mozilla firefox=========

ProfilePath - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\bwse9idn.default

prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "keyword.URL" - "http://mystart.incredibar.com/mb139/?lo ... 26&search="

"{336D0C35-8A85-403a-B9D2-65C292C39087}"=C:\Program Files\Web Assistant\Firefox

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@ngm.nexoneu.com/NxGame]
"Description"=Nexon Game Controller
"Path"=C:\ProgramData\NexonEU\NGM\npNxGameeu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\windows\system32\Wat\npWatWeb.dll

C:\Program Files\Waterfox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Waterfox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Waterfox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml

C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\bwse9idn.default\extensions\
{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-08-21 1501776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
SearchCore for Browsers - C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\BROWSE~1.DLL [2011-09-27 118168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11 767280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
Searchqu Toolbar - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll [2011-09-19 88976]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
SearchCore for Browsers - C:\PROGRA~2\SEARCH~1\SEARCH~1\BROWSE~1.DLL [2011-09-27 101272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-07 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-08-21 1501776]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"=C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2010-08-23 1691192]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 2174760]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-01-28 8192]
"Windows Mobile Device Center"=C:\windows\WindowsMobile\wmdc.exe [2007-05-31 660360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-02-13 3481408]
"KiesPDLR"=C:\Kies samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2012-02-03 21392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-02-13 3481408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
C:\Kies samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2012-02-03 21392]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-08-21 4282728]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite^Registry: HKCU:RUN]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-02-13 3481408]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\shared tools\msconfig\startupreg\KiesPDLR^Registry: HKCU:RUN]
C:\Kies samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2012-02-03 21392]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\shared tools\msconfig\startupreg\QuickTime Task^32*Registry: HKLM:RUN]
C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\shared tools\msconfig\startupreg\TkBellExe^32*Registry: HKLM:RUN]
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktopChanges"=1
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux2"=wdmaud.drv
"vidc.tscc"=C:\windows\SysWOW64\tsccvid64.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-10-16 19:53:34 ----D---- C:\rsit
2012-10-16 19:53:34 ----D---- C:\Program Files\trend micro
2012-10-13 16:18:37 ----A---- C:\AdwCleaner[R2].txt
2012-10-13 16:17:56 ----A---- C:\AdwCleaner[R1].txt
2012-10-13 13:03:52 ----AD---- C:\windows\VDLL.DLL
2012-10-13 13:03:52 ----AD---- C:\windows\SYSWOW64\runouce.exe
2012-10-13 13:03:52 ----AD---- C:\windows\RUNDL132.EXE
2012-10-13 13:03:52 ----AD---- C:\windows\logo_1.exe
2012-10-13 12:59:20 ----A---- C:\windows\SYSWOW64\msvcr80.dll
2012-10-13 12:59:19 ----A---- C:\windows\SYSWOW64\msvcp80.dll
2012-10-13 12:59:18 ----A---- C:\windows\SYSWOW64\msvcp90.dll
2012-10-13 12:59:17 ----A---- C:\windows\SYSWOW64\msvcr90.dll
2012-10-13 12:59:16 ----A---- C:\windows\SYSWOW64\eEmpty.exe
2012-10-13 12:59:05 ----D---- C:\ProgramData\MicroWorld
2012-10-13 12:54:17 ----D---- C:\Program Files (x86)\CCleaner
2012-10-11 09:55:40 ----A---- C:\windows\SYSWOW64\kerberos.dll
2012-10-11 09:55:40 ----A---- C:\windows\system32\kerberos.dll
2012-10-11 09:55:28 ----A---- C:\windows\system32\KernelBase.dll
2012-10-11 09:55:28 ----A---- C:\windows\system32\kernel32.dll
2012-10-11 09:55:27 ----A---- C:\windows\system32\winsrv.dll
2012-10-11 09:55:27 ----A---- C:\windows\system32\conhost.exe
2012-10-11 09:55:25 ----A---- C:\windows\SYSWOW64\KernelBase.dll
2012-10-11 09:55:25 ----A---- C:\windows\SYSWOW64\kernel32.dll
2012-10-11 09:55:24 ----A---- C:\windows\system32\wow64.dll
2012-10-11 09:55:21 ----A---- C:\windows\SYSWOW64\setup16.exe
2012-10-11 09:55:18 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-11 09:55:18 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-11 09:55:18 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-11 09:55:18 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-11 09:55:18 ----A---- C:\windows\SYSWOW64\wow32.dll
2012-10-11 09:55:18 ----A---- C:\windows\SYSWOW64\ntvdm64.dll
2012-10-11 09:55:18 ----A---- C:\windows\system32\wow64win.dll
2012-10-11 09:55:18 ----A---- C:\windows\system32\wow64cpu.dll
2012-10-11 09:55:18 ----A---- C:\windows\system32\ntvdm64.dll
2012-10-11 09:55:17 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-11 09:55:17 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-11 09:55:17 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-11 09:55:17 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-11 09:55:17 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-11 09:55:17 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-11 09:55:17 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-11 09:55:17 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-11 09:55:17 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-11 09:55:17 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-11 09:55:17 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-11 09:55:17 ----AH---- C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-10-11 09:55:17 ----AH---- C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-11 09:55:17 ----AH---- C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-10-11 09:55:17 ----A---- C:\windows\SYSWOW64\instnm.exe
2012-10-11 09:55:16 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-11 09:55:16 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-11 09:55:16 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-11 09:55:16 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-11 09:55:16 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-11 09:55:16 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-11 09:55:16 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-11 09:55:16 ----AH---- C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-11 09:55:16 ----AH---- C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-10-11 09:55:16 ----AH---- C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-11 09:55:14 ----AH---- C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-11 09:55:14 ----AH---- C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-11 09:55:13 ----AH---- C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-10-11 09:55:11 ----AH---- C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-11 09:55:10 ----AH---- C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-11 09:55:09 ----AH---- C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-10-11 09:55:09 ----AH---- C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-10-11 09:55:08 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-11 09:55:08 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-11 09:55:08 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-11 09:55:08 ----AH---- C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-11 09:55:08 ----AH---- C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-10-11 09:55:08 ----AH---- C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-10-11 09:55:08 ----AH---- C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-11 09:55:08 ----AH---- C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-11 09:55:08 ----AH---- C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-10-11 09:55:08 ----AH---- C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-11 09:55:08 ----AH---- C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-10-11 09:55:08 ----AH---- C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-11 09:55:08 ----AH---- C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-10-11 09:55:08 ----AH---- C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-11 09:55:07 ----AH---- C:\windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-11 09:55:07 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-11 09:55:07 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-11 09:55:07 ----AH---- C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-11 09:55:07 ----AH---- C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-10-11 09:55:07 ----AH---- C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-11 09:55:07 ----AH---- C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-10-11 09:55:06 ----A---- C:\windows\SYSWOW64\user.exe
2012-10-11 09:54:48 ----A---- C:\windows\system32\ntoskrnl.exe
2012-10-11 09:54:45 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe
2012-10-11 09:54:44 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe
2012-10-11 09:54:34 ----A---- C:\windows\SYSWOW64\tzres.dll
2012-10-11 09:54:34 ----A---- C:\windows\system32\tzres.dll
2012-10-11 09:54:26 ----A---- C:\windows\system32\drivers\ntfs.sys
2012-10-11 09:54:25 ----A---- C:\windows\system32\wintrust.dll
2012-10-11 09:54:24 ----A---- C:\windows\SYSWOW64\wintrust.dll
2012-10-11 09:54:17 ----A---- C:\windows\system32\crypt32.dll
2012-10-11 09:54:16 ----A---- C:\windows\SYSWOW64\crypt32.dll
2012-10-11 09:54:15 ----A---- C:\windows\SYSWOW64\cryptsvc.dll
2012-10-11 09:54:15 ----A---- C:\windows\system32\cryptsvc.dll
2012-10-11 09:54:15 ----A---- C:\windows\system32\cryptnet.dll
2012-10-11 09:54:14 ----A---- C:\windows\SYSWOW64\cryptnet.dll
2012-10-09 20:13:59 ----D---- C:\windows\pss
2012-10-01 18:38:10 ----RA---- C:\ProgramData\hash.dat
2012-09-30 18:40:12 ----D---- C:\friends
2012-09-27 13:51:17 ----A---- C:\windows\system32\ImHttpComm.dll
2012-09-27 13:51:17 ----A---- C:\windows\system32\dmwu.exe
2012-09-25 23:07:42 ----A---- C:\windows\system32\OxpsConverter.exe
2012-09-22 16:08:24 ----D---- C:\Program Files (x86)\AntiTwin
2012-09-22 16:05:34 ----A---- C:\windows\system32\mshtml.dll
2012-09-22 16:05:29 ----A---- C:\windows\system32\ieframe.dll
2012-09-22 16:05:26 ----A---- C:\windows\SYSWOW64\mshtml.dll
2012-09-22 16:05:21 ----A---- C:\windows\SYSWOW64\ieframe.dll
2012-09-22 16:05:20 ----A---- C:\windows\system32\msfeeds.dll
2012-09-22 16:05:17 ----A---- C:\windows\SYSWOW64\urlmon.dll
2012-09-22 16:05:17 ----A---- C:\windows\system32\urlmon.dll
2012-09-22 16:05:14 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2012-09-22 16:05:11 ----A---- C:\windows\SYSWOW64\wininet.dll
2012-09-22 16:05:11 ----A---- C:\windows\system32\wininet.dll
2012-09-22 16:05:06 ----A---- C:\windows\SYSWOW64\ieui.dll
2012-09-22 16:05:06 ----A---- C:\windows\system32\ieui.dll
2012-09-22 16:05:06 ----A---- C:\windows\system32\iertutil.dll
2012-09-22 16:05:05 ----A---- C:\windows\SYSWOW64\iertutil.dll
2012-09-22 16:05:05 ----A---- C:\windows\system32\mshtmled.dll
2012-09-22 16:05:04 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2012-09-22 16:05:02 ----A---- C:\windows\SYSWOW64\url.dll
2012-09-22 16:05:02 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2012-09-22 16:05:02 ----A---- C:\windows\system32\url.dll
2012-09-22 16:05:02 ----A---- C:\windows\system32\jsproxy.dll

======List of files/folders modified in the last 1 month======

2012-10-16 19:53:34 ----RD---- C:\Program Files
2012-10-16 19:25:02 ----D---- C:\Users\xxx\AppData\Roaming\Skype
2012-10-16 19:13:57 ----AD---- C:\ProgramData\Temp
2012-10-16 19:10:32 ----D---- C:\Users\xxx\AppData\Roaming\BitComet
2012-10-16 19:08:13 ----D---- C:\windows\Temp
2012-10-16 19:01:13 ----D---- C:\windows\System32
2012-10-16 19:01:13 ----D---- C:\windows\inf
2012-10-16 19:01:13 ----A---- C:\windows\system32\PerfStringBackup.INI
2012-10-16 18:57:48 ----D---- C:\windows\system32\config
2012-10-15 19:49:38 ----A---- C:\GameOverlayUI.exe.log
2012-10-15 18:37:42 ----D---- C:\config
2012-10-15 18:07:32 ----D---- C:\dumps
2012-10-14 11:20:20 ----A---- C:\GameOverlayUI.exe.log.last
2012-10-13 16:53:26 ----D---- C:\Soft
2012-10-13 16:20:39 ----D---- C:\Windows
2012-10-13 16:10:59 ----A---- C:\windows\win.ini
2012-10-13 13:06:23 ----D---- C:\windows\system32\drivers\etc
2012-10-13 13:06:18 ----D---- C:\ProgramData\MetaQuotes
2012-10-13 13:05:31 ----D---- C:\windows\SysWOW64
2012-10-13 12:59:11 ----D---- C:\Program Files (x86)\Common Files
2012-10-13 12:59:05 ----HD---- C:\ProgramData
2012-10-13 12:55:26 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-10-13 12:55:23 ----D---- C:\windows\Minidump
2012-10-13 12:55:23 ----D---- C:\windows\debug
2012-10-13 12:54:17 ----RD---- C:\Program Files (x86)
2012-10-13 12:53:34 ----D---- C:\windows\winsxs
2012-10-13 12:53:24 ----D---- C:\Program Files\Microsoft Games
2012-10-13 12:52:14 ----SHD---- C:\System Volume Information
2012-10-12 18:57:41 ----D---- C:\windows\system32\catroot2
2012-10-12 18:57:19 ----D---- C:\windows\SYSWOW64\config
2012-10-12 18:40:48 ----D---- C:\Program Files (x86)\Movie DVD Maker
2012-10-12 18:39:50 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-10-12 18:37:44 ----A---- C:\windows\Ulead32.ini
2012-10-11 10:34:07 ----SHD---- C:\windows\Installer
2012-10-11 10:34:03 ----D---- C:\Users\xxx\AppData\Roaming\Real
2012-10-11 10:33:59 ----D---- C:\Program Files (x86)\Real
2012-10-11 10:33:55 ----D---- C:\ProgramData\Real
2012-10-11 10:32:14 ----D---- C:\ProgramData\Freemake
2012-10-11 10:32:10 ----D---- C:\Program Files (x86)\Freemake
2012-10-11 10:21:21 ----D---- C:\windows\SYSWOW64\sl-SI
2012-10-11 10:21:21 ----D---- C:\windows\SYSWOW64\sk-SK
2012-10-11 10:21:21 ----D---- C:\windows\SYSWOW64\hr-HR
2012-10-11 10:21:21 ----D---- C:\windows\SYSWOW64\en-US
2012-10-11 10:21:21 ----D---- C:\windows\SYSWOW64\cs-CZ
2012-10-11 10:21:21 ----D---- C:\windows\system32\sl-SI
2012-10-11 10:21:21 ----D---- C:\windows\system32\sk-SK
2012-10-11 10:21:21 ----D---- C:\windows\system32\hr-HR
2012-10-11 10:21:21 ----D---- C:\windows\system32\en-US
2012-10-11 10:21:21 ----D---- C:\windows\system32\drivers
2012-10-11 10:21:21 ----D---- C:\windows\system32\cs-CZ
2012-10-11 10:21:21 ----D---- C:\windows\AppPatch
2012-10-11 10:19:57 ----D---- C:\ProgramData\Apple Computer
2012-10-11 10:11:55 ----D---- C:\Program Files (x86)\Hair studio Cassiopea
2012-10-11 10:10:37 ----D---- C:\windows\system32\DriverStore
2012-10-11 10:10:37 ----D---- C:\windows\system32\catroot
2012-10-11 10:10:27 ----D---- C:\windows\system
2012-10-11 09:59:50 ----A---- C:\windows\system32\MRT.exe
2012-10-09 20:08:58 ----D---- C:\Program Files\Web Assistant
2012-10-09 19:41:49 ----D---- C:\Kadeřník
2012-10-07 19:02:17 ----SD---- C:\Users\xxx\AppData\Roaming\Microsoft
2012-10-07 14:08:10 ----D---- C:\Mix
2012-10-06 22:57:16 ----D---- C:\videa
2012-10-06 20:17:44 ----D---- C:\Program Files (x86)\Google
2012-10-05 21:17:40 ----A---- C:\vstdlib_s64.dll
2012-10-05 21:17:40 ----A---- C:\steamerrorreporter.exe
2012-10-05 21:17:39 ----A---- C:\tier0_s64.dll
2012-10-05 21:17:39 ----A---- C:\steamclient64.dll
2012-10-05 21:17:39 ----A---- C:\GameOverlayRenderer64.dll
2012-10-05 21:17:39 ----A---- C:\crashhandler.dll
2012-10-05 21:17:39 ----A---- C:\avutil-51.dll
2012-10-05 21:17:38 ----D---- C:\Graphics
2012-10-05 21:17:30 ----D---- C:\skins
2012-10-05 21:17:30 ----A---- C:\vstdlib_s.dll
2012-10-05 21:17:30 ----A---- C:\tier0_s.dll
2012-10-05 21:17:30 ----A---- C:\steamclient.dll
2012-10-05 21:17:30 ----A---- C:\GameOverlayUI.exe
2012-10-05 21:17:30 ----A---- C:\GameOverlayRenderer.dll
2012-10-05 21:17:30 ----A---- C:\AppOverlay64.dll
2012-10-05 21:17:30 ----A---- C:\AppOverlay.dll
2012-10-05 21:17:29 ----D---- C:\resource
2012-10-05 21:17:29 ----A---- C:\CSERHelper.dll
2012-10-05 21:17:19 ----D---- C:\Public
2012-10-05 21:17:12 ----D---- C:\bin
2012-10-05 21:17:05 ----A---- C:\Steam.dll
2012-10-05 21:17:05 ----A---- C:\dbghelp.dll
2012-10-05 21:17:04 ----A---- C:\SteamUI.dll
2012-10-05 21:17:03 ----A---- C:\WriteMiniDump.exe
2012-10-03 21:38:43 ----D---- C:\Filmy
2012-10-03 21:13:25 ----D---- C:\windows\system32\Tasks
2012-10-03 21:13:24 ----D---- C:\windows\Tasks
2012-10-03 20:01:59 ----D---- C:\steamapps
2012-10-03 20:01:47 ----D---- C:\logs
2012-10-03 11:03:31 ----D---- C:\Foto
2012-09-28 12:44:20 ----D---- C:\Users\xxx\AppData\Roaming\.minecraft
2012-09-27 18:48:23 ----D---- C:\windows\SYSWOW64\WNLT
2012-09-27 14:17:10 ----D---- C:\Program Files (x86)\SpeedFan
2012-09-27 13:51:17 ----D---- C:\windows\system32\ARFC
2012-09-26 09:51:36 ----D---- C:\Mp
2012-09-24 10:45:56 ----D---- C:\PC údržba
2012-09-22 19:29:27 ----D---- C:\windows\SYSWOW64\migration
2012-09-22 19:29:27 ----D---- C:\Program Files (x86)\Internet Explorer
2012-09-22 19:29:26 ----D---- C:\windows\system32\migration
2012-09-22 19:29:26 ----D---- C:\Program Files\Internet Explorer
2012-09-22 17:53:05 ----D---- C:\windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\windows\system32\DRIVERS\AtiPcie64.sys [2010-03-09 16440]
R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 30008]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 speedfan;speedfan; C:\windows\SysWOW64\speedfan.sys [2011-03-18 29592]
R1 aswRdr;aswRdr; C:\windows\System32\Drivers\aswrdr2.sys [2012-08-21 54072]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2012-08-21 969200]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2012-08-21 359464]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2012-08-21 59728]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-29 283200]
R1 truecrypt;truecrypt; C:\windows\System32\drivers\truecrypt.sys [2011-07-13 230352]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [2012-08-21 25232]
R2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 43320]
R3 Afc;PPdus ASPI Shell; C:\windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2010-08-05 6859776]
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2010-08-05 264192]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\windows\system32\drivers\AtiHdmi.sys [2010-08-11 125456]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl664.sys [2011-05-24 3060800]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2010-02-16 25912]
R3 pcouffin;VSO Software pcouffin; C:\windows\System32\Drivers\pcouffin.sys [2012-03-23 82816]
R3 rtsuvc;HP Webcam [2 MP Fixed]; C:\windows\system32\DRIVERS\rtsuvc.sys [2010-05-21 96384]
R3 STHDA;IDT High Definition Audio CODEC; C:\windows\system32\DRIVERS\stwrt64.sys [2010-01-29 505856]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-06-04 1379376]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 ActivHidSerMini;Promethean Serial Board Driver; C:\windows\system32\DRIVERS\activhidsermini.sys [2009-05-05 65152]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btwampfl;Bluetooth AMP USB Filter; C:\windows\system32\drivers\btwampfl.sys [2010-06-10 342056]
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2010-06-10 102952]
S3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\DRIVERS\btwavdt.sys [2010-06-10 135720]
S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-10 39464]
S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2010-06-10 21544]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\windows\system32\DRIVERS\ssudbus.sys [2012-02-16 99384]
S3 hamachi;Hamachi Network Interface; C:\windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista; C:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 prmvmouse;Promethean HID Mouse Service; C:\windows\system32\DRIVERS\activmouse.sys [2009-10-05 8152]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2010-02-08 239136]
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2010-01-13 325152]
S3 sdbus;sdbus; C:\windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\windows\system32\DRIVERS\ssudmdm.sys [2011-12-08 203320]
S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.); C:\windows\system32\DRIVERS\ssudobex.sys [2011-12-08 203320]
S3 StkTMini;Syntek AVStream USB2.0 ATV; C:\windows\System32\Drivers\StkTMini.sys [2007-11-15 528256]
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 WINUSB;SAMSUNG Android USB Driver; C:\windows\system32\DRIVERS\WinUSB.SYS [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 AESTFilters;Andrea ST Filters Service; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [2009-03-03 89600]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2010-08-05 203264]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-08-21 44808]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-06-09 952096]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-07-12 8704]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2011-02-23 125496]
R2 HP Power Assistant Service;HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-08-23 103992]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-28 102968]
R2 hpHotkeyMonitor;HP Hotkey Monitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2011-05-13 30520]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\windows\SysWOW64\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; C:\windows\syswow64\PnkBstrA.exe [2012-08-14 76888]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\windows\system32\svchost.exe [2009-07-14 27136]
R2 SBSDWSCService;SBSD Security Center Service; C:\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 STacSV;Audio Service; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe [2010-01-29 244736]
R2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\windows\system32\svchost.exe [2009-07-14 27136]
R2 Web Assistant Updater;Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-09-03 188760]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2011-01-25 791608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-14 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
S2 WebOptimizer;WebOptimizer; C:\windows\system32\dmwu.exe [2012-09-13 1259888]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service; C:\Program Files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-14 136176]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-10 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-10-05 529744]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-07-13 1255736]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-01-22 73728]

-----------------EOF-----------------

#6 Příspěvek od **stell** » 16 říj 2012 21:42

Mas stastie, zabudol som to zamknut, 3-dni si neodpovedal, no nic, mas to za smejdovane.

1:Stiahni
http://downloads.malwareremoval.com/CKScanner.exe
CKScanner na plochu. Spust program dvojklikom na ikonu. Otvori sa okno, v nom klik na "Search For Files". Zacne scan, po jeho skonceni klikni na "Save List To File" -> "OK". Na ploche by sa mal objavit subor s nazvom CKFiles.txt, jeho obsah mi sem skopiruj.

1:Stiahni SecurityCheck
Ulož ho na plochu.
Dvakrát kliknite SecurityCheck.exe a postupujte podľa pokynov na obrazovke .
po skonceni skenu Notepad sa automaticky otvorí s názvom checkup.txt,obsah vloz sem.

2:Stiahnite si AdwCleaner
Ulož ho na plochu.

Zatvorte všetky otvorené programy a internetové prehliadače.
Dvakrát kliknite na AdwCleaner.exe na spustenie nástroja.
Klikni na Delete.
Potvrďte zakaždým s Ok.
Počítač sa automaticky reštartuje.
Textový súbor sa otvorí po reštarte.
Ak nie nájsť logfile na C: \ AdwCleaner [S1] txt .
Obsah vloz sem.

3: Stiahni RogueKiller . RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Zatvor vsetky programy
Ak pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dajte Run As Administrator ci Spustiť ako správca
Pockaj na dokončení PreScan
Vyber polozku Prehľadať (scan)
Pockas kym prebehne (scan)
Potom klikni na ""Zmazať"" - vykoná zmazanie nálezov.
Po dokončení klikni na Správa (Report) - otvorí sa log, ten sem vloz
Detailný postup http://forum.viry.cz/viewtopic.php?f=24 ... 1#p1097961

Jsln · #7 Příspěvek od **Jsln** » 20 říj 2012 10:42

díky za nezamčení jdu na to pošlu log

Jsln · #8 Příspěvek od **Jsln** » 20 říj 2012 11:25

takže ....CKScanner mi nešel ...spustit program ano ale po stisku search se kousne a nejede....
ostatní logy jsou tady dík Jarda

Results of screen317's Security Check version 0.99.53
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
CCleaner
CleanMyPC - Registry Cleaner
Wise Registry Cleaner 6.21
Java(TM) 6 Update 26
Java version out of Date!
Adobe Flash Player 11.1.102.55 Flash Player out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox (9.0.1)
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : xxx [Práva správce]
Mód : Odebrat -- Datum : 10/20/2012 12:00:16

¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[SUSP PATH] SecurityCheck.exe -- C:\Users\xxx\Desktop\SecurityCheck.exe -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 12 ¤¤¤
[TASK][SUSP PATH] {20C1933F-A921-4425-8E0C-00B099B0065E} : C:\windows\system32\pcalua.exe -a C:\Users\xxx\Desktop\HamachiSetup-1.0.1.5-en.exe -d C:\Users\xxx\Desktop -> VYMAZÁNO
[TASK][SUSP PATH] {483764E8-BA3A-4711-8C2A-3EE4D3F36E47} : C:\windows\system32\pcalua.exe -a C:\Users\xxx\Desktop\Davida\uninstall.exe -d C:\Users\xxx\Desktop\Davida -> VYMAZÁNO
[TASK][SUSP PATH] {50FDA453-D81C-40C9-A6CE-026D427EEDF0} : C:\windows\system32\pcalua.exe -a C:\Users\xxx\Desktop\Staženo\BTW+Mod+Installer.exe -d "C:\Program Files (x86)\Mozilla Firefox" -> VYMAZÁNO
[TASK][SUSP PATH] {8B098B7B-4F21-4675-A5D2-64F079EDB1D9} : C:\windows\system32\pcalua.exe -a C:\Users\xxx\Desktop\Staženo\Padáček.exe -d "C:\Program Files (x86)\Mozilla Firefox" -> VYMAZÁNO
[TASK][SUSP PATH] {989607DE-5C95-4D36-A0AC-A5DF1CC7B28A} : C:\windows\system32\pcalua.exe -a "C:\Users\xxx\Desktop\X-Ray Mod Installer.exe" -d C:\Users\xxx\Desktop -> VYMAZÁNO
[TASK][SUSP PATH] {9C0BDB22-6DAE-4477-8ED5-9B132A4B7B29} : C:\windows\system32\pcalua.exe -a "C:\Users\xxx\Desktop\Soft\Firefox Setup 3.5.6.exe" -d C:\Users\xxx\Desktop\Soft -> VYMAZÁNO
[TASK][SUSP PATH] {BD283DCF-E445-4C98-8DCF-7336BBB2E3CF} : C:\windows\system32\pcalua.exe -a "C:\Users\xxx\Desktop\Staženo\X-Ray Mod Installer.exe" -d "C:\Program Files (x86)\Mozilla Firefox" -> VYMAZÁNO
[TASK][SUSP PATH] {F7A0BC80-109E-4ECD-9089-0C350DE9012F} : C:\windows\system32\pcalua.exe -a C:\Users\xxx\Desktop\Staženo\TooManyItems+Mod+Installer.exe -d "C:\Program Files (x86)\Mozilla Firefox" -> VYMAZÁNO
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NAHRAZENO (2)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> NAHRAZENO (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM641JI ATA Device +++++
--- User ---
[MBR] de15f04cc72a7693fa83acbc890a4125
[BSP] 70556fd4de9f17ba91ae7b49d6559095 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616448 | Size: 592775 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1214619648 | Size: 15360 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1246076928 | Size: 2043 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

# AdwCleaner v2.004 - Logfile created 10/20/2012 at 12:12:01
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : xxx - XXX-HP
# Boot Mode : Normal
# Running from : C:\Users\xxx\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : Web Assistant Updater

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\crawlersrch.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml
File Deleted : C:\user.js
Folder Deleted : C:\Program Files (x86)\Ilivid
Folder Deleted : C:\Program Files (x86)\Windows iLivid Toolbar
Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Deleted : C:\Users\xxx\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\xxx\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\xxx\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\bwse9idn.default\Searchqutoolbar
Folder Deleted : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\bwse9idn.default\SweetIMToolbarData

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Key Deleted : HKLM\Software\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKLM\Software\SearchquMediabarTb
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.glarysoft.com/?src=iehome --> hxxp://www.google.com

-\\ Mozilla Firefox v9.0.1 (cs)

Profile name : default
File : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\bwse9idn.default\prefs.js

C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\bwse9idn.default\user.js ... Deleted !

Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb139?a=6R8CRUdUXV&loc=FF_NT");
Deleted : user_pref("browser.search.defaultenginename", "MyStart Search");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100888");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "02e5e929000000000000402cf4026e45");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "02e5e929000000000000402cf4026e45");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15310");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:58:08");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10650");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "02e5e929000000000000402cf4026e45");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15574");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "201%5F5");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8CRUdUXV&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6R8CRUdUXV");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92824925585214811");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1418:37:11");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6R8CRUdUXV&&i=26&search="[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [13297 octets] - [13/10/2012 16:17:56]
AdwCleaner[R2].txt - [13358 octets] - [13/10/2012 16:18:37]
AdwCleaner[R3].txt - [13419 octets] - [16/10/2012 20:10:07]
AdwCleaner[R4].txt - [13472 octets] - [20/10/2012 12:11:41]
AdwCleaner[S2].txt - [13329 octets] - [20/10/2012 12:12:01]

########## EOF - C:\AdwCleaner[S2].txt - [13390 octets] ##########

#9 Příspěvek od **stell** » 20 říj 2012 18:38

odinstaluj starca, Spybot - Search & Destroy.

1:Stiahneme OTL exe na plochu a spustime.
http://oldtimer.geekstogo.com/OTL.exe
zafajkneme pro vsechny uzivatele,purity,loop
Nastavenie necháme tak ako je, dole do okna vložte tento skript.

Kód: Vybrat vše

:Files
ipconfig /flushdns /c
:Commands
[resethosts]
[emptytemp]

A klikni na gombik OPRAVIT, log vloz sem.

2:sprav UPLNY skan Malwarebytes, najdene odstranit, log vloz sem.
http://forum.viry.cz/viewtopic.php?f=29 ... 1#p1031821

a napis ci mas este problem spc.

Jsln · #10 Příspěvek od **Jsln** » 21 říj 2012 21:42

tak prosím o kontrolu logu ... dost dlouhy scan ....

OTL logfile created on: 21.10.2012 20:31:10 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,74 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 54,28% Memory free
7,48 Gb Paging File | 5,52 Gb Available in Paging File | 73,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 578,88 Gb Total Space | 61,58 Gb Free Space | 10,64% Space Free | Partition Type: NTFS
Drive F: | 1,99 Gb Total Space | 1,99 Gb Free Space | 99,68% Space Free | Partition Type: FAT32

Computer Name: XXX-HP | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.10.21 19:39:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
PRC - [2012.08.23 11:34:26 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.08.14 11:58:28 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.12 02:02:46 | 001,403,640 | ---- | M] (CleanMyPC Software) -- C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe
PRC - [2012.03.19 13:38:46 | 007,357,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.03.19 13:29:38 | 000,106,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012.02.03 10:50:18 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Kies samsung\Kies\KiesTrayAgent.exe
PRC - [2012.01.17 12:15:07 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.09.27 19:10:37 | 001,700,752 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
PRC - [2010.03.01 20:27:22 | 000,264,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2006.12.19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe

========== Modules (No Company Name) ==========

MOD - [2012.08.23 11:34:26 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2012.01.17 12:15:07 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2009.08.16 17:06:04 | 000,141,312 | ---- | M] () -- C:\WinRAR\RarExt.dll
MOD - [2009.06.02 01:16:58 | 000,114,688 | ---- | M] () -- C:\WinRAR\RarExtLoader.exe

========== Services (SafeList) ==========

SRV:64bit: - [2012.09.13 15:26:50 | 001,259,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (WebOptimizer)
SRV:64bit: - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011.05.13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010.12.28 10:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV:64bit: - [2010.08.23 21:40:40 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2010.08.05 01:22:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.06.09 08:55:14 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010.02.18 23:52:30 | 002,045,232 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2010.01.29 06:15:24 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010.01.28 00:01:04 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.03.03 12:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe -- (AESTFilters)
SRV - [2012.10.05 21:17:12 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.08.14 11:58:28 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.12 21:16:55 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.01 20:27:22 | 000,264,248 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2010.02.18 23:26:46 | 001,664,304 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2010.01.29 06:15:24 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe -- (STacSV)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.03 12:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe -- (AESTFilters)
SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.12.19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.08.21 11:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.08.21 11:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.08.21 11:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.08.21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.08.21 11:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.08.21 11:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.03.23 13:51:06 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.29 22:50:15 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.02.16 00:24:38 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2011.12.08 06:22:38 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudobex.sys -- (ssudobex)
DRV:64bit: - [2011.12.08 06:22:38 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2011.07.13 19:44:35 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011.05.24 10:23:52 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011.05.13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011.05.13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.08.11 18:43:00 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.08.05 01:52:36 | 006,859,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.08.05 00:47:20 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.06.10 03:24:24 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.06.10 03:23:34 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.06.10 03:23:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.06.10 03:23:32 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.06.10 03:23:32 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.06.04 02:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.05.21 04:06:38 | 000,096,384 | ---- | M] (Realtek Semiconductor Corp.) [2 MP Fixed] [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvc.sys -- (rtsuvc)
DRV:64bit: - [2010.03.09 19:03:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010.02.16 22:24:20 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010.02.08 17:57:00 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.01.29 06:15:24 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010.01.13 00:37:34 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.10.05 17:56:58 | 000,008,152 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\activmouse.sys -- (prmvmouse)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 22:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 17:26:00 | 000,065,152 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\activhidsermini.sys -- (ActivHidSerMini)
DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007.11.15 21:33:58 | 000,528,256 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StkTMini.sys -- (StkTMini)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{D693C729-CB85-4E85-93E8-80D042E3065A}: "URL" = http://www.bing.com/search?q={searchTer ... -SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={search ... c=iesearch
IE - HKLM\..\SearchScopes\{C915BCF6-FF2A-4100-81A9-C2002CCA9DD5}: "URL" = http://www.toggle.com/en/index.php?rvs= ... earchTerms}
IE - HKLM\..\SearchScopes\{D693C729-CB85-4E85-93E8-80D042E3065A}: "URL" = http://www.bing.com/search?q={searchTer ... -SearchBox

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1019480102-3555355392-3892455197-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1019480102-3555355392-3892455197-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1019480102-3555355392-3892455197-1002\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1019480102-3555355392-3892455197-1002\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1019480102-3555355392-3892455197-1002\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.ph ... &ch_id=osd
IE - HKU\S-1-5-21-1019480102-3555355392-3892455197-1002\..\SearchScopes\{67C4AA81-03F0-48C8-9391-351FF6FFB645}: "URL" = http://websearch.ask.com/redirect?clien ... CF13F2B1BA
IE - HKU\S-1-5-21-1019480102-3555355392-3892455197-1002\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={search ... c=iesearch
IE - HKU\S-1-5-21-1019480102-3555355392-3892455197-1002\..\SearchScopes\{C915BCF6-FF2A-4100-81A9-C2002CCA9DD5}: "URL" = http://www.toggle.com/en/index.php?rvs= ... earchTerms}
IE - HKU\S-1-5-21-1019480102-3555355392-3892455197-1002\..\SearchScopes\{D693C729-CB85-4E85-93E8-80D042E3065A}: "URL" = http://www.bing.com/search?q={searchTer ... -SearchBox
IE - HKU\S-1-5-21-1019480102-3555355392-3892455197-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.2.5
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 12.0\extensions\\Components: C:\PROGRAM FILES\WATERFOX\COMPONENTS [2012.05.07 20:37:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.22 00:58:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.12 12:56:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.11 10:34:00 | 000,000,000 | ---D | M]

[2011.10.30 14:08:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Extensions
[2012.08.24 19:49:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\bwse9idn.default\extensions
[2012.04.16 14:26:37 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\bwse9idn.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2012.02.05 22:20:03 | 000,257,899 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\bwse9idn.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2012.03.30 11:39:34 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\bwse9idn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.12.04 15:06:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.08.22 00:58:25 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.01.17 12:15:08 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.12 10:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2011.08.07 13:25:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.02 00:14:24 | 000,001,567 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\glarysearch.xml
[2012.01.17 12:15:04 | 000,002,208 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\heureka-cz.xml
[2012.01.17 12:15:04 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2012.01.17 12:15:04 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2012.01.17 12:15:04 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012.01.17 12:15:04 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.485_0\npbrowserext.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\windows\system32\Wat\npWatWeb.dll
CHR - Extension: Bob Marley = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\alpnhingmddeadgmgjbfefmaanaeifak\1.2_0\
CHR - Extension: FB Refresh = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdlfdaajmclngiomogmleihllaejcnni\2.0.1_0\
CHR - Extension: YouTube = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Gmail = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012.10.13 13:06:23 | 000,000,736 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1019480102-3555355392-3892455197-1002\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1019480102-3555355392-3892455197-1002..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1019480102-3555355392-3892455197-1002..\Run: [KiesPDLR] C:\Kies samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1019480102-3555355392-3892455197-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1019480102-3555355392-3892455197-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1019480102-3555355392-3892455197-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1019480102-3555355392-3892455197-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: Stáhnout odkaz s použitím BitCometu - C:\PROGRAM FILES\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - C:\PROGRAM FILES\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - C:\PROGRAM FILES\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - C:\PROGRAM FILES\BitComet\BitComet.exe (www.BitComet.com)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D21620F-5D0A-4C3D-89E3-5E429AF6BF4A}: DhcpNameServer = 213.46.172.36 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.10.21 19:39:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2012.10.20 16:09:21 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Minecraft
[2012.10.20 13:34:26 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Logy
[2012.10.20 11:58:26 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\RK_Quarantine
[2012.10.16 19:53:34 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.10.16 19:53:34 | 000,000,000 | ---D | C] -- C:\rsit
[2012.10.13 13:03:52 | 000,000,000 | ---D | C] -- C:\windows\VDLL.DLL
[2012.10.13 13:03:52 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\runouce.exe
[2012.10.13 13:03:52 | 000,000,000 | ---D | C] -- C:\windows\RUNDL132.EXE
[2012.10.13 13:03:52 | 000,000,000 | ---D | C] -- C:\windows\logo_1.exe
[2012.10.13 12:59:20 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msvcr80.dll
[2012.10.13 12:59:19 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msvcp80.dll
[2012.10.13 12:59:18 | 000,572,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msvcp90.dll
[2012.10.13 12:59:17 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msvcr90.dll
[2012.10.13 12:59:16 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\windows\SysWow64\eEmpty.exe
[2012.10.13 12:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld
[2012.10.13 12:59:05 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld
[2012.10.13 12:54:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.10.13 12:54:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2012.10.11 09:55:28 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2012.10.11 09:55:28 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2012.10.11 09:55:27 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2012.10.11 09:55:27 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2012.10.11 09:55:24 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2012.10.11 09:55:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2012.10.11 09:55:18 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2012.10.11 09:55:18 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2012.10.11 09:55:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2012.10.11 09:55:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2012.10.11 09:55:18 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2012.10.11 09:55:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.11 09:55:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.11 09:55:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.10.11 09:55:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.10.11 09:55:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2012.10.11 09:55:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.11 09:55:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.11 09:55:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.11 09:55:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.11 09:55:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.10.11 09:55:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.10.11 09:55:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.11 09:55:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.11 09:55:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.10.11 09:55:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.10.11 09:55:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.11 09:55:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.10.11 09:55:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.10.11 09:55:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.10.11 09:55:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.10.11 09:55:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.10.11 09:55:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.11 09:55:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.11 09:55:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.11 09:55:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.11 09:55:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.10.11 09:55:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.10.11 09:55:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.11 09:55:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.11 09:55:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.11 09:55:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.11 09:55:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.10.11 09:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.11 09:55:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.11 09:55:09 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.10.11 09:55:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.10.11 09:55:08 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.10.11 09:55:08 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.11 09:55:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.11 09:55:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.11 09:55:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.11 09:55:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.10.11 09:55:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.11 09:55:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.10.11 09:55:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.10.11 09:55:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.10.11 09:55:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.10.11 09:55:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.11 09:55:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.10.11 09:55:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.11 09:55:07 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.10.11 09:55:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.11 09:55:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.10.11 09:55:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.10.11 09:55:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.11 09:55:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.10.11 09:55:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.10.11 09:55:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2012.10.11 09:54:48 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012.10.11 09:54:45 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012.10.11 09:54:44 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012.10.11 09:54:25 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2012.10.11 09:54:17 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2012.10.11 09:54:15 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2012.10.09 20:13:59 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012.10.08 11:25:29 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Pps
[2012.10.06 20:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012.10.06 19:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.09.30 18:40:12 | 000,000,000 | ---D | C] -- C:\friends
[2012.09.27 13:51:17 | 000,035,328 | ---- | C] (IncrediMail, Ltd.) -- C:\windows\SysNative\ImHttpComm.dll
[2012.09.25 23:07:42 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\OxpsConverter.exe
[2012.09.22 16:08:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AntiTwin
[2012.09.22 16:05:20 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012.09.22 16:05:06 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012.09.22 16:05:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012.09.22 16:05:05 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012.09.22 16:05:04 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012.09.22 16:05:02 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012.09.22 16:05:02 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012.03.23 13:51:06 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\xxx\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012.10.21 20:16:01 | 000,000,946 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.21 20:14:00 | 000,000,920 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1019480102-3555355392-3892455197-1002UA.job
[2012.10.21 19:39:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2012.10.21 18:58:59 | 000,000,276 | ---- | M] () -- C:\windows\tasks\GlaryInitialize.job
[2012.10.21 18:45:51 | 001,478,886 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.10.21 18:45:51 | 000,634,780 | ---- | M] () -- C:\windows\SysNative\perfh005.dat
[2012.10.21 18:45:51 | 000,619,146 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.10.21 18:45:51 | 000,123,338 | ---- | M] () -- C:\windows\SysNative\perfc005.dat
[2012.10.21 18:45:51 | 000,107,466 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.10.21 18:39:31 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.21 18:39:31 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.21 18:32:19 | 000,000,942 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.21 18:31:38 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.10.21 18:31:30 | 4016,496,640 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.21 12:26:48 | 502,270,422 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012.10.20 20:46:51 | 003,686,627 | ---- | M] () -- C:\ClientRegistry.blob
[2012.10.20 20:45:01 | 000,005,329 | ---- | M] () -- C:\AppUpdateStats.blob
[2012.10.20 15:39:10 | 000,327,110 | ---- | M] () -- C:\Users\xxx\Desktop\2012-10-20 15.39.10.jpg
[2012.10.20 14:14:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1019480102-3555355392-3892455197-1002Core.job
[2012.10.20 11:43:31 | 001,425,920 | ---- | M] () -- C:\Users\xxx\Desktop\RogueKiller.exe
[2012.10.20 11:43:04 | 000,881,773 | ---- | M] () -- C:\Users\xxx\Desktop\SecurityCheck.exe
[2012.10.20 11:42:56 | 000,458,240 | ---- | M] () -- C:\Users\xxx\Desktop\CKScanner.exe
[2012.10.13 16:53:51 | 000,007,605 | ---- | M] () -- C:\Users\xxx\AppData\Local\Resmon.ResmonCfg
[2012.10.13 16:17:35 | 000,538,327 | ---- | M] () -- C:\Users\xxx\Desktop\adwcleaner.exe
[2012.10.13 16:12:00 | 000,298,844 | ---- | M] () -- C:\Users\xxx\Documents\pinfect.zip
[2012.10.13 16:11:33 | 000,000,056 | ---- | M] () -- C:\windows\Lic.xxx
[2012.10.13 13:06:23 | 000,000,736 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012.10.13 13:05:28 | 019,814,680 | ---- | M] () -- C:\windows\REGBK00.ZIP
[2012.10.13 12:59:19 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msvcr80.dll
[2012.10.13 12:59:18 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msvcp80.dll
[2012.10.13 12:59:17 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msvcp90.dll
[2012.10.13 12:59:16 | 000,655,872 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msvcr90.dll
[2012.10.13 12:59:15 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\windows\SysWow64\eEmpty.exe
[2012.10.13 12:54:20 | 000,001,011 | ---- | M] () -- C:\Users\xxx\Desktop\CCleaner.lnk
[2012.10.12 18:45:35 | 000,001,631 | ---- | M] () -- C:\Users\xxx\Desktop\WiseRegCleaner – zástupce.lnk
[2012.10.12 18:37:44 | 000,000,325 | ---- | M] () -- C:\windows\Ulead32.ini
[2012.10.10 20:33:45 | 000,221,401 | ---- | M] () -- C:\steam_2005_assert_2012_10_10T18_33_44C0.mdmp
[2012.10.09 20:10:40 | 000,444,411 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.13932575
[2012.10.07 18:51:49 | 000,032,768 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.06 20:18:10 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012.10.06 19:16:52 | 000,002,259 | ---- | M] () -- C:\Users\xxx\Desktop\Google Chrome.lnk
[2012.10.05 21:17:40 | 000,250,704 | ---- | M] (Valve Corporation) -- C:\vstdlib_s64.dll
[2012.10.05 21:17:40 | 000,202,576 | ---- | M] (Valve Corporation) -- C:\steamerrorreporter.exe
[2012.10.05 21:17:40 | 000,025,521 | ---- | M] () -- C:\SteamUI_2005.mst
[2012.10.05 21:17:39 | 008,017,056 | ---- | M] (Valve Corporation) -- C:\steamclient64.dll
[2012.10.05 21:17:39 | 000,688,464 | ---- | M] (Valve Corporation) -- C:\GameOverlayRenderer64.dll
[2012.10.05 21:17:39 | 000,279,376 | ---- | M] (Valve Corporation) -- C:\tier0_s64.dll
[2012.10.05 21:17:39 | 000,278,352 | ---- | M] (Valve Corporation) -- C:\crashhandler.dll
[2012.10.05 21:17:39 | 000,123,232 | ---- | M] () -- C:\avutil-51.dll
[2012.10.05 21:17:30 | 006,839,120 | ---- | M] (Valve Corporation) -- C:\steamclient.dll
[2012.10.05 21:17:30 | 000,587,088 | ---- | M] (Valve Corporation) -- C:\GameOverlayRenderer.dll
[2012.10.05 21:17:30 | 000,563,536 | ---- | M] (Valve Corporation) -- C:\AppOverlay64.dll
[2012.10.05 21:17:30 | 000,539,472 | ---- | M] (Valve Corporation) -- C:\AppOverlay.dll
[2012.10.05 21:17:30 | 000,237,904 | ---- | M] (Valve Corporation) -- C:\tier0_s.dll
[2012.10.05 21:17:30 | 000,212,304 | ---- | M] (Valve Corporation) -- C:\vstdlib_s.dll
[2012.10.05 21:17:30 | 000,071,464 | ---- | M] (Valve Corporation) -- C:\GameOverlayUI.exe
[2012.10.05 21:17:29 | 000,122,864 | ---- | M] (Valve) -- C:\CSERHelper.dll
[2012.10.05 21:17:05 | 002,975,568 | ---- | M] (Valve Corporation) -- C:\Steam.dll
[2012.10.05 21:17:05 | 001,039,192 | ---- | M] (Microsoft Corporation) -- C:\dbghelp.dll
[2012.10.05 21:17:04 | 004,061,008 | ---- | M] (Valve Corporation) -- C:\SteamUI.dll
[2012.10.05 21:17:03 | 000,284,456 | ---- | M] (Valve Corporation) -- C:\WriteMiniDump.exe
[2012.10.05 09:02:49 | 000,000,324 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForxxx.job
[2012.10.01 18:30:33 | 000,000,195 | ---- | M] () -- C:\Users\xxx\Desktop\Spiral Knights.url
[2012.09.28 13:01:56 | 000,401,926 | ---- | M] () -- C:\Users\xxx\Desktop\Video call snapshot 5.png
[2012.09.28 13:01:23 | 000,432,426 | ---- | M] () -- C:\Users\xxx\Desktop\Video call snapshot 4.png
[2012.09.28 12:56:02 | 000,424,449 | ---- | M] () -- C:\Users\xxx\Desktop\Video call snapshot 3.png
[2012.09.22 16:08:33 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Anti-Twin.lnk

========== Files Created - No Company Name ==========

[2012.10.21 12:26:48 | 502,270,422 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012.10.20 15:42:22 | 000,327,110 | ---- | C] () -- C:\Users\xxx\Desktop\2012-10-20 15.39.10.jpg
[2012.10.20 11:43:28 | 001,425,920 | ---- | C] () -- C:\Users\xxx\Desktop\RogueKiller.exe
[2012.10.20 11:43:01 | 000,881,773 | ---- | C] () -- C:\Users\xxx\Desktop\SecurityCheck.exe
[2012.10.20 11:42:47 | 000,458,240 | ---- | C] () -- C:\Users\xxx\Desktop\CKScanner.exe
[2012.10.13 16:17:34 | 000,538,327 | ---- | C] () -- C:\Users\xxx\Desktop\adwcleaner.exe
[2012.10.13 13:35:18 | 000,000,056 | ---- | C] () -- C:\windows\Lic.xxx
[2012.10.13 13:34:12 | 000,298,844 | ---- | C] () -- C:\Users\xxx\Documents\pinfect.zip
[2012.10.13 13:03:53 | 019,814,680 | ---- | C] () -- C:\windows\REGBK00.ZIP
[2012.10.13 12:54:20 | 000,001,011 | ---- | C] () -- C:\Users\xxx\Desktop\CCleaner.lnk
[2012.10.12 18:45:35 | 000,001,631 | ---- | C] () -- C:\Users\xxx\Desktop\WiseRegCleaner – zástupce.lnk
[2012.10.10 20:33:44 | 000,221,401 | ---- | C] () -- C:\steam_2005_assert_2012_10_10T18_33_44C0.mdmp
[2012.10.06 20:18:10 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012.10.06 19:16:52 | 000,002,259 | ---- | C] () -- C:\Users\xxx\Desktop\Google Chrome.lnk
[2012.10.05 21:17:40 | 000,025,521 | ---- | C] () -- C:\SteamUI_2005.mst
[2012.10.03 21:13:24 | 000,000,324 | ---- | C] () -- C:\windows\tasks\HPCeeScheduleForxxx.job
[2012.10.01 18:38:10 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012.10.01 18:30:33 | 000,000,195 | ---- | C] () -- C:\Users\xxx\Desktop\Spiral Knights.url
[2012.09.28 13:01:56 | 000,401,926 | ---- | C] () -- C:\Users\xxx\Desktop\Video call snapshot 5.png
[2012.09.28 13:01:23 | 000,432,426 | ---- | C] () -- C:\Users\xxx\Desktop\Video call snapshot 4.png
[2012.09.28 12:56:02 | 000,424,449 | ---- | C] () -- C:\Users\xxx\Desktop\Video call snapshot 3.png
[2012.09.27 13:51:17 | 001,259,888 | ---- | C] () -- C:\windows\SysNative\dmwu.exe
[2012.09.22 16:08:33 | 000,001,025 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anti-Twin.lnk
[2012.09.22 16:08:33 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Anti-Twin.lnk
[2012.07.19 11:27:34 | 000,281,288 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2012.07.19 11:27:21 | 000,076,888 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2012.05.05 18:33:17 | 000,000,924 | R-S- | C] () -- C:\Users\xxx\ntuser.pol
[2012.04.13 17:10:02 | 000,000,026 | ---- | C] () -- C:\windows\Irremote.ini
[2012.04.13 17:09:48 | 000,001,024 | ---- | C] () -- C:\Users\xxx\.rnd
[2012.03.23 13:51:06 | 000,099,384 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\ezpinst.exe
[2012.03.23 13:51:06 | 000,007,796 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\pcouffin.cat
[2012.03.23 13:51:06 | 000,001,167 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\pcouffin.inf
[2012.02.08 21:41:08 | 000,000,325 | ---- | C] () -- C:\windows\Ulead32.ini
[2012.01.18 13:02:52 | 000,007,605 | ---- | C] () -- C:\Users\xxx\AppData\Local\Resmon.ResmonCfg
[2011.12.06 21:44:04 | 000,302,592 | ---- | C] () -- C:\windows\mauninst.exe
[2011.12.04 21:33:19 | 000,005,901 | ---- | C] () -- C:\windows\wininit.ini
[2011.10.25 11:19:41 | 000,000,848 | --S- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.10.11 15:54:56 | 000,032,768 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.13 14:19:13 | 000,000,423 | ---- | C] () -- C:\windows\BRWMARK.INI
[2011.08.13 14:19:13 | 000,000,034 | ---- | C] () -- C:\windows\SysWow64\BD2030.DAT
[2011.07.31 11:23:12 | 001,471,654 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.07.14 15:17:09 | 2147,483,643 | ---- | C] () -- C:\Users\xxx\Z
[2011.07.13 14:05:27 | 000,000,048 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat
[2011.07.12 20:50:54 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2011.05.24 10:18:10 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011.01.29 17:00:24 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2011.01.29 17:00:22 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2011.01.29 17:00:22 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2011.01.29 17:00:22 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2011.01.29 17:00:22 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
[2010.12.09 19:17:16 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdgfbea.sys
[2010.12.09 18:53:40 | 000,000,188 | ---- | C] () -- C:\windows\SysWow64\HPWA.ini
[2010.12.09 18:44:45 | 000,000,178 | ---- | C] () -- C:\windows\SysWow64\HPPA.ini

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.09.28 12:44:20 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\.minecraft
[2012.03.14 22:11:36 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ACTIV Software
[2012.05.15 20:53:47 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\AnvSoft
[2012.02.16 14:58:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ashampoo
[2012.03.25 11:56:36 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Audacity
[2012.10.21 18:46:45 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\BitComet
[2011.08.10 19:22:25 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Blender Foundation
[2012.05.19 14:45:37 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\CleanMyPC Software
[2012.02.29 22:52:09 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DAEMON Tools Lite
[2011.07.11 14:33:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DigitalPersona
[2012.03.01 12:59:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FileZilla
[2012.03.09 13:12:13 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FinalBurner DATA
[2012.05.15 20:01:48 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GetRightToGo
[2012.04.16 15:33:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GHISLER
[2012.08.25 19:20:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GlarySoft
[2012.03.25 23:14:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\IObit
[2012.08.23 12:38:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\LolClient
[2012.03.14 22:37:42 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Promethean
[2011.10.11 15:49:14 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Samsung
[2012.08.03 12:42:42 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\skyz
[2012.02.21 21:18:06 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Sony
[2012.04.21 11:07:11 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TeamViewer
[2011.11.13 14:04:15 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Temp
[2011.07.13 20:48:05 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TrueCrypt
[2012.04.07 23:08:55 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TS3Client
[2012.03.30 10:50:43 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUp Software
[2012.03.23 13:53:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Vso
[2012.01.18 13:56:58 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Wise Registry Cleaner

========== Purity Check ==========

========== Custom Scans ==========

< :Files >
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,572 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2011.07.12 15:38:52 | 000,000,276 | ---- | C] () -- C:\windows\Tasks\GlaryInitialize.job
[2011.10.22 14:08:00 | 000,000,898 | ---- | C] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1019480102-3555355392-3892455197-1002Core.job
[2011.10.22 14:08:01 | 000,000,920 | ---- | C] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1019480102-3555355392-3892455197-1002UA.job
[2012.01.14 19:48:28 | 000,000,942 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.01.14 19:48:30 | 000,000,946 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.10.03 21:13:24 | 000,000,324 | ---- | C] () -- C:\windows\Tasks\HPCeeScheduleForxxx.job

< ipconfig /flushdns /c >
Konfigurace protokolu IP syst‚mu Windows
MezipamŘś pýekl d nˇ DNS byla ŁspŘçnŘ vypr zdnŘna.

< :Commands >

< [resethosts] >

< [emptytemp] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 177 bytes -> C:\ProgramData\Temp:ECF54A0E

< End of report >

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.65.1.1000
www.malwarebytes.org

Verze databáze: v2012.10.21.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
xxx :: XXX-HP [administrátor]

Ochrana: Povolena

21.10.2012 20:50:17
mbam-log-2012-10-21 (20-50-17).txt

Typ: Úplná kontrola (C:\|F:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 527544
Uplynulý čas: 1 hodin, 49 minut, 23 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

diky Jarda

Jsln · #11 Příspěvek od **Jsln** » 21 říj 2012 22:07

tak po restartu stav asi takto ....po zadaní uziv hesla start win cca minutu ...což je podstatně rychlejsí než dosud ....disk pracuje po najeti systemu méně a i vytížení procesoru je nižší ...dříve hdd stále pracoval a spustit mozzilu a podívat se na net trvalo tak 5 minut ..
zatím díky snad tento stav udržím co nejdéle ...samozřejmě jestě zítra kouknu na odpověd atd ,,,,,Jarda

#12 Příspěvek od **stell** » 22 říj 2012 06:51

Takto, treba citat co pisem, a nie hura system aplikovat.
Pisal som klikni na OPRAVIT a nie na SCAN.

No nic, to uz nechaj tak ,ale teraz presne sprav to, co tu napisem.

1:Spust program OTL .
Dole na spodku do okna vloz tento script co tu dam , a klikni na gombik OPRAVIT RunFix.
Log po restarte vloz sem, odskusat pc a napisat.

Kód: Vybrat vše

:OTL
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
IE - HKLM\..\SearchScopes\{C915BCF6-FF2A-4100-81A9-C2002CCA9DD5}: "URL" = http://www.toggle.com/en/index.php?rvs=google&q={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1019480102-3555355392-3892455197-1002\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1019480102-3555355392-3892455197-1002\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1019480102-3555355392-3892455197-1002\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1019480102-3555355392-3892455197-1002\..\SearchScopes\{67C4AA81-03F0-48C8-9391-351FF6FFB645}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=8R&apn_dtid=YYYYYYYYCZ&apn_uid=726A4DE6-E85B-474F-9A3D-C930361C16F0&apn_sauid=4B062F6C-040F-4C9E-B5B9-F1CF13F2B1BA
IE - HKU\S-1-5-21-1019480102-3555355392-3892455197-1002\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
IE - HKU\S-1-5-21-1019480102-3555355392-3892455197-1002\..\SearchScopes\{C915BCF6-FF2A-4100-81A9-C2002CCA9DD5}: "URL" = http://www.toggle.com/en/index.php?rvs=google&q={searchTerms}
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: File not found
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll (Bandoo Media, inc)
[2011.07.12 15:38:52 | 000,000,276 | ---- | C] () -- C:\windows\Tasks\GlaryInitialize.job
[2011.10.22 14:08:00 | 000,000,898 | ---- | C] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1019480102-3555355392-3892455197-1002Core.job
[2011.10.22 14:08:01 | 000,000,920 | ---- | C] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1019480102-3555355392-3892455197-1002UA.job
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
:files
C:\PROGRA~2\SEARCH~1
ipconfig /flushdns /c
:Commands
[resethosts]
[emptytemp]

Jsln · #13 Příspěvek od **Jsln** » 22 říj 2012 09:02

a jo sorry špatně čtu

log je dole po restartu , jen jsem nenašel tlačítko opravit run fix ...jen opravit... snad jsem to zase nepodělal ...

Dik J.

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1d89ae7-449d-4929-b24b-fded04adbe06}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C915BCF6-FF2A-4100-81A9-C2002CCA9DD5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C915BCF6-FF2A-4100-81A9-C2002CCA9DD5}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1019480102-3555355392-3892455197-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_USERS\S-1-5-21-1019480102-3555355392-3892455197-1002\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1019480102-3555355392-3892455197-1002\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-1019480102-3555355392-3892455197-1002\Software\Microsoft\Internet Explorer\SearchScopes\{67C4AA81-03F0-48C8-9391-351FF6FFB645}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67C4AA81-03F0-48C8-9391-351FF6FFB645}\ not found.
Registry key HKEY_USERS\S-1-5-21-1019480102-3555355392-3892455197-1002\Software\Microsoft\Internet Explorer\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1d89ae7-449d-4929-b24b-fded04adbe06}\ not found.
Registry key HKEY_USERS\S-1-5-21-1019480102-3555355392-3892455197-1002\Software\Microsoft\Internet Explorer\SearchScopes\{C915BCF6-FF2A-4100-81A9-C2002CCA9DD5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C915BCF6-FF2A-4100-81A9-C2002CCA9DD5}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll deleted successfully.
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngr.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll deleted successfully.
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll moved successfully.
C:\Windows\Tasks\GlaryInitialize.job moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1019480102-3555355392-3892455197-1002Core.job moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1019480102-3555355392-3892455197-1002UA.job moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLs"|"" /E : value set successfully!
========== FILES ==========
C:\PROGRA~2\SearchCore for Browsers\SearchCore for Browsers\x64 folder moved successfully.
C:\PROGRA~2\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension\content folder moved successfully.
C:\PROGRA~2\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension\components folder moved successfully.
C:\PROGRA~2\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension folder moved successfully.
C:\PROGRA~2\SearchCore for Browsers\SearchCore for Browsers folder moved successfully.
C:\PROGRA~2\SearchCore for Browsers folder moved successfully.
< ipconfig /flushdns /c >
Konfigurace protokolu IP syst‚mu Windows
MezipamŘś pýekl d nˇ DNS byla ŁspŘçnŘ vypr zdnŘna.
C:\Users\xxx\Desktop\cmd.bat deleted successfully.
C:\Users\xxx\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: xxx
->Temp folder emptied: 118553 bytes
->Temporary Internet Files folder emptied: 33882 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 62504947 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 671 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 60,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 10222012_095432

Files\Folders moved on Reboot...
C:\Users\xxx\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#14 Příspěvek od **stell** » 22 říj 2012 09:56

ok, odskusat pocitac a napisat, ci je uz ok, alebo co.

Jsln · #15 Příspěvek od **Jsln** » 23 říj 2012 10:21

pc je určitě svižnější hlavně start win , hdd dřív pořád něco chroustal ted je v klidu , možná že i dost brzdí neustalou kontrolou Avast , ale celkově je to o dost lepší

ten Malwarebytes' Anti-Malware"mám používat místo spy boot ? umí i na pozadí hlídat soubory a web ?
díky J.

VIRY.CZ

prosím o dořešení problému

prosím o dořešení problému

Re: prosím o dořešení problému

Re: prosím o dořešení problému

Re: prosím o dořešení problému

Re: prosím o dořešení problému

Re: prosím o dořešení problému

Re: prosím o dořešení problému

Re: prosím o dořešení problému

Re: prosím o dořešení problému

Re: prosím o dořešení problému

Re: prosím o dořešení problému

Re: prosím o dořešení problému

Re: prosím o dořešení problému

Re: prosím o dořešení problému

Re: prosím o dořešení problému