znefunkčnený Windows niečím z názvom title jonew

Zpráva

QuickShare · #1 Příspěvek od **QuickShare** » 25 dub 2013 13:04

Nazdar ... Dnes sa mi stala takáto nepríjemná vec: na Opere som mal nejaký PDF neviem čo to bolo... ponáhľal som sa tak som to len nejak odklikal (možno som to dal otvoriť)... potom mi vyskočilo okno „program prestal pracovat“ a potom som už len videl :jedna obrazovka bola biela a druha: tam som videl len tapetu....po reštartovaní počítača je tam stále to iste na PC sa nedá spustiť nič okrem správcu úloh a vidím tam v bežiace aplikácie : ta biela obrazovka je aplikácia s názvom TITLE JONEW... a potom tam ešte je host process for win.ser. ak ich dám ukončiť tak mi zmizne biela obrazovka a vidím na monitoroch len pozadie pracovnej plochy... procesy sa mi zdajú byt normálne i keď som možno niečo prehliadol.... na žiadne Ine povely PC nereaguje. Safe mode tiež nefunguje.
ak vypnem PC tak na chvíľku vidím svoju pracovnú plochu...

bude to nejaký vírus alebo mi odišlo niečo z Windowsu?

neviem ako spravit LOG kedze PC mi USB neotvori vidim ho v spravcovi ale spustit ho nejde

co sa s tym da robit?

Diky moc za každú radu....

QuickShare · #2 Příspěvek od **QuickShare** » 25 dub 2013 15:04

Ahoj cez spravcu uloh sa mi podarilo spravit aj LOG ale fungoval len DDS... a cez spravcu uloh sa da zapnut IE.... ale musim PC startovat s internetom ak odpojim internet tak mi biela obrazovka nejde vypnut a pc nereaguje na nic ak mam net tak sa to da vypnut... resetoval sa mi aj BIOS..
safe mode som skusal aj bez aj s netom a stale je to to iste... mam win 7 ale to uz vidis v logu

pridavam log :

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.16385
Run by Hacker at 15:51:41 on 2013-04-25
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.2047.1423 [GMT 2:00]
.
AV: ESET Smart Security 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET Smart Security 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\Explorer.EXE
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WerFault.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uWinlogon: Shell = explorer.exe,c:\users\hacker\appdata\roaming\AltShell.dat
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableSecureUIAPaths = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\icq7.5\ICQ.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 62.168.65.19 192.168.0.1
TCP: Interfaces\{176C225A-A76F-4264-8E3B-D96ED8D87C65} : DHCPNameServer = 62.168.65.19 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.02\AsSysCtrlService.exe [2009-12-26 90112]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-10-28 20328]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-5-14 731840]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-5-14 38240]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-5-15 382272]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [2010-11-8 7424]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 c2wts;Claims to Windows Token Service;c:\program files\windows identity foundation\v3.5\c2wtshost.exe [2010-6-17 13080]
.
=============== Created Last 30 ================
.
2013-04-25 13:51:11 781909 ----a-w- C:\RSIT.exe
2013-04-25 10:47:14 32256 ----a-w- c:\users\hacker\4676787.exe
2013-04-09 16:46:53 -------- d-----w- C:\Bohove areny
.
==================== Find3M ====================
.
2013-04-10 11:49:30 138032 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-04-10 11:49:18 281688 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-04-10 11:49:18 281688 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-03-31 10:55:05 281688 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-03-06 19:26:22 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
.
============= FINISH: 15:51:49,30 ===============

QuickShare · #3 Příspěvek od **QuickShare** » 25 dub 2013 16:07

nacitalo mi to pracovnu plochu

si borec !!

vyzera ako by bol v nudzovom rezime ale... co to bolo??... ako postupovat dalej? mam tam este nejaky virus?

thx

QuickShare · #4 Příspěvek od **QuickShare** » 25 dub 2013 19:30

RSIT mi stale vypisuje chybu : variable used without being declarated.

QuickShare · #5 Příspěvek od **QuickShare** » 25 dub 2013 19:46

Naughty píše:Pro dnesek koncim, budu zde zitra po 18hodine, snad i driv.

ok prepac mozno som odpisoval pomali ale akosi mi blbne pripojenie a tiez musim do prace...
tak zajtra ti tu napisem aby sme to dokoncili.. diky moc zatial. tak zajtra

maj sa....

QuickShare · #6 Příspěvek od **QuickShare** » 26 dub 2013 15:38

nazdar. pustil som OTL ako si kazal ale tiez mi vyskocil nejaky eror "cannot read file" tak myslim ze uz nepracuje ....skusim este raz ale na tom istom mieste to asi spravy znovu...

QuickShare · #7 Příspěvek od **QuickShare** » 26 dub 2013 16:43

ComboFix 13-04-26.01 - Hacker . 04. 2013 17:32:29.5.2 - x86 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.2047.1427 [GMT 2:00]
Running from: c:\users\Hacker\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\desktop.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-03-26 to 2013-04-26 )))))))))))))))))))))))))))))))
.
.
2013-04-26 15:35 . 2013-04-26 15:35 -------- d-----w- c:\users\Hacker\AppData\Local\temp
2013-04-26 15:35 . 2013-04-26 15:35 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-26 15:35 . 2013-04-26 15:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-04-26 15:35 . 2013-04-26 15:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-26 14:17 . 2013-04-26 14:17 512 ----a-w- C:\PhysicalMBR.bin
2013-04-26 14:11 . 2013-04-26 14:11 602112 ----a-w- C:\OTL.exe
2013-04-25 18:24 . 2013-04-25 18:24 -------- d-----w- C:\Nový priečinok (4)
2013-04-25 18:23 . 2013-04-25 18:23 -------- d-----w- C:\Nový priečinok (3)
2013-04-25 18:23 . 2013-04-25 18:25 -------- d-----w- C:\Nový priečinok (2)
2013-04-25 14:56 . 2013-04-25 13:53 6216360 ----a-w- C:\PCHunter32.exe
2013-04-25 13:51 . 2013-04-25 12:49 781909 ----a-w- C:\RSIT.exe
2013-04-09 16:46 . 2013-01-10 18:46 -------- d-----w- C:\Bohove areny
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-25 13:53 . 2013-04-25 14:56 6216360 ----a-w- C:\PCHunter32.exe
2013-04-10 11:49 . 2013-03-06 19:26 138032 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-04-10 11:49 . 2013-03-06 19:26 281688 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-04-10 11:49 . 2013-03-06 19:26 281688 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-03-31 10:55 . 2013-03-06 19:26 281688 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-03-06 19:26 . 2013-03-06 19:26 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2010-03-16 01:58 718208 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2009-09-11 23:34 2524416 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-06-17 11:56 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
2010-05-26 19:47 147456 ----a-w- c:\advanc~1\wh_exec.exe
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [x]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
R2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [x]
R3 cpuz131;cpuz131;c:\users\Hacker\AppData\Local\Temp\cpuz131\cpuz_x32.sys [x]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 62.168.65.19 192.168.0.1
.
.
Completion time: 2013-04-26 17:36:08
ComboFix-quarantined-files.txt 2013-04-26 15:36
ComboFix2.txt 2012-09-18 19:29
.
Pre-Run: 8 512 434 176 bytes free
Post-Run: 10 535 297 024 bytes free
.
- - End Of File - - F3F163D6DCD8ECABB9651F0F1293414B

QuickShare · #8 Příspěvek od **QuickShare** » 26 dub 2013 17:19

Naughty píše:Restartuj pc do normalniho rezimu, over v nem funkcnost.

zapol sa normalne ... nacital hned pracovnu plochu.. nevidim ziaden problem

QuickShare · #9 Příspěvek od **QuickShare** » 26 dub 2013 17:23

nejde... idem to skusit v nudzovom rezime?

QuickShare · #10 Příspěvek od **QuickShare** » 26 dub 2013 17:37

"Error: variable used without being declared"

ok pustam OTL...napisem ked to dokonci

QuickShare · #11 Příspěvek od **QuickShare** » 26 dub 2013 17:44

OTL logfile created on: 26. 4. 2013 18:38:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hacker\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

2,00 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 70,84% Memory free
5,00 Gb Paging File | 4,31 Gb Available in Paging File | 86,23% Paging File free
Paging file location(s): c:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 9,85 Gb Free Space | 10,08% Space Free | Partition Type: NTFS
Drive D: | 149,04 Gb Total Space | 15,90 Gb Free Space | 10,66% Space Free | Partition Type: NTFS
Drive E: | 368,10 Gb Total Space | 5,35 Gb Free Space | 1,45% Space Free | Partition Type: NTFS
Drive G: | 149,05 Gb Total Space | 6,58 Gb Free Space | 4,41% Space Free | Partition Type: NTFS
Drive H: | 7,34 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: HACKER-PC | User Name: Hacker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2013/04/26 16:11:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hacker\Desktop\OTL.exe
PRC - [2012/05/15 11:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/05/15 11:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/06/17 14:32:13 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/06/17 13:23:13 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/09/12 01:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodag.exe
PRC - [2009/06/26 17:08:38 | 006,036,992 | ---- | M] () -- C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
PRC - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/05/14 15:47:08 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/04/02 13:27:26 | 000,090,112 | ---- | M] () -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

========== Modules (No Company Name) ==========

MOD - [2010/01/30 03:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/06/26 17:08:38 | 006,036,992 | ---- | M] () -- C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
MOD - [2009/04/22 21:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files\ASUS\EPU-6 Engine\AsusService.dll
MOD - [2009/04/20 14:55:34 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\EPU-6 Engine\pngio.dll
MOD - [2006/01/10 17:50:20 | 000,024,576 | ---- | M] () -- C:\Windows\System32\AsIO.dll

========== Services (SafeList) ==========

SRV - [2012/05/15 12:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/06/17 13:19:26 | 000,013,080 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe -- (c2wts)
SRV - [2010/03/25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/09/12 01:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/14 15:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/04/02 13:27:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Hacker\AppData\Local\Temp\cpuz131\cpuz_x32.sys -- (cpuz131)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Hacker\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a9bmmet9)
DRV - [2012/05/15 12:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/07/09 13:18:54 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2010/06/12 14:54:03 | 000,014,336 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\EIO.sys -- (EIO)
DRV - [2010/01/21 18:14:38 | 000,279,712 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/01/19 14:00:53 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/01/06 17:54:38 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/09/17 02:19:16 | 000,007,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\whfltr2k.sys -- (whfltr2k)
DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 00:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2009/05/14 15:49:32 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2009/05/14 15:49:26 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/05/14 15:49:22 | 000,133,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2009/05/14 15:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/05/14 15:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009/05/13 20:11:32 | 000,006,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2007/12/17 18:14:06 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2004/11/25 18:36:06 | 000,077,248 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/11/25 18:32:01 | 000,054,368 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004/07/19 16:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003/12/01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49899

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49899

IE - HKU\S-1-5-21-1714108043-953005013-203788322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC 6B 33 5B 37 40 CE 01 [binary data]
IE - HKU\S-1-5-21-1714108043-953005013-203788322-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1714108043-953005013-203788322-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-1714108043-953005013-203788322-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.ph ... &ch_id=osd
IE - HKU\S-1-5-21-1714108043-953005013-203788322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/08/13 15:19:02 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - Extension: GamePlayLabs Plugin = C:\Users\Hacker\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocphobfcfafpclibolpjdafgaffkaoci\1.0_0\

O1 HOSTS File: ([2013/04/26 17:35:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1714108043-953005013-203788322-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1714108043-953005013-203788322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1714108043-953005013-203788322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName =
O7 - HKU\S-1-5-21-1714108043-953005013-203788322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction =
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Od&eslat do aplikace OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.168.65.19 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{176C225A-A76F-4264-8E3B-D96ED8D87C65}: DhcpNameServer = 62.168.65.19 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/01/05 08:38:21 | 000,000,097 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 7 Days ==========

[2013/04/26 17:36:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/26 17:36:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/04/26 17:36:09 | 000,000,000 | ---D | C] -- C:\Users\Hacker\AppData\Local\temp
[2013/04/26 17:05:53 | 005,059,946 | R--- | C] (Swearware) -- C:\Users\Hacker\Desktop\ComboFix.exe
[2013/04/26 16:59:00 | 005,059,946 | ---- | C] (Swearware) -- C:\ComboFix.exe
[2013/04/26 16:11:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hacker\Desktop\OTL.exe
[2013/04/26 16:11:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2013/04/25 20:24:03 | 000,000,000 | ---D | C] -- C:\Nový priečinok (4)
[2013/04/25 20:23:35 | 000,000,000 | ---D | C] -- C:\Nový priečinok (3)
[2013/04/25 20:23:29 | 000,000,000 | ---D | C] -- C:\Nový priečinok (2)
[2013/04/25 20:19:09 | 000,000,000 | ---D | C] -- C:\Users\Hacker\Desktop\PCHunter_free
[2013/04/25 16:56:01 | 006,216,360 | ---- | C] (一普明为（北京）信息技术有限公司) -- C:\PCHunter32.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2013/04/26 18:34:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/26 18:34:44 | 1609,916,416 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/26 18:34:44 | 001,909,093 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2013/04/26 18:33:42 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/26 18:33:42 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/26 17:44:14 | 000,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/26 17:44:14 | 000,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/26 17:35:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/04/26 17:00:43 | 005,059,946 | R--- | M] (Swearware) -- C:\Users\Hacker\Desktop\ComboFix.exe
[2013/04/26 17:00:43 | 005,059,946 | ---- | M] (Swearware) -- C:\ComboFix.exe
[2013/04/26 16:17:12 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013/04/26 16:11:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hacker\Desktop\OTL.exe
[2013/04/26 16:11:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2013/04/25 20:25:47 | 000,019,896 | ---- | M] () -- C:\log.rar
[2013/04/25 19:17:54 | 005,860,362 | ---- | M] () -- C:\Users\Hacker\Desktop\PCHunter_free.zip
[2013/04/25 15:53:30 | 006,216,360 | ---- | M] (一普明为（北京）信息技术有限公司) -- C:\PCHunter32.exe
[2013/04/25 15:41:46 | 000,000,004 | ---- | M] () -- C:\Users\Hacker\AppData\Roaming\AltShell.ini
[2013/04/25 14:49:20 | 000,781,909 | ---- | M] () -- C:\Users\Hacker\Desktop\RSIT.exe
[2013/04/25 14:49:20 | 000,781,909 | ---- | M] () -- C:\RSIT.exe
[2013/04/25 12:03:33 | 601,796,692 | ---- | M] () -- C:\Spartakus_pomsta_e09.rar
[2013/04/25 10:58:00 | 008,088,587 | ---- | M] () -- C:\Suvereno-feat-Patricia---Vratme_svetu_lasku__320kbps_SW33T.mp3
[2013/04/25 10:55:18 | 010,126,488 | ---- | M] () -- C:\DON-ČIČO--GITANAS---Už-nemožem-_SW33T.mp3
[2013/04/24 13:12:07 | 599,040,417 | ---- | M] () -- C:\Spartakus_pomsta_e08.rar
[2013/04/23 22:18:02 | 597,184,602 | ---- | M] () -- C:\Spartakus_pomsta_e07.rar
[2013/04/23 19:25:39 | 597,626,980 | ---- | M] () -- C:\Spartakus_pomsta_e06.rar
[2013/04/21 18:44:37 | 000,010,404 | -HS- | M] () -- C:\Folder.jpg
[2013/04/21 18:44:37 | 000,002,819 | -HS- | M] () -- C:\AlbumArtSmall.jpg
[2013/04/21 18:44:35 | 008,879,234 | ---- | M] () -- C:\DON ČIČO & KALI & GITANAS - MÁM CHUŤ ŽIŤ _ hudba_ CREAME.mp3
[2013/04/21 16:55:13 | 000,357,416 | ---- | M] () -- C:\Antique_wallpapers_309.jpeg
[2013/04/21 12:26:06 | 005,667,383 | ---- | M] () -- C:\Dj-Tiesto-feat.-Nelly-Furtado---Who-Wants-To-Be-Alone.mp3
[2013/04/20 18:37:35 | 602,296,409 | ---- | M] () -- C:\Spartakus_pomsta_e05.rar
[2013/04/20 16:00:36 | 100,365,491 | ---- | M] () -- C:\The.Simpsons.S24E03.HDTV.x264-LOL.mp4
[2013/04/20 15:42:38 | 001,484,409 | ---- | M] () -- C:\Users\Hacker\Desktop\img226.jpg
[2013/04/20 15:41:03 | 001,453,234 | ---- | M] () -- C:\Users\Hacker\Desktop\img225.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/26 16:17:12 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013/04/25 20:25:47 | 000,019,896 | ---- | C] () -- C:\log.rar
[2013/04/25 20:18:34 | 000,781,909 | ---- | C] () -- C:\Users\Hacker\Desktop\RSIT.exe
[2013/04/25 20:18:29 | 005,860,362 | ---- | C] () -- C:\Users\Hacker\Desktop\PCHunter_free.zip
[2013/04/25 15:51:11 | 000,781,909 | ---- | C] () -- C:\RSIT.exe
[2013/04/25 12:47:29 | 000,000,004 | ---- | C] () -- C:\Users\Hacker\AppData\Roaming\AltShell.ini
[2013/04/25 10:56:09 | 008,088,587 | ---- | C] () -- C:\Suvereno-feat-Patricia---Vratme_svetu_lasku__320kbps_SW33T.mp3
[2013/04/25 10:52:37 | 010,126,488 | ---- | C] () -- C:\DON-ČIČO--GITANAS---Už-nemožem-_SW33T.mp3
[2013/04/25 10:40:50 | 601,796,692 | ---- | C] () -- C:\Spartakus_pomsta_e09.rar
[2013/04/24 11:10:38 | 599,040,417 | ---- | C] () -- C:\Spartakus_pomsta_e08.rar
[2013/04/23 20:52:05 | 597,184,602 | ---- | C] () -- C:\Spartakus_pomsta_e07.rar
[2013/04/22 18:01:01 | 597,626,980 | ---- | C] () -- C:\Spartakus_pomsta_e06.rar
[2013/04/21 18:37:39 | 008,879,234 | ---- | C] () -- C:\DON ČIČO & KALI & GITANAS - MÁM CHUŤ ŽIŤ _ hudba_ CREAME.mp3
[2013/04/21 16:55:13 | 000,357,416 | ---- | C] () -- C:\Antique_wallpapers_309.jpeg
[2013/04/21 12:16:31 | 005,667,383 | ---- | C] () -- C:\Dj-Tiesto-feat.-Nelly-Furtado---Who-Wants-To-Be-Alone.mp3
[2013/04/20 15:57:23 | 602,296,409 | ---- | C] () -- C:\Spartakus_pomsta_e05.rar
[2013/04/20 15:42:38 | 001,484,409 | ---- | C] () -- C:\Users\Hacker\Desktop\img226.jpg
[2013/04/20 15:41:03 | 001,453,234 | ---- | C] () -- C:\Users\Hacker\Desktop\img225.jpg
[2013/04/20 15:24:27 | 100,365,491 | ---- | C] () -- C:\The.Simpsons.S24E03.HDTV.x264-LOL.mp4
[2013/03/06 21:26:49 | 000,138,032 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013/03/06 21:26:39 | 000,281,688 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2013/03/06 21:26:22 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/09/18 21:20:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/18 21:20:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/18 21:20:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/18 21:20:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/18 21:20:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/22 15:34:07 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012/02/11 22:30:15 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/07/14 13:29:27 | 000,001,064 | ---- | C] () -- C:\Users\Hacker\Dokumenty - odkaz (2).lnk
[2011/06/26 21:30:31 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/06/13 20:39:34 | 000,002,455 | ---- | C] () -- C:\Windows\TRNCOM.INI
[2011/05/01 18:48:58 | 000,000,047 | RH-- | C] () -- C:\Windows\ghdc.dat
[2011/05/01 18:06:29 | 000,000,045 | RH-- | C] () -- C:\Windows\pjd_user.dat
[2010/05/22 15:29:37 | 000,001,064 | ---- | C] () -- C:\Users\Hacker\Dokumenty - odkaz.lnk
[2010/03/28 17:16:39 | 000,000,145 | ---- | C] () -- C:\Users\Hacker\faktorial.m
[2010/03/28 17:13:36 | 000,000,296 | ---- | C] () -- C:\Users\Hacker\vvv.m

========== ZeroAccess Check ==========

[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/06/17 15:23:40 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/06/19 15:22:29 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Anthropics
[2012/08/13 16:57:11 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Bioshock2
[2010/05/14 15:51:59 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\BitSpirit
[2011/07/18 18:41:38 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\DAEMON Tools Pro
[2012/09/05 13:58:14 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\EPSON
[2009/12/25 15:02:26 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\ESET
[2011/06/06 00:17:05 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\FileZilla
[2013/04/25 00:11:53 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\ICQ
[2011/07/19 12:17:45 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\install
[2011/02/26 12:24:00 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Juniper Networks
[2011/06/13 20:39:39 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\LangSoft
[2013/03/24 16:27:34 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\OpenCandy
[2009/12/26 13:28:19 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Opera
[2012/05/15 21:51:19 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Origin
[2011/05/01 18:13:16 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Quantitative Micro Software
[2010/01/16 20:04:13 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\TuneUp Software
[2010/05/14 18:46:52 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Ubisoft
[2010/06/17 20:43:48 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\WinAVI

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >

QuickShare · #12 Příspěvek od **QuickShare** » 26 dub 2013 18:11

sry asi som zle precital lebo teraz mi to vyhodilo že nemôže create file.. nie read ako som napísal predtým...to už asi chcel uložiť log a nešlo to... ale prečo to šlo keď som to dával bez doplnkového skriptu.?

QuickShare · #13 Příspěvek od **QuickShare** » 26 dub 2013 18:37

skusal som to teraz este do tretice stale ta ista chyba... ok idem skusit s tym co si napisal...

davam tam len ten jeden riadok to predtym nie..... dufam ze som ta spravne pochopil dost zle spavam

QuickShare · #14 Příspěvek od **QuickShare** » 26 dub 2013 18:42

OTL logfile created on: 26. 4. 2013 19:38:29 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hacker\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

2,00 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 52,08% Memory free
5,00 Gb Paging File | 3,99 Gb Available in Paging File | 79,77% Paging File free
Paging file location(s): c:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 9,64 Gb Free Space | 9,87% Space Free | Partition Type: NTFS
Drive D: | 149,04 Gb Total Space | 15,83 Gb Free Space | 10,62% Space Free | Partition Type: NTFS
Drive E: | 368,10 Gb Total Space | 5,35 Gb Free Space | 1,45% Space Free | Partition Type: NTFS
Drive G: | 149,05 Gb Total Space | 6,58 Gb Free Space | 4,41% Space Free | Partition Type: NTFS
Drive H: | 7,34 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: HACKER-PC | User Name: Hacker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2013/04/26 16:11:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hacker\Desktop\OTL.exe
PRC - [2012/09/01 13:14:32 | 000,874,896 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2012/05/15 11:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/05/15 11:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/06/17 14:32:13 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/06/17 13:23:13 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/09/12 01:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodag.exe
PRC - [2009/06/26 17:08:38 | 006,036,992 | ---- | M] () -- C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
PRC - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/05/14 15:47:08 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/04/02 13:27:26 | 000,090,112 | ---- | M] () -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/26 12:42:31 | 009,459,912 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2010/01/30 03:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/06/26 17:08:38 | 006,036,992 | ---- | M] () -- C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
MOD - [2009/04/22 21:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files\ASUS\EPU-6 Engine\AsusService.dll
MOD - [2009/04/20 14:55:34 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\EPU-6 Engine\pngio.dll
MOD - [2006/01/10 17:50:20 | 000,024,576 | ---- | M] () -- C:\Windows\System32\AsIO.dll

========== Services (SafeList) ==========

SRV - [2012/05/15 12:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/06/17 13:19:26 | 000,013,080 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe -- (c2wts)
SRV - [2010/03/25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/09/12 01:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/14 15:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/04/02 13:27:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Hacker\AppData\Local\Temp\cpuz131\cpuz_x32.sys -- (cpuz131)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Hacker\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a9bmmet9)
DRV - [2012/05/15 12:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/07/09 13:18:54 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2010/06/12 14:54:03 | 000,014,336 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\EIO.sys -- (EIO)
DRV - [2010/01/21 18:14:38 | 000,279,712 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/01/19 14:00:53 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/01/06 17:54:38 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/09/17 02:19:16 | 000,007,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\whfltr2k.sys -- (whfltr2k)
DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 00:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2009/05/14 15:49:32 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2009/05/14 15:49:26 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/05/14 15:49:22 | 000,133,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2009/05/14 15:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/05/14 15:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009/05/13 20:11:32 | 000,006,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2007/12/17 18:14:06 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2004/11/25 18:36:06 | 000,077,248 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/11/25 18:32:01 | 000,054,368 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004/07/19 16:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003/12/01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49899

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49899

IE - HKU\S-1-5-21-1714108043-953005013-203788322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC 6B 33 5B 37 40 CE 01 [binary data]
IE - HKU\S-1-5-21-1714108043-953005013-203788322-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1714108043-953005013-203788322-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-1714108043-953005013-203788322-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.ph ... &ch_id=osd
IE - HKU\S-1-5-21-1714108043-953005013-203788322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/08/13 15:19:02 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - Extension: GamePlayLabs Plugin = C:\Users\Hacker\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocphobfcfafpclibolpjdafgaffkaoci\1.0_0\

O1 HOSTS File: ([2013/04/26 17:35:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1714108043-953005013-203788322-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1714108043-953005013-203788322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1714108043-953005013-203788322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName =
O7 - HKU\S-1-5-21-1714108043-953005013-203788322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction =
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Od&eslat do aplikace OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.168.65.19 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{176C225A-A76F-4264-8E3B-D96ED8D87C65}: DhcpNameServer = 62.168.65.19 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/01/05 08:38:21 | 000,000,097 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 7 Days ==========

[2013/04/26 17:36:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/26 17:36:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/04/26 17:36:09 | 000,000,000 | ---D | C] -- C:\Users\Hacker\AppData\Local\temp
[2013/04/26 17:05:53 | 005,059,946 | R--- | C] (Swearware) -- C:\Users\Hacker\Desktop\ComboFix.exe
[2013/04/26 16:59:00 | 005,059,946 | ---- | C] (Swearware) -- C:\ComboFix.exe
[2013/04/26 16:11:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hacker\Desktop\OTL.exe
[2013/04/26 16:11:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2013/04/25 20:24:03 | 000,000,000 | ---D | C] -- C:\Nový priečinok (4)
[2013/04/25 20:23:35 | 000,000,000 | ---D | C] -- C:\Nový priečinok (3)
[2013/04/25 20:23:29 | 000,000,000 | ---D | C] -- C:\Nový priečinok (2)
[2013/04/25 20:19:09 | 000,000,000 | ---D | C] -- C:\Users\Hacker\Desktop\PCHunter_free
[2013/04/25 16:56:01 | 006,216,360 | ---- | C] (一普明为（北京）信息技术有限公司) -- C:\PCHunter32.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2013/04/26 19:19:42 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013/04/26 18:41:59 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/26 18:41:59 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/26 18:41:14 | 000,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/26 18:41:14 | 000,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/26 18:34:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/26 18:34:44 | 1609,916,416 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/26 18:34:44 | 001,909,093 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2013/04/26 17:35:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/04/26 17:00:43 | 005,059,946 | R--- | M] (Swearware) -- C:\Users\Hacker\Desktop\ComboFix.exe
[2013/04/26 17:00:43 | 005,059,946 | ---- | M] (Swearware) -- C:\ComboFix.exe
[2013/04/26 16:11:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hacker\Desktop\OTL.exe
[2013/04/26 16:11:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2013/04/25 20:25:47 | 000,019,896 | ---- | M] () -- C:\log.rar
[2013/04/25 19:17:54 | 005,860,362 | ---- | M] () -- C:\Users\Hacker\Desktop\PCHunter_free.zip
[2013/04/25 15:53:30 | 006,216,360 | ---- | M] (一普明为（北京）信息技术有限公司) -- C:\PCHunter32.exe
[2013/04/25 15:41:46 | 000,000,004 | ---- | M] () -- C:\Users\Hacker\AppData\Roaming\AltShell.ini
[2013/04/25 14:49:20 | 000,781,909 | ---- | M] () -- C:\Users\Hacker\Desktop\RSIT.exe
[2013/04/25 14:49:20 | 000,781,909 | ---- | M] () -- C:\RSIT.exe
[2013/04/25 12:03:33 | 601,796,692 | ---- | M] () -- C:\Spartakus_pomsta_e09.rar
[2013/04/25 10:58:00 | 008,088,587 | ---- | M] () -- C:\Suvereno-feat-Patricia---Vratme_svetu_lasku__320kbps_SW33T.mp3
[2013/04/25 10:55:18 | 010,126,488 | ---- | M] () -- C:\DON-ČIČO--GITANAS---Už-nemožem-_SW33T.mp3
[2013/04/24 13:12:07 | 599,040,417 | ---- | M] () -- C:\Spartakus_pomsta_e08.rar
[2013/04/23 22:18:02 | 597,184,602 | ---- | M] () -- C:\Spartakus_pomsta_e07.rar
[2013/04/23 19:25:39 | 597,626,980 | ---- | M] () -- C:\Spartakus_pomsta_e06.rar
[2013/04/21 18:44:37 | 000,010,404 | -HS- | M] () -- C:\Folder.jpg
[2013/04/21 18:44:37 | 000,002,819 | -HS- | M] () -- C:\AlbumArtSmall.jpg
[2013/04/21 18:44:35 | 008,879,234 | ---- | M] () -- C:\DON ČIČO & KALI & GITANAS - MÁM CHUŤ ŽIŤ _ hudba_ CREAME.mp3
[2013/04/21 16:55:13 | 000,357,416 | ---- | M] () -- C:\Antique_wallpapers_309.jpeg
[2013/04/21 12:26:06 | 005,667,383 | ---- | M] () -- C:\Dj-Tiesto-feat.-Nelly-Furtado---Who-Wants-To-Be-Alone.mp3
[2013/04/20 18:37:35 | 602,296,409 | ---- | M] () -- C:\Spartakus_pomsta_e05.rar
[2013/04/20 16:00:36 | 100,365,491 | ---- | M] () -- C:\The.Simpsons.S24E03.HDTV.x264-LOL.mp4
[2013/04/20 15:42:38 | 001,484,409 | ---- | M] () -- C:\Users\Hacker\Desktop\img226.jpg
[2013/04/20 15:41:03 | 001,453,234 | ---- | M] () -- C:\Users\Hacker\Desktop\img225.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/26 16:17:12 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013/04/25 20:25:47 | 000,019,896 | ---- | C] () -- C:\log.rar
[2013/04/25 20:18:34 | 000,781,909 | ---- | C] () -- C:\Users\Hacker\Desktop\RSIT.exe
[2013/04/25 20:18:29 | 005,860,362 | ---- | C] () -- C:\Users\Hacker\Desktop\PCHunter_free.zip
[2013/04/25 15:51:11 | 000,781,909 | ---- | C] () -- C:\RSIT.exe
[2013/04/25 12:47:29 | 000,000,004 | ---- | C] () -- C:\Users\Hacker\AppData\Roaming\AltShell.ini
[2013/04/25 10:56:09 | 008,088,587 | ---- | C] () -- C:\Suvereno-feat-Patricia---Vratme_svetu_lasku__320kbps_SW33T.mp3
[2013/04/25 10:52:37 | 010,126,488 | ---- | C] () -- C:\DON-ČIČO--GITANAS---Už-nemožem-_SW33T.mp3
[2013/04/25 10:40:50 | 601,796,692 | ---- | C] () -- C:\Spartakus_pomsta_e09.rar
[2013/04/24 11:10:38 | 599,040,417 | ---- | C] () -- C:\Spartakus_pomsta_e08.rar
[2013/04/23 20:52:05 | 597,184,602 | ---- | C] () -- C:\Spartakus_pomsta_e07.rar
[2013/04/22 18:01:01 | 597,626,980 | ---- | C] () -- C:\Spartakus_pomsta_e06.rar
[2013/04/21 18:37:39 | 008,879,234 | ---- | C] () -- C:\DON ČIČO & KALI & GITANAS - MÁM CHUŤ ŽIŤ _ hudba_ CREAME.mp3
[2013/04/21 16:55:13 | 000,357,416 | ---- | C] () -- C:\Antique_wallpapers_309.jpeg
[2013/04/21 12:16:31 | 005,667,383 | ---- | C] () -- C:\Dj-Tiesto-feat.-Nelly-Furtado---Who-Wants-To-Be-Alone.mp3
[2013/04/20 15:57:23 | 602,296,409 | ---- | C] () -- C:\Spartakus_pomsta_e05.rar
[2013/04/20 15:42:38 | 001,484,409 | ---- | C] () -- C:\Users\Hacker\Desktop\img226.jpg
[2013/04/20 15:41:03 | 001,453,234 | ---- | C] () -- C:\Users\Hacker\Desktop\img225.jpg
[2013/04/20 15:24:27 | 100,365,491 | ---- | C] () -- C:\The.Simpsons.S24E03.HDTV.x264-LOL.mp4
[2013/03/06 21:26:49 | 000,138,032 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013/03/06 21:26:39 | 000,281,688 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2013/03/06 21:26:22 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/09/18 21:20:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/18 21:20:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/18 21:20:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/18 21:20:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/18 21:20:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/22 15:34:07 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012/02/11 22:30:15 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/07/14 13:29:27 | 000,001,064 | ---- | C] () -- C:\Users\Hacker\Dokumenty - odkaz (2).lnk
[2011/06/26 21:30:31 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/06/13 20:39:34 | 000,002,455 | ---- | C] () -- C:\Windows\TRNCOM.INI
[2011/05/01 18:48:58 | 000,000,047 | RH-- | C] () -- C:\Windows\ghdc.dat
[2011/05/01 18:06:29 | 000,000,045 | RH-- | C] () -- C:\Windows\pjd_user.dat
[2010/05/22 15:29:37 | 000,001,064 | ---- | C] () -- C:\Users\Hacker\Dokumenty - odkaz.lnk
[2010/03/28 17:16:39 | 000,000,145 | ---- | C] () -- C:\Users\Hacker\faktorial.m
[2010/03/28 17:13:36 | 000,000,296 | ---- | C] () -- C:\Users\Hacker\vvv.m

========== ZeroAccess Check ==========

[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/06/17 15:23:40 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/06/19 15:22:29 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Anthropics
[2012/08/13 16:57:11 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Bioshock2
[2010/05/14 15:51:59 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\BitSpirit
[2011/07/18 18:41:38 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\DAEMON Tools Pro
[2012/09/05 13:58:14 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\EPSON
[2009/12/25 15:02:26 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\ESET
[2011/06/06 00:17:05 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\FileZilla
[2013/04/25 00:11:53 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\ICQ
[2011/07/19 12:17:45 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\install
[2011/02/26 12:24:00 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Juniper Networks
[2011/06/13 20:39:39 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\LangSoft
[2013/03/24 16:27:34 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\OpenCandy
[2009/12/26 13:28:19 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Opera
[2012/05/15 21:51:19 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Origin
[2011/05/01 18:13:16 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Quantitative Micro Software
[2010/01/16 20:04:13 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\TuneUp Software
[2010/05/14 18:46:52 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Ubisoft
[2010/06/17 20:43:48 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\WinAVI

========== Purity Check ==========

========== Custom Scans ==========

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs" /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER\KNOWNDLLS
clbcatq REG_SZ clbcatq.dll
ole32 REG_SZ ole32.dll
advapi32 REG_SZ advapi32.dll
COMDLG32 REG_SZ COMDLG32.dll
DllDirectory REG_EXPAND_SZ %SystemRoot%\system32
gdi32 REG_SZ gdi32.dll
IERTUTIL REG_SZ IERTUTIL.dll
IMAGEHLP REG_SZ IMAGEHLP.dll
IMM32 REG_SZ IMM32.dll
kernel32 REG_SZ kernel32.dll
LPK REG_SZ LPK.dll
MSCTF REG_SZ MSCTF.dll
MSVCRT REG_SZ MSVCRT.dll
NORMALIZ REG_SZ NORMALIZ.dll
NSI REG_SZ NSI.dll
OLEAUT32 REG_SZ OLEAUT32.dll
PSAPI REG_SZ PSAPI.DLL
rpcrt4 REG_SZ rpcrt4.dll
sechost REG_SZ sechost.dll
Setupapi REG_SZ Setupapi.dll
SHELL32 REG_SZ SHELL32.dll
SHLWAPI REG_SZ SHLWAPI.dll
URLMON REG_SZ URLMON.dll
user32 REG_SZ user32.dll
USP10 REG_SZ USP10.dll
WININET REG_SZ WININET.dll
WLDAP32 REG_SZ WLDAP32.dll
WS2_32 REG_SZ WS2_32.dll
DifxApi REG_SZ difxapi.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >

QuickShare · #15 Příspěvek od **QuickShare** » 26 dub 2013 18:50

ale scan uz prebehol az dokonca takze apson nieco... ale to uz vidis..
tak ako som na tom?

VIRY.CZ

znefunkčnený Windows niečím z názvom title jonew

znefunkčnený Windows niečím z názvom title jonew

Re: znefunkčnený Windows niečím z názvom title jonew

Re: znefunkčnený Windows niečím z názvom title jonew

Re: znefunkčnený Windows niečím z názvom title jonew

Re: znefunkčnený Windows niečím z názvom title jonew

Re: znefunkčnený Windows niečím z názvom title jonew

Re: znefunkčnený Windows niečím z názvom title jonew

Re: znefunkčnený Windows niečím z názvom title jonew

Re: znefunkčnený Windows niečím z názvom title jonew

Re: znefunkčnený Windows niečím z názvom title jonew

Re: znefunkčnený Windows niečím z názvom title jonew

Re: znefunkčnený Windows niečím z názvom title jonew

Re: znefunkčnený Windows niečím z názvom title jonew

Re: znefunkčnený Windows niečím z názvom title jonew

Re: znefunkčnený Windows niečím z názvom title jonew