BOOT virus

Zpráva

Michal747 · #1 Příspěvek od **Michal747** » 01 srp 2010 18:53

Dobrý den, potřeboval bych pomoct s odstraněním virusu "TSR.BOOT VIRUS". Už sem to viděl topic kde jeden člověk tohle řešil ale zřejmě měl Windows XP a navíc já nejsem v tomhle moc skušený uživatel. Moje os: Windows 7 ultimate 64 bit. Začalo to když sem našel na internetu skin na win 7 konkrétnějc tohle: http://www.hyperdesk.com/windows7.php. A stáhl z uloz.to a nainstaloval. Po restartu mi antivirus řekl že tam mam v nějakem sektoru boot virus. Dost mě to štve a z těmahle věcma nemam žadne skušenosti takže bych byl rád kdyby mi někdo pomohl, prosííím.

#2 Příspěvek od **Rudy** » 01 srp 2010 19:24

Dejte log z RSIT: http://viry.cz/forum/viewtopic.php?f=24&t=81939 .

Michal747 · #3 Příspěvek od **Michal747** » 01 srp 2010 20:10

Logfile of random's system information tool 1.08 (written by random/random)
Run by Frančiak at 2010-08-01 21:09:50
Microsoft Windows 7 Ultimate
System drive C: has 25 GB (32%) free of 76 GB
Total RAM: 4095 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:09:57, on 1.8.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\ICQ7.2\ICQ.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files\trend micro\Frančiak.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=13170&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKCU\..\Run: [Steam] "d:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [Google Update] "C:\Users\Frančiak\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: CurseClientStartup.ccip
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Stavová služba ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9920 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE 0x2bc
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Common Files\Game Updater\gameupdater.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe" -service
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-43dee509-d815-4f58-aff0-a692843cdc88 -SystemEventPortName:HostProcess-81c5ed8a-0e80-425e-bd41-26dde67bcd9a -IoCancelEventPortName:HostProcess-3ab48ebf-cb1b-496b-bedf-000bc7de4909 -NonStateChangingEventPortName:HostProcess-9c5a787c-63bc-4fa2-92de-9c0272ab0035 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:a4df9177-fd13-4f05-b37c-82902d79ac27
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
"C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe"
"C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
"C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe" /SILENT
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Nero\Update\NASvc.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\ICQ7.2\ICQ.exe"
"D:\Program Files (x86)\World of Warcraft\Wow.exe"
"C:\Program Files (x86)\Opera\opera.exe"
taskeng.exe {C3E74134-6AA7-4C93-B240-3FF07FCF804A}
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe13_ Global\UsGthrCtrlFltPipeMssGthrPipe13 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"c:\program files\windows defender\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey F37B0BC5-64EE-20A3-B093-BC56DB20A7B7 -Reinvoke
"C:\Users\Frančiak\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\AWC Update.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2438302395-2160363849-1227002088-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2438302395-2160363849-1227002088-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-07-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-18 500208]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-07-02 2903688]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=d:\program files\steam\steam.exe [2010-06-17 1238352]
"Advanced SystemCare 3"=C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe [2010-07-02 2347216]
"Google Update"=C:\Users\Frančiak\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-14 136176]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"RGSC"=C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2010-05-10 26959144]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2009-03-15 180224]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09 49208]
"amd_dc_opt"=C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
hp psc 1000 series.lnk - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Users\Frančiak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
CurseClientStartup.ccip

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-01 21:09:51 ----D---- C:\Program Files\trend micro
2010-08-01 20:27:06 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-08-01 20:27:06 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2010-08-01 19:32:28 ----D---- C:\Program Files (x86)\CCleaner
2010-08-01 02:25:51 ----A---- C:\Windows\SYSWOW64\winver.exe
2010-08-01 02:25:51 ----A---- C:\Windows\SYSWOW64\user32.dll
2010-08-01 02:25:51 ----A---- C:\Windows\SYSWOW64\systemcpl.dll
2010-08-01 02:25:51 ----A---- C:\Windows\SYSWOW64\sppcomapi.dll
2010-08-01 02:25:51 ----A---- C:\Windows\SYSWOW64\slmgr.vbs
2010-08-01 00:03:40 ----A---- C:\Windows\WANEUninstaller.exe
2010-07-23 23:13:11 ----SD---- C:\Program Files (x86)\HLSW
2010-07-23 23:13:11 ----D---- C:\Users\Frančiak\AppData\Roaming\HLSW
2010-07-23 19:40:43 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2010-07-23 19:40:43 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2010-07-23 19:40:43 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2010-07-23 19:40:43 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2010-07-23 19:40:43 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-07-23 19:40:43 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-07-23 19:40:43 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-07-23 19:40:43 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-07-23 19:40:42 ----A---- C:\Windows\SYSWOW64\XAudio2_5.dll
2010-07-23 19:40:42 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-07-23 19:40:41 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2010-07-23 19:40:41 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-07-23 19:40:41 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-07-23 19:40:40 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2010-07-23 19:40:40 ----A---- C:\Windows\SYSWOW64\d3dx10_42.dll
2010-07-23 19:40:40 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2010-07-23 19:40:40 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-07-23 19:40:40 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-07-23 19:40:40 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-07-23 19:40:39 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-07-23 19:40:37 ----A---- C:\Windows\SYSWOW64\XAPOFX1_3.dll
2010-07-23 19:40:37 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-07-23 19:40:33 ----A---- C:\Windows\system32\XAudio2_3.dll
2010-07-23 19:40:33 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2010-07-23 19:40:33 ----A---- C:\Windows\system32\xactengine3_3.dll
2010-07-23 19:40:33 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2010-07-22 20:13:03 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2010-07-22 20:13:03 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2010-07-22 20:13:03 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2010-07-22 20:13:03 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2010-07-22 16:35:06 ----A---- C:\Windows\SYSWOW64\Msvcr71.dll
2010-07-22 16:35:06 ----A---- C:\Windows\SYSWOW64\mfc71.dll
2010-07-22 16:28:31 ----A---- C:\Windows\SYSWOW64\CmdLineExt_x64.dll
2010-07-22 16:27:09 ----D---- C:\Windows\SYSWOW64\xlive
2010-07-22 16:27:09 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2010-07-22 16:09:16 ----D---- C:\Program Files (x86)\Rockstar Games
2010-07-22 14:12:31 ----D---- C:\Users\Frančiak\AppData\Roaming\NVIDIA
2010-07-22 14:12:21 ----D---- C:\Program Files (x86)\AMD
2010-07-22 14:12:18 ----D---- C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2010-07-22 14:12:10 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2010-07-22 14:12:10 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2010-07-22 14:12:10 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2010-07-22 14:12:10 ----A---- C:\Windows\system32\XAudio2_2.dll
2010-07-22 14:12:10 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2010-07-22 14:12:10 ----A---- C:\Windows\system32\xactengine3_2.dll
2010-07-22 14:12:07 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2010-07-22 14:12:07 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2010-07-22 14:12:07 ----A---- C:\Windows\system32\d3dx10_39.dll
2010-07-22 14:12:07 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2010-07-22 14:12:05 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2010-07-22 14:12:05 ----A---- C:\Windows\system32\D3DX9_39.dll
2010-07-21 11:43:12 ----D---- C:\Users\Frančiak\AppData\Roaming\Ubisoft
2010-07-21 11:43:12 ----D---- C:\ProgramData\Ubisoft
2010-07-18 15:27:26 ----A---- C:\Windows\CoD.INI
2010-07-18 00:59:38 ----D---- C:\Program Files\Adobe
2010-07-17 23:29:45 ----D---- C:\Users\Frančiak\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2010-07-17 23:14:50 ----A---- C:\Windows\system32\drivers\hamachi.sys
2010-07-17 23:04:00 ----AH---- C:\Windows\system32\hamachi.sys
2010-07-17 22:45:36 ----D---- C:\Program Files (x86)\TeamViewer
2010-07-17 21:27:29 ----D---- C:\Program Files (x86)\QS
2010-07-17 21:12:21 ----D---- C:\Users\Frančiak\AppData\Roaming\Hamachi
2010-07-17 21:12:05 ----D---- C:\Program Files (x86)\Hamachi
2010-07-17 14:14:14 ----D---- C:\Program Files (x86)\Google
2010-07-16 16:48:46 ----D---- C:\Program Files\NVIDIA Corporation
2010-07-16 13:56:06 ----A---- C:\Windows\system32\MRT.exe
2010-07-16 13:55:07 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2010-07-16 13:55:07 ----A---- C:\Windows\system32\msv1_0.dll
2010-07-16 13:53:31 ----D---- C:\Program Files (x86)\MSXML 4.0
2010-07-16 13:52:39 ----A---- C:\Windows\SYSWOW64\PresentationHostProxy.dll
2010-07-16 13:52:39 ----A---- C:\Windows\SYSWOW64\PresentationHost.exe
2010-07-16 13:52:39 ----A---- C:\Windows\SYSWOW64\netfxperf.dll
2010-07-16 13:52:39 ----A---- C:\Windows\SYSWOW64\mscoree.dll
2010-07-16 13:52:39 ----A---- C:\Windows\SYSWOW64\dfshim.dll
2010-07-16 13:52:39 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-07-16 13:52:39 ----A---- C:\Windows\system32\PresentationHost.exe
2010-07-16 13:52:39 ----A---- C:\Windows\system32\netfxperf.dll
2010-07-16 13:52:39 ----A---- C:\Windows\system32\mscoree.dll
2010-07-16 13:52:39 ----A---- C:\Windows\system32\dfshim.dll
2010-07-16 13:52:21 ----A---- C:\Windows\system32\browserchoice.exe
2010-07-16 13:49:00 ----A---- C:\Windows\SYSWOW64\cabview.dll
2010-07-16 13:49:00 ----A---- C:\Windows\system32\cabview.dll
2010-07-16 13:48:57 ----A---- C:\Windows\system32\wmp.dll
2010-07-16 13:48:55 ----A---- C:\Windows\SYSWOW64\wmp.dll
2010-07-16 13:48:53 ----A---- C:\Windows\SYSWOW64\CertEnroll.dll
2010-07-16 13:48:53 ----A---- C:\Windows\system32\CertEnroll.dll
2010-07-16 13:48:52 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2010-07-16 13:48:52 ----A---- C:\Windows\system32\wmploc.DLL
2010-07-16 13:48:51 ----A---- C:\Windows\SYSWOW64\t2embed.dll
2010-07-16 13:48:51 ----A---- C:\Windows\system32\t2embed.dll
2010-07-16 13:48:50 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2010-07-16 13:48:50 ----A---- C:\Windows\system32\cdd.dll
2010-07-16 13:48:49 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2010-07-16 13:48:49 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-07-16 13:48:48 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2010-07-16 13:48:38 ----A---- C:\Windows\SYSWOW64\explorer.exe
2010-07-16 13:48:38 ----A---- C:\Windows\system32\winlogon.exe
2010-07-16 13:48:38 ----A---- C:\Windows\explorer.exe
2010-07-16 13:48:37 ----A---- C:\Windows\system32\inetcomm.dll
2010-07-16 13:48:36 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2010-07-16 13:48:36 ----A---- C:\Windows\system32\quartz.dll
2010-07-16 13:48:35 ----A---- C:\Windows\SYSWOW64\tsbyuv.dll
2010-07-16 13:48:35 ----A---- C:\Windows\SYSWOW64\quartz.dll
2010-07-16 13:48:35 ----A---- C:\Windows\SYSWOW64\msyuv.dll
2010-07-16 13:48:35 ----A---- C:\Windows\SYSWOW64\msvidc32.dll
2010-07-16 13:48:35 ----A---- C:\Windows\SYSWOW64\msrle32.dll
2010-07-16 13:48:35 ----A---- C:\Windows\SYSWOW64\mciavi32.dll
2010-07-16 13:48:35 ----A---- C:\Windows\SYSWOW64\iyuv_32.dll
2010-07-16 13:48:35 ----A---- C:\Windows\SYSWOW64\avifil32.dll
2010-07-16 13:48:35 ----A---- C:\Windows\system32\tsbyuv.dll
2010-07-16 13:48:35 ----A---- C:\Windows\system32\msyuv.dll
2010-07-16 13:48:35 ----A---- C:\Windows\system32\msvidc32.dll
2010-07-16 13:48:35 ----A---- C:\Windows\system32\msrle32.dll
2010-07-16 13:48:35 ----A---- C:\Windows\system32\iyuv_32.dll
2010-07-16 13:48:33 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2010-07-16 13:48:33 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2010-07-16 13:48:33 ----A---- C:\Windows\system32\wintrust.dll
2010-07-16 13:48:33 ----A---- C:\Windows\system32\vbscript.dll
2010-07-16 13:48:33 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2010-07-16 13:48:33 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2010-07-16 13:48:33 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2010-07-16 13:48:32 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2010-07-16 13:48:32 ----A---- C:\Windows\system32\asycfilt.dll
2010-07-16 13:48:29 ----A---- C:\Windows\SYSWOW64\jscript.dll
2010-07-16 13:48:29 ----A---- C:\Windows\system32\jscript.dll
2010-07-16 13:48:28 ----A---- C:\Windows\SYSWOW64\msasn1.dll
2010-07-16 13:48:28 ----A---- C:\Windows\system32\msasn1.dll
2010-07-16 13:48:26 ----A---- C:\Windows\system32\shell32.dll
2010-07-16 13:48:25 ----A---- C:\Windows\SYSWOW64\shell32.dll
2010-07-16 13:48:25 ----A---- C:\Windows\SYSWOW64\secur32.dll
2010-07-16 13:48:25 ----A---- C:\Windows\system32\lsasrv.dll
2010-07-16 13:48:25 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2010-07-16 13:48:24 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2010-07-16 13:47:57 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2010-07-16 13:47:57 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2010-07-16 13:47:57 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2010-07-16 13:47:57 ----A---- C:\Windows\system32\fontsub.dll
2010-07-16 13:47:57 ----A---- C:\Windows\system32\atmlib.dll
2010-07-16 13:47:57 ----A---- C:\Windows\system32\atmfd.dll
2010-07-16 13:47:47 ----A---- C:\Windows\system32\mshtml.dll
2010-07-16 13:47:46 ----A---- C:\Windows\system32\ieframe.dll
2010-07-16 13:47:45 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2010-07-16 13:47:41 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2010-07-16 13:47:41 ----A---- C:\Windows\system32\mstime.dll
2010-07-16 13:47:40 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2010-07-16 13:47:40 ----A---- C:\Windows\SYSWOW64\mstime.dll
2010-07-16 13:47:40 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2010-07-16 13:47:40 ----A---- C:\Windows\system32\wininet.dll
2010-07-16 13:47:40 ----A---- C:\Windows\system32\urlmon.dll
2010-07-16 13:47:40 ----A---- C:\Windows\system32\iedkcs32.dll
2010-07-16 13:47:39 ----A---- C:\Windows\SYSWOW64\wininet.dll
2010-07-16 13:47:39 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2010-07-16 13:47:39 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2010-07-16 13:47:39 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-07-16 13:47:39 ----A---- C:\Windows\system32\jsproxy.dll
2010-07-16 13:47:15 ----A---- C:\Windows\system32\win32k.sys
2010-07-16 13:47:13 ----A---- C:\Windows\SYSWOW64\tzres.dll
2010-07-16 13:47:13 ----A---- C:\Windows\system32\tzres.dll
2010-07-16 13:47:12 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-07-16 13:47:12 ----A---- C:\Windows\system32\drivers\srv.sys
2010-07-16 13:32:48 ----D---- C:\Windows\SYSWOW64\Wat
2010-07-16 13:32:48 ----D---- C:\Windows\system32\Wat
2010-07-15 20:29:25 ----D---- C:\Users\Frančiak\AppData\Roaming\TeamViewer
2010-07-15 16:32:34 ----D---- C:\Windows\Sun
2010-07-15 15:41:45 ----D---- C:\ProgramData\FLEXnet
2010-07-15 15:32:01 ----N---- C:\Windows\SYSWOW64\vxblock.dll
2010-07-15 15:32:01 ----N---- C:\Windows\SYSWOW64\pxwave.dll
2010-07-15 15:32:01 ----N---- C:\Windows\SYSWOW64\pxsfs.dll
2010-07-15 15:32:01 ----N---- C:\Windows\SYSWOW64\pxmas.dll
2010-07-15 15:32:01 ----N---- C:\Windows\SYSWOW64\pxinsi64.exe
2010-07-15 15:32:01 ----N---- C:\Windows\SYSWOW64\pxinsa64.exe
2010-07-15 15:32:01 ----N---- C:\Windows\SYSWOW64\pxhpinst.exe
2010-07-15 15:32:01 ----N---- C:\Windows\SYSWOW64\pxdrv.dll
2010-07-15 15:32:01 ----N---- C:\Windows\SYSWOW64\pxcpyi64.exe
2010-07-15 15:32:01 ----N---- C:\Windows\SYSWOW64\pxcpya64.exe
2010-07-15 15:32:01 ----N---- C:\Windows\SYSWOW64\pxafs.dll
2010-07-15 15:32:01 ----N---- C:\Windows\SYSWOW64\px.dll
2010-07-15 15:32:01 ----N---- C:\Windows\system32\drivers\PxHlpa64.sys
2010-07-15 15:32:01 ----N---- C:\Windows\system32\drivers\cdralw2k.sys
2010-07-15 15:32:01 ----N---- C:\Windows\system32\drivers\cdr4_xp.sys
2010-07-15 15:31:49 ----A---- C:\Windows\ODBCINST.INI
2010-07-15 01:14:48 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2010-07-15 01:14:25 ----D---- C:\Windows\SYSWOW64\URTTEMP
2010-07-15 01:11:08 ----D---- C:\Program Files (x86)\GCFScape
2010-07-15 00:15:32 ----D---- C:\Users\Frančiak\AppData\Roaming\AnvSoft
2010-07-15 00:06:47 ----D---- C:\ProgramData\GoldWave
2010-07-14 23:32:14 ----D---- C:\Users\Frančiak\AppData\Roaming\Screaming Bee
2010-07-14 23:30:11 ----D---- C:\ProgramData\Screaming Bee
2010-07-14 23:30:11 ----D---- C:\Program Files (x86)\Screaming Bee
2010-07-14 21:19:10 ----N---- C:\Windows\system32\MpSigStub.exe
2010-07-14 21:16:11 ----D---- C:\Users\Frančiak\AppData\Roaming\ICQ
2010-07-14 21:15:41 ----D---- C:\Program Files (x86)\ICQ7.2
2010-07-14 21:11:10 ----D---- C:\ProgramData\ESET
2010-07-14 21:11:10 ----D---- C:\Program Files\ESET
2010-07-14 20:34:32 ----D---- C:\Program Files (x86)\uTorrent
2010-07-14 18:21:14 ----D---- C:\Users\Frančiak\AppData\Roaming\AIMP
2010-07-14 18:21:03 ----D---- C:\Program Files (x86)\AIMP2
2010-07-14 18:12:10 ----D---- C:\ProgramData\Sun
2010-07-14 18:12:00 ----A---- C:\Windows\SYSWOW64\javaws.exe
2010-07-14 18:12:00 ----A---- C:\Windows\SYSWOW64\javaw.exe
2010-07-14 18:12:00 ----A---- C:\Windows\SYSWOW64\java.exe
2010-07-14 18:12:00 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2010-07-14 18:11:55 ----D---- C:\Program Files (x86)\Java
2010-07-14 17:17:45 ----D---- C:\Users\Frančiak\AppData\Roaming\skypePM
2010-07-14 17:17:13 ----D---- C:\Users\Frančiak\AppData\Roaming\Skype
2010-07-14 17:16:56 ----RD---- C:\Program Files (x86)\Skype
2010-07-14 17:16:53 ----D---- C:\ProgramData\Skype
2010-07-14 16:47:08 ----A---- C:\Windows\system32\avgrssta.dll.prepare
2010-07-14 16:47:05 ----D---- C:\Windows\SYSWOW64\drivers\avg
2010-07-11 17:03:27 ----D---- C:\ProgramData\Blizzard Entertainment
2010-07-11 17:02:13 ----D---- C:\ProgramData\Blizzard
2010-07-04 20:47:54 ----D---- C:\Users\Frančiak\AppData\Roaming\IObit
2010-07-04 20:47:54 ----D---- C:\Program Files (x86)\IObit
2010-07-04 20:34:18 ----SHD---- C:\Windows\ftpcache
2010-07-02 13:18:37 ----A---- C:\Windows\SYSWOW64\wbhelp2.dll
2010-07-02 13:18:37 ----A---- C:\Windows\SYSWOW64\unicows.dll
2010-07-02 13:18:36 ----A---- C:\Windows\SYSWOW64\W95INF32.DLL
2010-07-02 13:18:36 ----A---- C:\Windows\SYSWOW64\W95INF16.DLL
2010-07-02 13:18:36 ----A---- C:\Windows\SYSWOW64\gdiplus.dll
2010-07-02 13:18:36 ----A---- C:\Windows\SYSWOW64\anim.dll

======List of files/folders modified in the last 1 months======

2010-08-01 21:09:57 ----D---- C:\Windows\Temp
2010-08-01 21:09:57 ----D---- C:\Windows\Prefetch
2010-08-01 21:09:51 ----RD---- C:\Program Files
2010-08-01 20:27:06 ----RD---- C:\Program Files (x86)
2010-08-01 20:27:06 ----HD---- C:\ProgramData
2010-08-01 19:50:25 ----D---- C:\Windows\system32\config
2010-08-01 19:33:49 ----D---- C:\Windows\debug
2010-08-01 19:33:49 ----D---- C:\Windows
2010-08-01 19:17:47 ----A---- C:\Windows\win.ini
2010-08-01 19:17:31 ----SHD---- C:\Windows\Installer
2010-08-01 19:17:30 ----SHD---- C:\Config.Msi
2010-08-01 19:16:44 ----SHD---- C:\System Volume Information
2010-08-01 17:18:49 ----D---- C:\Windows\System32
2010-08-01 17:18:46 ----D---- C:\Windows\system32\DriverStore
2010-08-01 17:18:45 ----D---- C:\Windows\inf
2010-08-01 17:04:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-01 03:19:28 ----D---- C:\Windows\winsxs
2010-08-01 03:01:24 ----D---- C:\Windows\SYSWOW64\cs-CZ
2010-08-01 03:01:24 ----D---- C:\Windows\SysWOW64
2010-08-01 03:01:24 ----D---- C:\Windows\system32\drivers
2010-08-01 03:01:24 ----D---- C:\Windows\system32\cs-CZ
2010-08-01 03:01:24 ----D---- C:\Windows\ehome
2010-08-01 03:01:24 ----D---- C:\Windows\AppPatch
2010-08-01 03:01:24 ----D---- C:\Program Files\Internet Explorer
2010-08-01 03:01:24 ----D---- C:\Program Files (x86)\Internet Explorer
2010-08-01 02:19:53 ----D---- C:\Windows\system32\catroot2
2010-08-01 02:18:17 ----D---- C:\Users\Frančiak\AppData\Roaming\uTorrent
2010-08-01 00:30:19 ----D---- C:\Windows\system32\Tasks
2010-08-01 00:30:13 ----D---- C:\Program Files (x86)\Common Files
2010-07-28 15:07:28 ----D---- C:\Users\Frančiak\AppData\Roaming\HpUpdate
2010-07-27 13:43:08 ----D---- C:\Windows\Tasks
2010-07-27 13:34:18 ----D---- C:\Users\Frančiak\AppData\Roaming\vlc
2010-07-26 15:24:05 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-07-23 23:18:32 ----SD---- C:\Users\Frančiak\AppData\Roaming\Microsoft
2010-07-23 19:40:08 ----RSD---- C:\Windows\assembly
2010-07-23 19:39:14 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2010-07-22 20:51:35 ----D---- C:\Windows\system32\catroot
2010-07-21 14:41:02 ----D---- C:\Program Files (x86)\Hp
2010-07-20 00:21:36 ----D---- C:\Users\Frančiak\AppData\Roaming\Adobe
2010-07-18 09:46:24 ----RSD---- C:\Windows\Fonts
2010-07-18 00:59:55 ----D---- C:\Program Files\Common Files\Adobe
2010-07-18 00:55:57 ----D---- C:\Program Files (x86)\Adobe
2010-07-18 00:55:19 ----D---- C:\ProgramData\Adobe
2010-07-16 18:48:01 ----D---- C:\Windows\rescache
2010-07-16 18:04:26 ----D---- C:\Windows\Microsoft.NET
2010-07-16 16:49:29 ----D---- C:\ProgramData\NVIDIA
2010-07-16 16:37:12 ----D---- C:\Windows\Logs
2010-07-16 14:25:07 ----D---- C:\Program Files\Windows Media Player
2010-07-16 14:25:07 ----D---- C:\Program Files\Windows Mail
2010-07-16 14:25:07 ----D---- C:\Program Files (x86)\Windows Media Player
2010-07-16 14:25:07 ----D---- C:\Program Files (x86)\Windows Mail
2010-07-16 14:25:02 ----D---- C:\Windows\SYSWOW64\migration
2010-07-16 14:25:02 ----D---- C:\Windows\system32\migration
2010-07-16 13:49:39 ----D---- C:\Windows\SoftwareDistribution
2010-07-16 13:32:57 ----A---- C:\Windows\system32\user32.dll
2010-07-15 20:55:07 ----D---- C:\Users\Frančiak\AppData\Roaming\dvdcss
2010-07-15 15:49:04 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2010-07-15 11:53:19 ----D---- C:\Windows\Downloaded Program Files
2010-07-15 11:48:01 ----D---- C:\Windows\system32\wdi
2010-07-15 01:15:10 ----D---- C:\Windows\Registration
2010-07-15 00:04:57 ----SD---- C:\ProgramData\Microsoft
2010-07-14 21:18:36 ----D---- C:\Windows\SYSWOW64\drivers
2010-07-14 19:44:41 ----D---- C:\Program Files (x86)\Opera
2010-07-12 11:08:58 ----D---- C:\Windows\system32\NDF
2010-07-02 05:07:29 ----D---- C:\Windows\tracing

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2010-07-15 52856]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-04-28 139704]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-03-15 85424]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-06-24 166984]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-04-28 124760]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-07-17 33344]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2005-03-29 8192]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2009-07-14 11264]
R3 ScreamBAudioSvc;ScreamBee Audio; C:\Windows\system32\drivers\ScreamingBAudio64.sys [2009-11-26 38992]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgx64bus.sys [2008-11-11 17920]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgx64diag.sys [2008-11-11 27136]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgx64modem.sys [2008-11-11 33792]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-07-02 810144]
R2 gameupdater;Game Updater; C:\Program Files (x86)\Common Files\Game Updater\gameupdater.exe [2008-10-23 641024]
R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-04-03 159336]
R2 TeamViewer5;TeamViewer 5; C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-17 136176]
S2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-07-02 42360]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-07-15 654848]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-06-17 395048]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-16 1255736]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

#4 Příspěvek od **Rudy** » 01 srp 2010 20:42

Stáhněte bootkit remover: http://www.esagelab.com/files/bootkit_remover.rar . Rozbalte na plochu a spusťte. Klikněte pravým tlačítkem do černého okna a zvolte "Vybrat vše". Klikněte na enter, tím se Vám log zkopíroval do schránky a vložte ho sem.

Michal747 · #5 Příspěvek od **Michal747** » 01 srp 2010 21:40

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.1.0.0
OS Version: Microsoft Windows 7 Ultimate Edition (build 7600), 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;
Press any key to quit...

#6 Příspěvek od **Rudy** » 01 srp 2010 21:50

Podle tohoto máte bootsektor čistý. Stáhněte ještě OTL: http://oldtimer.geekstogo.com/OTL.exe a klikněte na tlačítko "Prohledat". Výsledný log sem zkopírujte.

Michal747 · #7 Příspěvek od **Michal747** » 02 srp 2010 00:01

OTL logfile created on: 2.8.2010 0:57:37 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Frančiak\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 41,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,22 Gb Total Space | 24,02 Gb Free Space | 32,36% Space Free | Partition Type: NTFS
Drive D: | 391,54 Gb Total Space | 140,87 Gb Free Space | 35,98% Space Free | Partition Type: NTFS
Drive E: | 3,23 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 983,72 Mb Total Space | 980,95 Mb Free Space | 99,72% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FRANČIAK-PC
Current User Name: Frančiak
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.08.02 00:57:25 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Frančiak\Desktop\OTL.exe
PRC - [2010.07.23 02:19:59 | 007,393,944 | ---- | M] (Blizzard Entertainment) -- D:\Program Files (x86)\World of Warcraft\Wow.exe
PRC - [2010.07.06 17:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010.07.02 12:43:40 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2010.06.30 14:52:22 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2008.10.23 18:50:44 | 000,641,024 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Common Files\Game Updater\gameupdater.exe
PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2003.04.09 18:21:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
PRC - [2003.04.09 18:11:12 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

========== Modules (SafeList) ==========

MOD - [2010.08.02 00:57:25 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Frančiak\Desktop\OTL.exe
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010.07.02 12:44:10 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2010.07.02 12:43:40 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009.07.14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009.07.14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010.07.15 15:33:42 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.07.06 17:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.06.17 09:19:45 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.14 03:16:19 | 000,348,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008.10.23 18:50:44 | 000,641,024 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\Common Files\Game Updater\gameupdater.exe -- (gameupdater)
SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2006.10.27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010.07.17 23:14:50 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2010.07.15 15:31:56 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.06.24 09:04:14 | 000,166,984 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010.04.28 08:17:46 | 000,139,704 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010.04.28 08:17:46 | 000,124,760 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009.11.26 00:05:28 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009.07.14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009.07.14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009.07.14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009.07.14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009.07.14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008.11.11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008.11.11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=13170&l=dis
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.07.14 21:11:11 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010.08.01 02:25:51 | 000,000,921 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 genuine.microsoft.com
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 sls.microsoft.com
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O4 - HKCU..\Run: [Steam] d:\program files\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Frančiak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ca0a6aac-84ed-11df-9278-002618826ed9}\Shell - "" = AutoRun
O33 - MountPoints2\{ca0a6aac-84ed-11df-9278-002618826ed9}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.08.02 00:57:20 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Frančiak\Desktop\OTL.exe
[2010.08.01 21:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.08.01 20:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.08.01 20:27:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.08.01 19:32:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.08.01 02:25:51 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\systemcpl.dll
[2010.08.01 02:25:51 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sppcomapi.dll
[2010.08.01 00:30:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.07.31 18:20:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Game Updater
[2010.07.28 17:43:39 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\Documents\StarCraft II
[2010.07.27 20:18:41 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\Desktop\Autoclicker (CZ)
[2010.07.24 22:50:57 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\AppData\Local\Deployment
[2010.07.24 22:50:57 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\AppData\Local\Apps
[2010.07.23 23:13:11 | 000,000,000 | --SD | C] -- C:\Program Files (x86)\HLSW
[2010.07.23 23:13:11 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\AppData\Roaming\HLSW
[2010.07.23 19:40:43 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2010.07.23 19:40:43 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2010.07.23 19:40:43 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2010.07.23 19:40:43 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2010.07.23 19:40:43 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010.07.23 19:40:43 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2010.07.23 19:40:43 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010.07.23 19:40:43 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2010.07.23 19:40:42 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2010.07.23 19:40:42 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010.07.23 19:40:41 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2010.07.23 19:40:41 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2010.07.23 19:40:41 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2010.07.23 19:40:40 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2010.07.23 19:40:40 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2010.07.23 19:40:40 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010.07.23 19:40:40 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010.07.23 19:40:40 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2010.07.23 19:40:40 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2010.07.23 19:40:39 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2010.07.23 19:40:37 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010.07.23 19:40:37 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010.07.23 19:40:33 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2010.07.23 19:40:33 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2010.07.23 19:40:33 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2010.07.23 19:40:33 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2010.07.23 15:10:31 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\Desktop\WoW Emu Hacker
[2010.07.22 23:47:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2010.07.22 20:13:29 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\Documents\BattleForge
[2010.07.22 20:13:03 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2010.07.22 20:13:03 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2010.07.22 20:13:03 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2010.07.22 20:13:03 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2010.07.22 16:44:09 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\Documents\Rockstar Games
[2010.07.22 16:39:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010.07.22 16:35:06 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2010.07.22 16:35:06 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Msvcr71.dll
[2010.07.22 16:28:31 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010.07.22 16:27:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2010.07.22 16:27:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010.07.22 16:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2010.07.22 14:12:31 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\AppData\Roaming\NVIDIA
[2010.07.22 14:12:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2010.07.22 14:12:19 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\AppData\Local\Downloaded Installations
[2010.07.22 14:12:18 | 000,000,000 | ---D | C] -- C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
[2010.07.22 14:12:10 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2010.07.22 14:12:10 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2010.07.22 14:12:10 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2010.07.22 14:12:10 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2010.07.22 14:12:10 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2010.07.22 14:12:10 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2010.07.22 14:12:07 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010.07.22 14:12:07 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010.07.22 14:12:07 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2010.07.22 14:12:07 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010.07.22 14:12:05 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2010.07.22 14:12:05 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010.07.21 11:43:12 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\AppData\Roaming\Ubisoft
[2010.07.21 11:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2010.07.18 15:08:20 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\AppData\Local\ESET
[2010.07.18 13:19:28 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\Documents\CAPCOM
[2010.07.18 13:19:28 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\AppData\Local\CAPCOM
[2010.07.18 00:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010.07.17 23:29:45 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\AppData\Roaming\My Battle for Middle-earth(tm) II Files
[2010.07.17 23:14:50 | 000,033,344 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys
[2010.07.17 23:04:00 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2010.07.17 22:45:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2010.07.17 21:27:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QS
[2010.07.17 21:12:21 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\AppData\Roaming\Hamachi
[2010.07.17 21:12:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hamachi
[2010.07.17 14:14:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010.07.16 23:35:08 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\Documents\ICQ
[2010.07.16 16:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010.07.16 13:53:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010.07.16 13:52:39 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010.07.16 13:52:39 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010.07.16 13:52:39 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010.07.16 13:52:39 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010.07.16 13:52:39 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010.07.16 13:52:39 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010.07.16 13:52:39 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010.07.16 13:52:39 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010.07.16 13:52:21 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010.07.16 13:49:00 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010.07.16 13:49:00 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010.07.16 13:48:57 | 014,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010.07.16 13:48:55 | 011,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010.07.16 13:48:53 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2010.07.16 13:48:53 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2010.07.16 13:48:52 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010.07.16 13:48:52 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010.07.16 13:48:51 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010.07.16 13:48:51 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010.07.16 13:48:50 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010.07.16 13:48:49 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.07.16 13:48:49 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010.07.16 13:48:48 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010.07.16 13:48:38 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.07.16 13:48:38 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010.07.16 13:48:38 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010.07.16 13:48:36 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010.07.16 13:48:35 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010.07.16 13:48:35 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010.07.16 13:48:35 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010.07.16 13:48:33 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010.07.16 13:48:33 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010.07.16 13:48:33 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010.07.16 13:48:33 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010.07.16 13:48:29 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010.07.16 13:48:29 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010.07.16 13:48:28 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2010.07.16 13:48:25 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010.07.16 13:47:57 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.07.16 13:47:57 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.07.16 13:47:57 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010.07.16 13:47:57 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010.07.16 13:47:57 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.07.16 13:47:57 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.07.16 13:32:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010.07.16 13:32:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010.07.15 20:29:25 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\AppData\Roaming\TeamViewer
[2010.07.15 16:32:34 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.07.15 15:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010.07.15 15:33:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2010.07.15 15:32:01 | 001,628,920 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxsfs.dll
[2010.07.15 15:32:01 | 000,547,576 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\px.dll
[2010.07.15 15:32:01 | 000,510,712 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxdrv.dll
[2010.07.15 15:32:01 | 000,379,640 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxwave.dll
[2010.07.15 15:32:01 | 000,187,128 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxmas.dll
[2010.07.15 15:32:01 | 000,129,784 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxafs.dll
[2010.07.15 15:32:01 | 000,118,520 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxinsi64.exe
[2010.07.15 15:32:01 | 000,116,472 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxcpyi64.exe
[2010.07.15 15:32:01 | 000,072,440 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxhpinst.exe
[2010.07.15 15:32:01 | 000,064,760 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxinsa64.exe
[2010.07.15 15:32:01 | 000,064,760 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxcpya64.exe
[2010.07.15 15:32:01 | 000,052,856 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2010.07.15 15:32:01 | 000,039,672 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\vxblock.dll
[2010.07.15 15:32:01 | 000,010,488 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys
[2010.07.15 15:32:01 | 000,010,488 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys
[2010.07.15 01:17:53 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\AppData\Local\ApplicationHistory
[2010.07.15 01:14:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2010.07.15 01:11:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GCFScape
[2010.07.15 00:15:38 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\Documents\Any Audio Converter
[2010.07.15 00:15:32 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\AppData\Roaming\AnvSoft
[2010.07.15 00:06:47 | 000,000,000 | ---D | C] -- C:\ProgramData\GoldWave
[2010.07.14 23:32:14 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\AppData\Roaming\Screaming Bee
[2010.07.14 23:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Screaming Bee
[2010.07.14 23:30:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Screaming Bee
[2010.07.14 22:14:17 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\AppData\Local\AskToolbar
[2010.07.14 21:16:11 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\AppData\Roaming\ICQ
[2010.07.14 21:16:10 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\AppData\Local\AOL
[2010.07.14 21:15:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.2
[2010.07.14 21:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2010.07.14 21:11:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.07.14 20:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010.07.14 18:21:14 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\AppData\Roaming\AIMP
[2010.07.14 18:21:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIMP2
[2010.07.14 18:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.07.14 18:12:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.07.14 18:12:00 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010.07.14 18:12:00 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.07.14 18:12:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.07.14 18:12:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.07.14 18:11:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010.07.14 17:17:45 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\AppData\Roaming\skypePM
[2010.07.14 17:17:13 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\AppData\Roaming\Skype
[2010.07.14 17:16:56 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010.07.14 17:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.07.14 16:59:27 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\AppData\Local\Google
[2010.07.14 16:47:08 | 000,012,976 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll.prepare
[2010.07.14 16:47:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\avg
[2010.07.11 17:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010.07.11 17:03:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010.07.11 17:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010.07.08 00:14:36 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\Documents\id Software
[2010.07.04 21:33:54 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\AppData\Local\id Software
[2010.07.04 20:47:54 | 000,000,000 | ---D | C] -- C:\Users\Frančiak\AppData\Roaming\IObit
[2010.07.04 20:47:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2010.07.04 20:34:18 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.08.02 00:59:33 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.02 00:59:33 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.02 00:59:24 | 003,145,728 | -HS- | M] () -- C:\Users\Frančiak\NTUSER.DAT
[2010.08.02 00:57:25 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Frančiak\Desktop\OTL.exe
[2010.08.02 00:50:19 | 000,677,479 | ---- | M] () -- C:\Users\Frančiak\Desktop\Bez názvu.jpg
[2010.08.02 00:19:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.02 00:04:01 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2438302395-2160363849-1227002088-1001UA.job
[2010.08.01 20:27:13 | 000,001,276 | ---- | M] () -- C:\Users\Frančiak\Desktop\Spybot - Search & Destroy.lnk
[2010.08.01 20:11:32 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\AWC Update.job
[2010.08.01 19:35:47 | 000,071,798 | ---- | M] () -- C:\Users\Frančiak\Desktop\JavaRa.zip
[2010.08.01 19:32:29 | 000,001,025 | ---- | M] () -- C:\Users\Frančiak\Desktop\CCleaner.lnk
[2010.08.01 19:17:47 | 000,000,562 | ---- | M] () -- C:\Windows\win.ini
[2010.08.01 19:16:58 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.01 19:16:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.01 19:16:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.01 19:16:43 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.01 19:15:49 | 001,978,801 | -H-- | M] () -- C:\Users\Frančiak\AppData\Local\IconCache.db
[2010.08.01 17:19:15 | 000,001,042 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hp psc 1000 series.lnk
[2010.08.01 17:07:26 | 000,532,980 | ---- | M] () -- C:\Users\Frančiak\Documents\gh.xps
[2010.08.01 17:05:00 | 000,631,116 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2010.08.01 17:05:00 | 000,615,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.08.01 17:05:00 | 000,123,556 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2010.08.01 17:05:00 | 000,107,396 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.08.01 17:04:59 | 001,473,274 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.08.01 17:04:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2438302395-2160363849-1227002088-1001Core.job
[2010.08.01 02:25:53 | 000,002,048 | ---- | M] () -- C:\Windows\SysWow64\winver.exe
[2010.08.01 02:25:52 | 000,410,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\systemcpl.dll
[2010.08.01 02:25:51 | 000,113,543 | ---- | M] () -- C:\Windows\SysWow64\slmgr.vbs
[2010.08.01 02:25:51 | 000,001,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\sppcomapi.dll
[2010.08.01 02:07:37 | 000,007,605 | ---- | M] () -- C:\Users\Frančiak\AppData\Local\Resmon.ResmonCfg
[2010.08.01 00:30:14 | 000,002,533 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.08.01 00:24:01 | 000,012,279 | ---- | M] () -- C:\Users\Frančiak\Desktop\UnitFrame.jpg
[2010.08.01 00:03:41 | 001,676,057 | ---- | M] () -- C:\Windows\WANEUninstaller.exe
[2010.08.01 00:03:40 | 000,000,930 | ---- | M] () -- C:\Users\Frančiak\Desktop\Worms Armageddon.lnk
[2010.07.30 22:48:03 | 000,433,130 | ---- | M] () -- C:\Users\Frančiak\Desktop\lock.jpg
[2010.07.29 11:04:37 | 000,002,435 | ---- | M] () -- C:\Users\Frančiak\Desktop\Google Chrome.lnk
[2010.07.28 17:57:31 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010.07.28 03:46:49 | 000,235,626 | ---- | M] () -- C:\Users\Frančiak\Desktop\FOR TUROK.rar
[2010.07.28 02:04:01 | 000,014,632 | ---- | M] () -- C:\Default.plc
[2010.07.24 22:51:51 | 000,000,000 | ---- | M] () -- C:\Users\Frančiak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010.07.24 22:51:24 | 000,000,312 | ---- | M] () -- C:\Users\Frančiak\Desktop\Curse Client.appref-ms
[2010.07.24 17:05:28 | 000,724,407 | ---- | M] () -- C:\Users\Frančiak\Desktop\Nová složka (2).rar
[2010.07.23 23:13:20 | 000,000,969 | ---- | M] () -- C:\Users\Frančiak\Desktop\HLSW.lnk
[2010.07.23 17:46:40 | 000,079,078 | ---- | M] () -- C:\Users\Frančiak\Desktop\Transformers.War.For.Cybertron-RELOADED-[tracker.BTARENA.org].is.5647306.TPB.torrent
[2010.07.23 02:21:43 | 000,000,740 | ---- | M] () -- C:\Users\Frančiak\Desktop\World of Warcraft.lnk
[2010.07.22 23:27:49 | 000,233,559 | ---- | M] () -- C:\Users\Frančiak\Desktop\steam_v42_3.rar
[2010.07.22 20:11:59 | 086,605,312 | ---- | M] () -- C:\Users\Frančiak\Desktop\BattleForgeInstall.exe
[2010.07.22 16:35:06 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2010.07.22 16:35:06 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Msvcr71.dll
[2010.07.22 16:28:31 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010.07.22 00:12:09 | 000,051,197 | ---- | M] () -- C:\Users\Frančiak\Desktop\Water bomb.jpg
[2010.07.21 19:56:40 | 000,001,398 | ---- | M] () -- C:\Users\Frančiak\Desktop\Total Commander.lnk
[2010.07.20 00:37:44 | 001,620,054 | ---- | M] () -- C:\MY SPRAY.bmp
[2010.07.20 00:35:13 | 000,262,162 | ---- | M] () -- C:\MY SPRAY.tga
[2010.07.20 00:30:37 | 000,355,192 | ---- | M] () -- C:\ja.JPG
[2010.07.18 15:27:26 | 000,000,632 | ---- | M] () -- C:\Windows\CoD.INI
[2010.07.17 23:14:50 | 000,033,344 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys
[2010.07.17 23:14:50 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\hamachi.lnk
[2010.07.17 22:45:44 | 000,001,180 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010.07.17 14:15:50 | 000,002,302 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.07.16 14:26:43 | 005,142,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.07.16 13:32:57 | 001,008,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2010.07.15 15:55:24 | 000,143,456 | ---- | M] () -- C:\spray.jpg
[2010.07.15 15:51:45 | 000,140,958 | ---- | M] () -- C:\ccc.jpg
[2010.07.15 15:47:24 | 000,141,793 | ---- | M] () -- C:\800MW-141 kopie.jpg
[2010.07.15 15:41:32 | 000,119,040 | ---- | M] () -- C:\Users\Frančiak\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.07.15 15:33:34 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 6.0.lnk
[2010.07.15 15:31:57 | 000,010,488 | ---- | M] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys
[2010.07.15 15:31:57 | 000,010,488 | ---- | M] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys
[2010.07.15 15:31:56 | 001,628,920 | ---- | M] (Sonic Solutions) -- C:\Windows\SysWow64\pxsfs.dll
[2010.07.15 15:31:56 | 000,510,712 | ---- | M] (Sonic Solutions) -- C:\Windows\SysWow64\pxdrv.dll
[2010.07.15 15:31:56 | 000,379,640 | ---- | M] (Sonic Solutions) -- C:\Windows\SysWow64\pxwave.dll
[2010.07.15 15:31:56 | 000,187,128 | ---- | M] (Sonic Solutions) -- C:\Windows\SysWow64\pxmas.dll
[2010.07.15 15:31:56 | 000,129,784 | ---- | M] (Sonic Solutions) -- C:\Windows\SysWow64\pxafs.dll
[2010.07.15 15:31:56 | 000,118,520 | ---- | M] (Sonic Solutions) -- C:\Windows\SysWow64\pxinsi64.exe
[2010.07.15 15:31:56 | 000,116,472 | ---- | M] (Sonic Solutions) -- C:\Windows\SysWow64\pxcpyi64.exe
[2010.07.15 15:31:56 | 000,072,440 | ---- | M] (Sonic Solutions) -- C:\Windows\SysWow64\pxhpinst.exe
[2010.07.15 15:31:56 | 000,064,760 | ---- | M] (Sonic Solutions) -- C:\Windows\SysWow64\pxinsa64.exe
[2010.07.15 15:31:56 | 000,064,760 | ---- | M] (Sonic Solutions) -- C:\Windows\SysWow64\pxcpya64.exe
[2010.07.15 15:31:56 | 000,052,856 | ---- | M] (Sonic Solutions) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2010.07.15 15:31:55 | 000,547,576 | ---- | M] (Sonic Solutions) -- C:\Windows\SysWow64\px.dll
[2010.07.15 15:31:55 | 000,039,672 | ---- | M] (Sonic Solutions) -- C:\Windows\SysWow64\vxblock.dll
[2010.07.15 15:31:49 | 000,000,209 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2010.07.15 13:19:32 | 000,688,115 | ---- | M] () -- C:\Users\Frančiak\Desktop\sss.jpg
[2010.07.15 01:17:54 | 000,000,096 | ---- | M] () -- C:\Users\Frančiak\AppData\Local\fusioncache.dat
[2010.07.15 01:14:51 | 001,496,428 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.07.14 21:16:35 | 000,001,842 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.2.lnk
[2010.07.14 20:34:35 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010.07.14 19:44:42 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.07.14 19:03:46 | 000,000,213 | ---- | M] () -- C:\Users\Frančiak\Desktop\Counter-Strike Source.url
[2010.07.14 18:21:04 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AIMP2.lnk
[2010.07.14 18:11:56 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010.07.14 18:11:56 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.07.14 18:11:56 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.07.14 18:11:56 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.07.14 17:17:45 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.07.14 16:47:08 | 000,012,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll.prepare
[2010.07.09 19:07:11 | 000,000,264 | ---- | M] () -- C:\VirtualDJ Local Database v6.xml
[2010.07.04 20:47:58 | 000,001,195 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.08.01 20:27:13 | 000,001,276 | ---- | C] () -- C:\Users\Frančiak\Desktop\Spybot - Search & Destroy.lnk
[2010.08.01 19:35:47 | 000,071,798 | ---- | C] () -- C:\Users\Frančiak\Desktop\JavaRa.zip
[2010.08.01 19:32:29 | 000,001,025 | ---- | C] () -- C:\Users\Frančiak\Desktop\CCleaner.lnk
[2010.08.01 17:19:15 | 000,001,042 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hp psc 1000 series.lnk
[2010.08.01 17:07:25 | 000,532,980 | ---- | C] () -- C:\Users\Frančiak\Documents\gh.xps
[2010.08.01 02:25:51 | 000,113,543 | ---- | C] () -- C:\Windows\SysWow64\slmgr.vbs
[2010.08.01 02:25:51 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\winver.exe
[2010.08.01 02:07:37 | 000,007,605 | ---- | C] () -- C:\Users\Frančiak\AppData\Local\Resmon.ResmonCfg
[2010.08.01 00:24:29 | 000,677,479 | ---- | C] () -- C:\Users\Frančiak\Desktop\Bez názvu.jpg
[2010.08.01 00:24:01 | 000,012,279 | ---- | C] () -- C:\Users\Frančiak\Desktop\UnitFrame.jpg
[2010.08.01 00:03:40 | 001,676,057 | ---- | C] () -- C:\Windows\WANEUninstaller.exe
[2010.08.01 00:03:40 | 000,000,930 | ---- | C] () -- C:\Users\Frančiak\Desktop\Worms Armageddon.lnk
[2010.07.30 22:48:03 | 000,433,130 | ---- | C] () -- C:\Users\Frančiak\Desktop\lock.jpg
[2010.07.28 17:43:39 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010.07.28 02:04:01 | 000,014,632 | ---- | C] () -- C:\Default.plc
[2010.07.27 20:16:55 | 000,235,626 | ---- | C] () -- C:\Users\Frančiak\Desktop\FOR TUROK.rar
[2010.07.24 22:51:51 | 000,000,000 | ---- | C] () -- C:\Users\Frančiak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010.07.24 22:51:24 | 000,000,312 | ---- | C] () -- C:\Users\Frančiak\Desktop\Curse Client.appref-ms
[2010.07.24 17:05:28 | 000,724,407 | ---- | C] () -- C:\Users\Frančiak\Desktop\Nová složka (2).rar
[2010.07.23 23:13:20 | 000,000,969 | ---- | C] () -- C:\Users\Frančiak\Desktop\HLSW.lnk
[2010.07.23 17:46:40 | 000,079,078 | ---- | C] () -- C:\Users\Frančiak\Desktop\Transformers.War.For.Cybertron-RELOADED-[tracker.BTARENA.org].is.5647306.TPB.torrent
[2010.07.22 23:51:40 | 000,000,740 | ---- | C] () -- C:\Users\Frančiak\Desktop\World of Warcraft.lnk
[2010.07.22 23:27:49 | 000,233,559 | ---- | C] () -- C:\Users\Frančiak\Desktop\steam_v42_3.rar
[2010.07.22 20:10:38 | 086,605,312 | ---- | C] () -- C:\Users\Frančiak\Desktop\BattleForgeInstall.exe
[2010.07.22 00:12:09 | 000,051,197 | ---- | C] () -- C:\Users\Frančiak\Desktop\Water bomb.jpg
[2010.07.20 22:36:11 | 000,001,398 | ---- | C] () -- C:\Users\Frančiak\Desktop\Total Commander.lnk
[2010.07.20 00:37:44 | 001,620,054 | ---- | C] () -- C:\MY SPRAY.bmp
[2010.07.20 00:33:43 | 000,262,162 | ---- | C] () -- C:\MY SPRAY.tga
[2010.07.20 00:30:36 | 000,355,192 | ---- | C] () -- C:\ja.JPG
[2010.07.18 15:27:26 | 000,000,632 | ---- | C] () -- C:\Windows\CoD.INI
[2010.07.17 23:14:50 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\hamachi.lnk
[2010.07.17 22:45:44 | 000,001,180 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010.07.17 14:15:50 | 000,002,302 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.07.17 14:14:17 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.17 14:14:16 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.15 15:55:20 | 000,143,456 | ---- | C] () -- C:\spray.jpg
[2010.07.15 15:51:36 | 000,140,958 | ---- | C] () -- C:\ccc.jpg
[2010.07.15 15:47:17 | 000,141,793 | ---- | C] () -- C:\800MW-141 kopie.jpg
[2010.07.15 15:33:34 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 6.0.lnk
[2010.07.15 13:19:32 | 000,688,115 | ---- | C] () -- C:\Users\Frančiak\Desktop\sss.jpg
[2010.07.15 01:17:54 | 000,000,096 | ---- | C] () -- C:\Users\Frančiak\AppData\Local\fusioncache.dat
[2010.07.15 01:14:48 | 001,496,428 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.07.14 21:16:35 | 000,001,842 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.2.lnk
[2010.07.14 20:34:35 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010.07.14 19:03:46 | 000,000,213 | ---- | C] () -- C:\Users\Frančiak\Desktop\Counter-Strike Source.url
[2010.07.14 18:21:04 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\AIMP2.lnk
[2010.07.14 17:17:45 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.07.14 17:16:56 | 000,002,533 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.07.14 16:59:59 | 000,002,435 | ---- | C] () -- C:\Users\Frančiak\Desktop\Google Chrome.lnk
[2010.07.14 16:59:29 | 000,000,974 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2438302395-2160363849-1227002088-1001UA.job
[2010.07.14 16:59:28 | 000,000,922 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2438302395-2160363849-1227002088-1001Core.job
[2010.07.10 21:09:51 | 853,548,858 | ---- | C] () -- C:\Users\Frančiak\Desktop\Rok.jedna.2009.DVDRip.XviD.CZ.by.Baresi.of.SU.avi
[2010.07.10 20:05:56 | 732,444,672 | ---- | C] () -- C:\Users\Frančiak\Desktop\Lucerna aneb boj o lípu.avi
[2010.07.09 19:07:11 | 000,000,264 | ---- | C] () -- C:\VirtualDJ Local Database v6.xml
[2010.07.04 20:49:32 | 000,000,418 | ---- | C] () -- C:\Windows\tasks\AWC Update.job
[2010.07.04 20:47:58 | 000,001,195 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2010.06.25 08:50:12 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.06.20 17:51:54 | 000,007,867 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008.10.28 17:40:48 | 000,173,552 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
[2005.10.14 11:56:48 | 003,223,552 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2005.10.14 11:56:48 | 000,540,672 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2005.10.14 11:56:48 | 000,266,240 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2005.10.14 11:56:48 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2005.10.14 11:56:48 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\MMSwitch.dll
< End of report >

#8 Příspěvek od **Rudy** » 02 srp 2010 17:19

Ani zde nic nevidím, kromě adwaru AskBar (odinstalujte). Zkusíme ještě mbr: http://www2.gmer.net/mbr/mbr.exe . Uložte soubor do C:\windows. Pak Start>spustit>(napsat) cmd>OK. Otevře se okno příkazové řádky do něhož postupně zadejte:

cd c:\windows a stisknete >Enter< (cmd vypíše C:\windows)
pak zadáte mbr.exe -f a opět >Enter<

Dostanete log, který sem zkopírujte.

Michal747 · #9 Příspěvek od **Michal747** » 02 srp 2010 17:38

Microsoft Windows [Verze 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. Všechna práva vyhrazena.

C:\Users\Frančiak>cd c:\windows

c:\Windows>mbr.exe -f
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: error reading MBR

#10 Příspěvek od **Rudy** » 02 srp 2010 17:39

Je to podivné, ale bootvirus v PC nemáte.

Michal747 · #11 Příspěvek od **Michal747** » 02 srp 2010 19:44

Hmmm, a nevite o lepsim antivirusu nez eset? Avg a avast jiste nechci

#12 Příspěvek od **Rudy** » 02 srp 2010 20:10

Kaspersky: http://www.kaspersky.cz/pages/downloads . Je, stejně jako NOD, placený. Z těch free mohu doporučit právě Avast, nebo Aviru. NOD ovšem poovažuji za solidní aplikaci.

#13 Příspěvek od **Rudy** » 02 srp 2010 21:17

Zkuste ještě jednou spustit MBR stejným způsobem, ale v nouz. režimu.

VIRY.CZ

BOOT virus

BOOT virus

Re: BOOT virus

Re: BOOT virus

Re: BOOT virus

Re: BOOT virus

Re: BOOT virus

Re: BOOT virus

Re: BOOT virus

Re: BOOT virus

Re: BOOT virus

Re: BOOT virus

Re: BOOT virus

Re: BOOT virus