preventívka

Zpráva

martin195 · #1 Příspěvek od **martin195** » 30 črc 2010 09:57

prosím o preventívnu kontrolu, dakujem

Logfile of random's system information tool 1.06 (written by random/random)
Run by Martin at 2010-07-30 10:55:16
Microsoft Windows 7 Ultimate Service Pack 2
System drive D: has 9 GB (17%) free of 52 GB
Total RAM: 3583 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:24, on 30. 7. 2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
E:\Program Files\Speed Typing [Windows 7]\STyping.exe
D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
D:\Program Files (x86)\IObitBar\toolbar\1.bin\i0brmon.exe
D:\Program Files (x86)\Opera\opera.exe
H:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Users\Martin\Desktop\Iné ikony\RSIT.exe
D:\Program Files (x86)\trend micro\Martin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://results.myway.com/default.jhtml? ... E0E521A9BA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {7757CBCC-0975-4b79-A519-90B142CA3A23} - D:\Program Files (x86)\IObitBar\toolbar\1.bin\i0SrcAs.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - D:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Toolbar BHO - {EFA17361-CDC0-4927-9AFC-BAAD1F96B2AE} - D:\Program Files (x86)\IObitBar\toolbar\1.bin\i0bar.dll
O3 - Toolbar: IObit Toolbar - {EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} - D:\Program Files (x86)\IObitBar\toolbar\1.bin\i0bar.dll
O4 - HKLM\..\Run: [Standby] "D:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
O4 - HKLM\..\Run: [IObitBar Browser Plugin Loader] D:\PROGRA~2\IObitBar\toolbar\1.bin\i0brmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Speed Typing] "E:\Program Files\Speed Typing [Windows 7]\STyping.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://D:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://D:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - D:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - D:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - D:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IObit Toolbar Service (IObitBarService) - IObit - D:\PROGRA~2\IObitBar\toolbar\1.bin\i0barsvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - D:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - D:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - D:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - D:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - D:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - D:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - D:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - D:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - D:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - D:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - D:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - D:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7220 bytes

======Scheduled tasks folder======

D:\Windows\tasks\AWC Update.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - D:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll [2009-08-05 113512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v sieti Windows Live - D:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-03-02 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFA17361-CDC0-4927-9AFC-BAAD1F96B2AE}]
Toolbar BHO - D:\Program Files (x86)\IObitBar\toolbar\1.bin\i0bar.dll [2010-07-20 638976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} - IObit Toolbar - D:\Program Files (x86)\IObitBar\toolbar\1.bin\i0bar.dll [2010-07-20 638976]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Standby"=D:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe [2010-01-07 105632]
"IObitBar Browser Plugin Loader"=D:\PROGRA~2\IObitBar\toolbar\1.bin\i0brmon.exe [2010-07-20 20480]
"QuickTime Task"=D:\Program Files (x86)\QuickTime\QTTask.exe [2010-03-17 421888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=D:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"Speed Typing"=E:\Program Files\Speed Typing [Windows 7]\STyping.exe [2002-12-12 101376]
"DAEMON Tools Lite"=D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2215ea3b-253c-11df-9d15-806e6f6e6963}]
shell\AutoRun\command - F:\ppk.exe
shell\readme\command - notepad cti_mne.txt

======File associations======

.js - edit - D:\Windows\System32\Notepad.exe %1
.js - open - D:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-07-23 14:01:34 ----D---- D:\ProgramData\Apple Computer
2010-07-23 14:01:34 ----D---- D:\Program Files (x86)\QuickTime
2010-07-23 14:00:45 ----D---- D:\Program Files (x86)\Common Files\Apple
2010-07-23 14:00:29 ----D---- D:\ProgramData\Apple
2010-07-23 14:00:29 ----D---- D:\Program Files (x86)\Apple Software Update
2010-07-20 13:29:44 ----D---- D:\Program Files (x86)\IObitBar
2010-07-19 13:15:29 ----A---- D:\Windows\system32\tsccvid.dll

======List of files/folders modified in the last 1 months======

2010-07-30 10:55:17 ----D---- D:\Windows\Temp
2010-07-30 10:55:17 ----D---- D:\Program Files (x86)\trend micro
2010-07-30 10:52:59 ----D---- D:\Windows\Prefetch
2010-07-30 10:26:50 ----SHD---- D:\System Volume Information
2010-07-30 10:24:13 ----D---- D:\Users\Martin\AppData\Roaming\Skype
2010-07-30 10:23:09 ----D---- D:\Users\Martin\AppData\Roaming\skypePM
2010-07-30 10:14:42 ----D---- D:\Users\Martin\AppData\Roaming\vlc
2010-07-23 22:18:37 ----D---- D:\Windows\System32
2010-07-23 22:18:36 ----D---- D:\Windows\inf
2010-07-23 14:02:21 ----SHD---- D:\Windows\Installer
2010-07-23 14:02:21 ----HD---- D:\Config.Msi
2010-07-23 14:02:16 ----D---- D:\Program Files (x86)\Internet Explorer
2010-07-23 14:01:34 ----RD---- D:\Program Files (x86)
2010-07-23 14:01:34 ----HD---- D:\ProgramData
2010-07-23 14:01:34 ----D---- D:\Windows\SysWOW64
2010-07-23 14:00:45 ----D---- D:\Program Files (x86)\Common Files
2010-07-23 13:07:00 ----D---- D:\Users\Martin\AppData\Roaming\dvdcss
2010-07-23 11:02:18 ----SD---- D:\Users\Martin\AppData\Roaming\Microsoft
2010-07-20 19:44:38 ----RD---- D:\Program Files
2010-07-20 09:30:10 ----D---- D:\Windows\winsxs
2010-07-19 12:51:06 ----D---- D:\Windows
2010-07-19 10:03:48 ----D---- D:\Program Files (x86)\Common Files\microsoft shared
2010-07-01 18:31:01 ----D---- D:\Program Files (x86)\Opera

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 blbdrive;blbdrive; D:\Windows\system32\DRIVERS\blbdrive.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; D:\Windows\system32\drivers\csc.sys []
R1 DfsC;@%systemroot%\system32\drivers\dfsc.sys,-101; D:\Windows\System32\Drivers\dfsc.sys []
R1 discache;@%systemroot%\system32\drivers\discache.sys,-102; D:\Windows\System32\drivers\discache.sys []
R1 ehdrv;ehdrv; D:\Windows\system32\DRIVERS\ehdrv.sys []
R1 nsiproxy;@%SystemRoot%\system32\drivers\nsiproxy.sys,-2; D:\Windows\system32\drivers\nsiproxy.sys []
R1 RDPENCDD;@%systemroot%\system32\drivers\RDPENCDD.sys,-101; D:\Windows\system32\drivers\rdpencdd.sys []
R1 RDPREFMP;@%systemroot%\system32\drivers\RdpRefMp.sys,-101; D:\Windows\system32\drivers\rdprefmp.sys []
R1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; D:\Windows\system32\DRIVERS\tdx.sys []
R1 Wanarpv6;@%systemroot%\system32\rascfg.dll,-32012; D:\Windows\system32\DRIVERS\wanarp.sys []
R1 WfpLwf;WFP Lightweight Filter; D:\Windows\system32\DRIVERS\wfplwf.sys []
R2 eamonm;eamonm; D:\Windows\system32\DRIVERS\eamonm.sys []
R2 epfwwfpr;epfwwfpr; D:\Windows\system32\DRIVERS\epfwwfpr.sys []
R2 fssfltr;FssFltr; D:\Windows\system32\DRIVERS\fssfltr.sys []
R2 irda;IrDA Protocol; D:\Windows\system32\DRIVERS\irda.sys []
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver; D:\Windows\system32\DRIVERS\lltdio.sys []
R2 luafv;@%systemroot%\system32\drivers\luafv.sys,-100; D:\Windows\system32\drivers\luafv.sys []
R2 PEAUTH;PEAUTH; D:\Windows\system32\drivers\peauth.sys []
R2 rspndr;Link-Layer Topology Discovery Responder; D:\Windows\system32\DRIVERS\rspndr.sys []
R2 tcpipreg;TCP/IP Registry Compatibility; D:\Windows\System32\drivers\tcpipreg.sys []
R3 AmdK8;Ovladač procesoru AMD K8; D:\Windows\system32\DRIVERS\amdk8.sys []
R3 atikmdag;atikmdag; D:\Windows\system32\DRIVERS\atikmdag.sys []
R3 bowser;@%systemroot%\system32\browser.dll,-102; D:\Windows\system32\DRIVERS\bowser.sys []
R3 CompositeBus;Ovladač rozpoznávacího modulu složené sběrnice; D:\Windows\system32\DRIVERS\CompositeBus.sys []
R3 DXGKrnl;LDDM Graphics Subsystem; D:\Windows\System32\drivers\dxgkrnl.sys []
R3 hamachi;Hamachi Network Interface; D:\Windows\system32\DRIVERS\hamachi.sys []
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; D:\Windows\system32\drivers\HdAudio.sys []
R3 HDAudBus;Ovladač sběrnice Microsoft UAA pro zvuk High Definition Audio; D:\Windows\system32\DRIVERS\HDAudBus.sys []
R3 ksthunk;Kernel Streaming Thunks; D:\Windows\system32\drivers\ksthunk.sys []
R3 monitor;Služba ovladače funkce třídy monitorů Microsoft; D:\Windows\system32\DRIVERS\monitor.sys []
R3 mpsdrv;@%SystemRoot%\system32\FirewallAPI.dll,-23092; D:\Windows\System32\drivers\mpsdrv.sys []
R3 mrxsmb10;@%systemroot%\system32\wkssvc.dll,-1004; D:\Windows\system32\DRIVERS\mrxsmb10.sys []
R3 mrxsmb20;@%systemroot%\system32\wkssvc.dll,-1006; D:\Windows\system32\DRIVERS\mrxsmb20.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; D:\Windows\system32\DRIVERS\ASACPI.sys []
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; D:\Windows\system32\DRIVERS\nvm62x64.sys []
R3 RasAgileVpn;WAN Miniport (IKEv2); D:\Windows\system32\DRIVERS\AgileVpn.sys []
R3 RasSstp;@%systemroot%\system32\sstpsvc.dll,-202; D:\Windows\system32\DRIVERS\rassstp.sys []
R3 rdpbus;Remote Desktop Device Redirector Bus Driver; D:\Windows\system32\DRIVERS\rdpbus.sys []
R3 srv2;@%systemroot%\system32\srvsvc.dll,-104; D:\Windows\System32\DRIVERS\srv2.sys []
R3 srvnet;srvnet; D:\Windows\System32\DRIVERS\srvnet.sys []
R3 tssecsrv;@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101; D:\Windows\System32\DRIVERS\tssecsrv.sys []
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver; D:\Windows\system32\DRIVERS\tunnel.sys []
R3 umbus;Ovladač sběrnice UMBus Enumerator; D:\Windows\system32\DRIVERS\umbus.sys []
R3 usbehci;Ovladač miniportu vylepšeného hostitelského řadiče Microsoft USB 2.0; D:\Windows\system32\DRIVERS\usbehci.sys []
R3 usbhub;Ovladač standardního rozbočovače USB; D:\Windows\system32\DRIVERS\usbhub.sys []
R3 usbohci;Ovladač miniportu otevřeného hostitelského řadiče Microsoft USB; D:\Windows\system32\DRIVERS\usbohci.sys []
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; D:\Windows\system32\DRIVERS\USBSTOR.SYS []
R3 WudfPf;User Mode Driver Frameworks Platform Driver; D:\Windows\system32\drivers\WudfPf.sys []
S2 EIO;EIO; \??\D:\Windows\system32\drivers\EIO64.sys []
S3 1394ohci;1394 OHCI Compliant Host Controller; D:\Windows\system32\DRIVERS\1394ohci.sys []
S3 AcpiPmi;ACPI Power Meter Driver; D:\Windows\system32\DRIVERS\acpipmi.sys []
S3 adp94xx;adp94xx; D:\Windows\system32\DRIVERS\adp94xx.sys []
S3 adpahci;adpahci; D:\Windows\system32\DRIVERS\adpahci.sys []
S3 adpu320;adpu320; D:\Windows\system32\DRIVERS\adpu320.sys []
S3 agp440;Intel AGP Bus Filter; D:\Windows\system32\DRIVERS\agp440.sys []
S3 amdide;amdide; D:\Windows\system32\DRIVERS\amdide.sys []
S3 AmdPPM;AMD Processor Driver; D:\Windows\system32\DRIVERS\amdppm.sys []
S3 amdsata;amdsata; D:\Windows\system32\DRIVERS\amdsata.sys []
S3 amdsbs;amdsbs; D:\Windows\system32\DRIVERS\amdsbs.sys []
S3 AppID;@%systemroot%\system32\appidsvc.dll,-102; D:\Windows\system32\drivers\appid.sys []
S3 arc;arc; D:\Windows\system32\DRIVERS\arc.sys []
S3 arcsas;arcsas; D:\Windows\system32\DRIVERS\arcsas.sys []
S3 avs1b9p8;avs1b9p8; D:\Windows\system32\drivers\avs1b9p8.sys []
S3 b06bdrv;Broadcom NetXtreme II VBD; D:\Windows\system32\DRIVERS\bxvbda.sys []
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; D:\Windows\system32\DRIVERS\b57nd60a.sys []
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver; D:\Windows\system32\DRIVERS\BrFiltLo.sys []
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver; D:\Windows\system32\DRIVERS\BrFiltUp.sys []
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM); D:\Windows\System32\Drivers\Brserid.sys []
S3 BrSerWdm;Brother WDM Serial driver; D:\Windows\System32\Drivers\BrSerWdm.sys []
S3 BrUsbMdm;Brother MFC USB Fax Only Modem; D:\Windows\System32\Drivers\BrUsbMdm.sys []
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; D:\Windows\System32\Drivers\BrUsbSer.sys []
S3 BthAudioHF;BthAudioHF Service; D:\Windows\system32\DRIVERS\BthAudioHF.sys []
S3 BthAvrcp;Bluetooth AVRCP Profile; D:\Windows\system32\DRIVERS\BthAvrcp.sys []
S3 BthEnum;Služba Bluetooth Enumerator; D:\Windows\system32\DRIVERS\BthEnum.sys []
S3 BTHMODEM;Ovladač pro komunikaci pomocí modemu Bluetooth; D:\Windows\system32\DRIVERS\bthmodem.sys []
S3 BthPan;Zařízení Bluetooth (síť PAN); D:\Windows\system32\DRIVERS\bthpan.sys []
S3 BTHPORT;Ovladač portu Bluetooth; D:\Windows\System32\Drivers\BTHport.sys []
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; D:\Windows\System32\Drivers\BTHUSB.sys []
S3 circlass;Consumer IR Devices; D:\Windows\system32\DRIVERS\circlass.sys []
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; D:\Windows\system32\DRIVERS\CmBatt.sys []
S3 Compbatt;Compbatt; D:\Windows\system32\DRIVERS\compbatt.sys []
S3 cpuz132;cpuz132; \??\D:\Users\Martin\AppData\Local\Temp\cpuz132\cpuz132_x64.sys []
S3 csr_a2dp;Bluetooth AV Profile; D:\Windows\system32\drivers\bthav.sys []
S3 CX88VID;WinFast CX2388x AvStream Driver; D:\Windows\system32\drivers\cxavsvid.sys []
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD; D:\Windows\system32\DRIVERS\evbda.sys []
S3 elxstor;elxstor; D:\Windows\system32\DRIVERS\elxstor.sys []
S3 ErrDev;Microsoft Hardware Error Device Driver; D:\Windows\system32\DRIVERS\errdev.sys []
S3 exfat;exFAT File System Driver; D:\Windows\system32\drivers\exfat.sys []
S3 Filetrace;@%SystemRoot%\system32\drivers\filetrace.sys,-10001; D:\Windows\system32\drivers\filetrace.sys []
S3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; D:\Windows\System32\drivers\FsDepends.sys []
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; D:\Windows\system32\DRIVERS\gagp30kx.sys []
S3 hcw85cir;Hauppauge Consumer Infrared Receiver; D:\Windows\system32\drivers\hcw85cir.sys []
S3 HidBatt;HID UPS Battery Driver; D:\Windows\system32\DRIVERS\HidBatt.sys []
S3 HidBth;Miniport Microsoft Bluetooth HID; D:\Windows\system32\DRIVERS\hidbth.sys []
S3 HidIr;Microsoft Infrared HID Driver; D:\Windows\system32\DRIVERS\hidir.sys []
S3 HidUsb;Ovladač třídy standardu HID Microsoft; D:\Windows\system32\DRIVERS\hidusb.sys []
S3 HpSAMD;HpSAMD; D:\Windows\system32\DRIVERS\HpSAMD.sys []
S3 iaStorV;iaStorV; D:\Windows\system32\DRIVERS\iaStorV.sys []
S3 iirsp;iirsp; D:\Windows\system32\DRIVERS\iirsp.sys []
S3 intelide;intelide; D:\Windows\system32\DRIVERS\intelide.sys []
S3 intelppm;Intel Processor Driver; D:\Windows\system32\DRIVERS\intelppm.sys []
S3 IPMIDRV;IPMIDRV; D:\Windows\system32\DRIVERS\IPMIDrv.sys []
S3 isapnp;isapnp; D:\Windows\system32\DRIVERS\isapnp.sys []
S3 iScsiPrt;iScsiPort Driver; D:\Windows\system32\DRIVERS\msiscsi.sys []
S3 kbdhid;Ovladač klávesnice standardu HID; D:\Windows\system32\DRIVERS\kbdhid.sys []
S3 LSI_FC;LSI_FC; D:\Windows\system32\DRIVERS\lsi_fc.sys []
S3 LSI_SAS;LSI_SAS; D:\Windows\system32\DRIVERS\lsi_sas.sys []
S3 LSI_SAS2;LSI_SAS2; D:\Windows\system32\DRIVERS\lsi_sas2.sys []
S3 LSI_SCSI;LSI_SCSI; D:\Windows\system32\DRIVERS\lsi_scsi.sys []
S3 megasas;megasas; D:\Windows\system32\DRIVERS\megasas.sys []
S3 MegaSR;MegaSR; D:\Windows\system32\DRIVERS\MegaSR.sys []
S3 mouhid;Ovladač myši standardu HID; D:\Windows\system32\DRIVERS\mouhid.sys []
S3 mpio;mpio; D:\Windows\system32\DRIVERS\mpio.sys []
S3 msahci;msahci; D:\Windows\system32\DRIVERS\msahci.sys []
S3 msdsm;msdsm; D:\Windows\system32\DRIVERS\msdsm.sys []
S3 mshidkmdf;@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100; D:\Windows\System32\drivers\mshidkmdf.sys []
S3 MsRPC;MsRPC; D:\Windows\system32\drivers\MsRPC.sys []
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; D:\Windows\system32\drivers\MSTEE.sys []
S3 MTConfig;Microsoft Input Configuration Driver; D:\Windows\system32\DRIVERS\MTConfig.sys []
S3 NativeWifiP;NativeWiFi Filter; D:\Windows\system32\DRIVERS\nwifi.sys []
S3 NdisCap;NDIS Capture LightWeight Filter; D:\Windows\system32\DRIVERS\ndiscap.sys []
S3 nfrd960;nfrd960; D:\Windows\system32\DRIVERS\nfrd960.sys []
S3 nmwcdx64;Nokia USB Phone Parent; D:\Windows\system32\drivers\nmwcdx64.sys []
S3 nv_agp;NVIDIA nForce AGP Bus Filter; D:\Windows\system32\DRIVERS\nv_agp.sys []
S3 nvraid;nvraid; D:\Windows\system32\DRIVERS\nvraid.sys []
S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy); D:\Windows\system32\DRIVERS\ohci1394.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; D:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 ql2300;ql2300; D:\Windows\system32\DRIVERS\ql2300.sys []
S3 ql40xx;ql40xx; D:\Windows\system32\DRIVERS\ql40xx.sys []
S3 QWAVEdrv;@%SystemRoot%\system32\drivers\qwavedrv.sys,-1; D:\Windows\system32\drivers\qwavedrv.sys []
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); D:\Windows\system32\DRIVERS\rfcomm.sys []
S3 s3cap;s3cap; D:\Windows\system32\DRIVERS\vms3cap.sys []
S3 sbp2port;sbp2port; D:\Windows\system32\DRIVERS\sbp2port.sys []
S3 scfilter;@%SystemRoot%\System32\drivers\scfilter.sys,-11; D:\Windows\System32\DRIVERS\scfilter.sys []
S3 sermouse;Serial Mouse Driver; D:\Windows\system32\DRIVERS\sermouse.sys []
S3 sffdisk;Ovladač třídy úložiště SFF; D:\Windows\system32\DRIVERS\sffdisk.sys []
S3 sffp_mmc;Ovladač protokolu úložiště SFF pro konzolu MMC; D:\Windows\system32\DRIVERS\sffp_mmc.sys []
S3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; D:\Windows\system32\DRIVERS\sffp_sd.sys []
S3 SiSRaid2;SiSRaid2; D:\Windows\system32\DRIVERS\SiSRaid2.sys []
S3 SiSRaid4;SiSRaid4; D:\Windows\system32\DRIVERS\sisraid4.sys []
S3 Smb;@%SystemRoot%\system32\tcpipcfg.dll,-50005; D:\Windows\system32\DRIVERS\smb.sys []
S3 StarOpen;StarOpen; D:\Windows\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 stexstor;stexstor; D:\Windows\system32\DRIVERS\stexstor.sys []
S3 storvsc;storvsc; D:\Windows\system32\DRIVERS\storvsc.sys []
S3 stus2x64;USB 2.0 IrDA Bridge; D:\Windows\system32\DRIVERS\stusb2ir.sys []
S3 TCPIP6;Microsoft IPv6 Protocol Driver; D:\Windows\system32\DRIVERS\tcpip.sys []
S3 uagp35;Microsoft AGPv3.5 Filter; D:\Windows\system32\DRIVERS\uagp35.sys []
S3 uliagpkx;Uli AGP Bus Filter; D:\Windows\system32\DRIVERS\uliagpkx.sys []
S3 UmPass;Microsoft UMPass Driver; D:\Windows\system32\DRIVERS\umpass.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; D:\Windows\system32\DRIVERS\usbccgp.sys []
S3 usbcir;eHome Infrared Receiver (USBCIR); D:\Windows\system32\DRIVERS\usbcir.sys []
S3 usbprint;Třída USB Printer; D:\Windows\system32\DRIVERS\usbprint.sys []
S3 usbscan;Ovladač skeneru USB; D:\Windows\system32\DRIVERS\usbscan.sys []
S3 usbuhci;Ovladač miniportu univerzálního hostitelského řadiče Microsoft USB; D:\Windows\system32\DRIVERS\usbuhci.sys []
S3 vga;vga; D:\Windows\system32\DRIVERS\vgapnp.sys []
S3 vhdmp;vhdmp; D:\Windows\system32\DRIVERS\vhdmp.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; D:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; D:\Windows\system32\DRIVERS\VMBusHID.sys []
S3 vsmraid;vsmraid; D:\Windows\system32\DRIVERS\vsmraid.sys []
S3 vwifibus;@%SystemRoot%\System32\drivers\vwifibus.sys,-257; D:\Windows\System32\drivers\vwifibus.sys []
S3 WacomPen;Wacom Serial Pen HID Driver; D:\Windows\system32\DRIVERS\wacompen.sys []
S3 Wd;Wd; D:\Windows\system32\DRIVERS\wd.sys []
S3 WIMMount;WIMMount; D:\Windows\system32\drivers\wimmount.sys [2009-07-14 19008]
S3 WinUsb;WinUsb; D:\Windows\system32\DRIVERS\WinUsb.sys []
S3 WmiAcpi;Microsoft Windows Management Interface for ACPI; D:\Windows\system32\DRIVERS\wmiacpi.sys []
S3 WUDFRd;WUDFRd; D:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 crcdisk;Crcdisk Filter Driver; D:\Windows\system32\DRIVERS\crcdisk.sys []
S4 ws2ifsl;@%systemroot%\System32\drivers\ws2ifsl.sys,-1000; D:\Windows\system32\drivers\ws2ifsl.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AudioEndpointBuilder;@%SystemRoot%\system32\audiosrv.dll,-204; D:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 BFE;@%SystemRoot%\system32\bfe.dll,-1001; D:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; D:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DPS;@%systemroot%\system32\dps.dll,-500; D:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; D:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-02-26 810120]
R2 fdPHost;@%systemroot%\system32\fdPHost.dll,-100; D:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 fsssvc;Služba Bezpečnosť rodiny v službe Windows Live; D:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
R2 gpsvc;@gpapi.dll,-112; D:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1823112]
R2 HFGService;Handsfree Headset Service; D:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 IObitBarService;IObit Toolbar Service; D:\PROGRA~2\IObitBar\toolbar\1.bin\i0barsvc.exe [2010-07-20 28766]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; D:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 MMCSS;@%systemroot%\system32\mmcss.dll,-100; D:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 MpsSvc;@%SystemRoot%\system32\FirewallAPI.dll,-23090; D:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 netprofm;@%SystemRoot%\system32\netprofm.dll,-202; D:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 NlaSvc;@%SystemRoot%\System32\nlasvc.dll,-1; D:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 NMSAccessU;NMSAccessU; D:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-07-14 71096]
R2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; D:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 PcaSvc;@%SystemRoot%\system32\pcasvc.dll,-1; D:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 Power;@%SystemRoot%\system32\umpo.dll,-100; D:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 ProfSvc;@%systemroot%\system32\profsvc.dll,-300; D:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 PSI_SVC_2;Protexis Licensing V2; D:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 RpcEptMapper;@%windir%\system32\RpcEpMap.dll,-1001; D:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 SysMain;@%SystemRoot%\system32\sysmain.dll,-1000; D:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 UxSms;@%SystemRoot%\system32\dwm.exe,-2000; D:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 WinDefend;@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103; D:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 WMPNetworkSvc;@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101; D:\Program Files (x86)\Windows Media Player\wmpnetwk.exe []
R2 wudfsvc;@%SystemRoot%\system32\wudfsvc.dll,-1000; D:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 AeLookupSvc;@%SystemRoot%\system32\aelupsvc.dll,-1; D:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 bthserv;@%SystemRoot%\System32\bthserv.dll,-101; D:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 SDRSVC;@%SystemRoot%\system32\sdrsvc.dll,-107; D:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 SessionEnv;@%SystemRoot%\System32\SessEnv.dll,-1026; D:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; D:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 WdiServiceHost;@%systemroot%\system32\wdi.dll,-502; D:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 HomeGroupProvider;@%SystemRoot%\System32\provsvc.dll,-100; D:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 sppsvc;@%SystemRoot%\system32\sppsvc.exe,-101; D:\Windows\system32\sppsvc.exe []
S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; D:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Appinfo;@%systemroot%\system32\appinfo.dll,-100; D:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; D:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 BDESVC;@%SystemRoot%\system32\bdesvc.dll,-100; D:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86; D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-06-10 66384]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; D:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-06-10 89920]
S3 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; D:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EFS;@%SystemRoot%\system32\efssvc.dll,-100; D:\Windows\System32\lsass.exe []
S3 ehRecvr;@%SystemRoot%\ehome\ehrecvr.exe,-101; D:\Windows\ehome\ehRecvr.exe [2009-07-14 696832]
S3 ehSched;@%SystemRoot%\ehome\ehsched.exe,-101; D:\Windows\ehome\ehsched.exe [2009-07-14 127488]
S3 EhttpSrv;ESET HTTP Server; D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-02-26 42336]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; D:\Windows\system32\fxssvc.exe []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; D:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; D:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2009-06-10 42840]
S3 gusvc;Google Updater Service; D:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 HomeGroupListener;@%SystemRoot%\System32\ListSvc.dll,-100; D:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 IDriverT;InstallDriver Table Manager; D:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193; D:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2009-06-10 856384]
S3 IKEEXT;@%SystemRoot%\system32\ikeext.dll,-501; D:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 IPBusEnum;@%systemroot%\system32\IPBusEnum.dll,-102; D:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 KeyIso;@keyiso.dll,-100; D:\Windows\system32\lsass.exe []
S3 KtmRm;@comres.dll,-2946; D:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 lltdsvc;@%SystemRoot%\system32\lltdres.dll,-1; D:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 MSiSCSI;@%SystemRoot%\system32\iscsidsc.dll,-5000; D:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 ose;Office Source Engine; D:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 p2pimsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8004; D:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 p2psvc;@%SystemRoot%\system32\p2psvc.dll,-8006; D:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; D:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; D:\Windows\SysWow64\perfhost.exe [2009-07-14 20992]
S3 pla;@%systemroot%\system32\pla.dll,-500; D:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PNRPAutoReg;@%SystemRoot%\system32\pnrpauto.dll,-8002; D:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PNRPsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8000; D:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 QWAVE;@%SystemRoot%\system32\qwave.dll,-1; D:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SensrSvc;@%SystemRoot%\System32\sensrsvc.dll,-1000; D:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 sppuinotify;@%SystemRoot%\system32\sppuinotify.dll,-103; D:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SstpSvc;@%SystemRoot%\system32\sstpsvc.dll,-200; D:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 TabletInputService;@%SystemRoot%\system32\TabSvc.dll,-100; D:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TBS;@%SystemRoot%\system32\tbssvc.dll,-100; D:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 THREADORDER;@%systemroot%\system32\mmcss.dll,-102; D:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 TrustedInstaller;@%SystemRoot%\servicing\TrustedInstaller.exe,-100; D:\Windows\servicing\TrustedInstaller.exe [2009-07-14 194048]
S3 UI0Detect;@%SystemRoot%\system32\ui0detect.exe,-101; D:\Windows\system32\UI0Detect.exe []
S3 VaultSvc;@%SystemRoot%\system32\vaultsvc.dll,-1003; D:\Windows\system32\lsass.exe []
S3 vds;@%SystemRoot%\system32\vds.exe,-100; D:\Windows\System32\vds.exe []
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; D:\Windows\system32\wbengine.exe []
S3 WbioSrvc;@%systemroot%\system32\wbiosrvc.dll,-100; D:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 wcncsvc;@%SystemRoot%\system32\wcncsvc.dll,-3; D:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WcsPlugInService;@%SystemRoot%\system32\WcsPlugInService.dll,-200; D:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WdiSystemHost;@%systemroot%\system32\wdi.dll,-500; D:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Wecsvc;@%SystemRoot%\system32\wecsvc.dll,-200; D:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 wercplsupport;@%SystemRoot%\System32\wercplsupport.dll,-101; D:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257; D:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WPCSvc;@%SystemRoot%\system32\wpcsvc.dll,-100; D:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WwanSvc;@%SystemRoot%\System32\wwansvc.dll,-257; D:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 CertPropSvc;@%SystemRoot%\System32\certprop.dll,-11; D:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 FDResPub;@%systemroot%\system32\fdrespub.dll,-100; D:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-500; D:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 Mcx2Svc;@%SystemRoot%\ehome\ehres.dll,-15501; D:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 NetTcpPortSharing;@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201; D:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 116560]
S4 SCPolicySvc;@%SystemRoot%\System32\certprop.dll,-13; D:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 SNMPTRAP;@%SystemRoot%\system32\snmptrap.exe,-3; D:\Windows\System32\snmptrap.exe []
S4 WerSvc;@%SystemRoot%\System32\wersvc.dll,-100; D:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 WinHttpAutoProxySvc;@%SystemRoot%\system32\winhttp.dll,-100; D:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 WinRM;@%Systemroot%\system32\wsmsvc.dll,-101; D:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 WPDBusEnum;@%SystemRoot%\system32\wpdbusenum.dll,-100; D:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 WSearch;@%systemroot%\system32\SearchIndexer.exe,-103; D:\Windows\system32\SearchIndexer.exe [2009-07-14 428032]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 30 črc 2010 17:38

Zdravim a pekny vecer preji

Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
Spustte a kliknete na Deletion
Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

Stahnete OTL (viz muj podpis) a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
autochk.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 5min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

martin195 · #3 Příspěvek od **martin195** » 03 srp 2010 12:46

tu je log z usbfixu:

############################## | UsbFix 7.019 | [Deletion]

User: Martin (Administrator) # DELUX [ ]
Updated 03/08/10 by El Desaparecido / C_XX
Started at 13:34:29 | 03/08/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: AMD Athlon(tm) 64 Processor 3000+
Microsoft Windows 7 Ultimate (6.1.7600 64-Bit) #
Internet Explorer 8.0.7600.16385

Windows Firewall: Enabled
RAM -> 3583 Mb
A:\ -> Removable drive # 1 Mb (1 Mb free - 82%) [] # FAT
C:\ -> Fixed drive # 30 Gb (12 Mb free - 39%) [Windows XP] # NTFS
D:\ (%systemdrive%) -> Fixed drive # 51 Gb (8 Mb free - 16%) [Windows 7] # NTFS
E:\ -> Fixed drive # 31 Gb (10 Mb free - 34%) [Lokálny disk] # NTFS
F:\ -> CD-ROM
G:\ -> CD-ROM
H:\ -> Fixed drive # 466 Gb (91 Mb free - 20%) [EXTERNÝ DISK] # FAT32
I:\ -> Removable drive # 7 Gb (4 Mb free - 57%) [KINGSTON] # FAT32
J:\ -> Removable drive # 4 Gb (664 Mb free - 17%) [] # FAT32

################## | Files # Infected Folders |

Not deleted ! F:\Autorun.inf

################## | Registry |

################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{2215ea3b-253c-11df-9d15-806e6f6e6963}

################## | Listing |

[14/02/1980 - 02:18:58 | D ] A:\DAVE
[14/02/1980 - 02:20:08 | D ] A:\MARIO
[03/08/2010 - 13:42:32 | SHD ] C:\$RECYCLE.BIN
[23/09/2009 - 16:13:50 | A | 1024] C:\.rnd
[23/09/2009 - 16:57:13 | D ] C:\ATI
[23/09/2009 - 15:18:31 | A | 0] C:\AUTOEXEC.BAT
[01/03/2010 - 16:09:21 | SHD ] C:\Boot
[11/10/2009 - 10:18:30 | H | 355] C:\Boot.BAK
[01/03/2010 - 16:09:22 | RSH | 355] C:\boot.ini
[01/03/2010 - 16:09:22 | RASH | 355] C:\Boot.ini.saved
[14/07/2009 - 03:38:58 | RASH | 383562] C:\bootmgr
[01/03/2010 - 16:09:23 | RASH | 8192] C:\BOOTSECT.BAK
[23/09/2009 - 15:18:31 | A | 0] C:\CONFIG.SYS
[24/03/2010 - 18:32:19 | A | 216] C:\DebugTrace-RockallDLL.log
[07/10/2009 - 19:58:36 | D ] C:\Documents and Settings
[01/03/2010 - 16:46:14 | RSH | 203464] C:\grldr
[23/07/2010 - 22:53:47 | ASH | 3756576768] C:\hiberfil.sys
[29/10/2009 - 17:57:21 | A | 230424] C:\img2-001.raw
[23/09/2009 - 15:18:31 | RASH | 0] C:\IO.SYS
[23/09/2009 - 15:18:31 | RASH | 0] C:\MSDOS.SYS
[26/06/2010 - 13:50:03 | HD ] C:\msdownld.tmp
[04/08/2004 - 03:07:00 | RASH | 47564] C:\NTDETECT.COM
[04/08/2004 - 03:07:00 | RASH | 250032] C:\ntldr
[23/07/2010 - 22:53:44 | ASH | 2145386496] C:\pagefile.sys
[10/06/2010 - 18:04:52 | RD ] C:\Program Files
[13/10/2009 - 15:19:44 | D ] C:\ProgramData
[03/08/2010 - 13:35:00 | SHD ] C:\RECYCLER
[12/02/2010 - 21:52:03 | D ] C:\rsit
[21/06/2010 - 18:13:10 | SHD ] C:\System Volume Information
[23/09/2009 - 15:50:41 | D ] C:\WFDB
[01/03/2010 - 16:46:16 | RSH | 12] C:\win7.ld
[23/07/2010 - 22:58:08 | D ] C:\WINDOWS
[23/09/2009 - 15:45:41 | D ] C:\WinFast
[23/09/2009 - 16:36:20 | A | 1167] C:\_Sid.txt
[03/08/2010 - 13:42:32 | SHD ] D:\$Recycle.Bin
[20/03/2009 - 17:42:25 | A | 24] D:\autoexec.bat
[03/08/2010 - 11:45:59 | HD ] D:\Config.Msi
[20/03/2009 - 17:42:25 | A | 10] D:\config.sys
[14/07/2009 - 07:08:56 | SHD ] D:\Documents and Settings
[03/08/2010 - 11:36:35 | ASH | 2817433600] D:\hiberfil.sys
[05/11/2009 - 17:39:10 | RHD ] D:\MSOCache
[03/08/2010 - 11:36:34 | ASH | 3756580864] D:\pagefile.sys
[14/07/2009 - 05:20:08 | D ] D:\PerfLogs
[20/07/2010 - 19:44:38 | RD ] D:\Program Files
[03/08/2010 - 13:32:01 | RD ] D:\Program Files (x86)
[23/07/2010 - 14:01:34 | HD ] D:\ProgramData
[01/03/2010 - 16:46:08 | SHD ] D:\Recovery
[03/08/2010 - 13:35:06 | SHD ] D:\RECYCLER
[26/02/2010 - 21:28:10 | D ] D:\rsit
[04/10/2009 - 16:22:17 | D ] D:\Sounds
[02/08/2010 - 21:03:45 | SHD ] D:\System Volume Information
[05/02/2010 - 16:59:47 | H | 1452100] D:\treeinfo.wc
[03/08/2010 - 13:42:58 | D ] D:\UsbFix
[03/08/2010 - 13:34:31 | A | 3859] D:\UsbFix.txt
[27/06/2010 - 10:17:32 | RD ] D:\Users
[30/07/2010 - 20:09:01 | D ] D:\Windows
[10/04/2010 - 21:48:05 | D ] D:\Windows.old
[12/11/2009 - 19:54:41 | D ] D:\WinFast WorkArea
[03/08/2010 - 13:42:32 | SHD ] E:\$RECYCLE.BIN
[11/04/2010 - 12:03:21 | SHD ] E:\Config.Msi
[13/10/2009 - 17:11:24 | D ] E:\Documents and Settings
[09/05/2010 - 18:51:31 | D ] E:\Download
[15/01/2010 - 20:41:31 | D ] E:\Pinnacle - importované videá
[30/07/2010 - 18:27:42 | D ] E:\Program Files
[21/07/2010 - 20:54:46 | D ] E:\RAR
[03/08/2010 - 13:35:17 | SHD ] E:\RECYCLER
[21/06/2010 - 18:15:49 | SHD ] E:\System Volume Information
[07/06/2010 - 14:05:34 | D ] E:\to cd sst3
[23/09/2009 - 17:52:31 | D ] E:\WinFast WorkArea
[07/10/2005 - 14:26:55 | D ] F:\Cinematics
[26/01/2004 - 11:02:38 | R | 83] F:\DATA.TAG
[07/10/2005 - 14:28:14 | D ] F:\DirectX
[09/12/2002 - 18:28:04 | R | 3262] F:\Kaan.ico
[11/12/2002 - 16:34:40 | R | 28672] F:\Lanceur.exe
[26/01/2004 - 11:02:38 | R | 93] F:\SETUP.INI
[02/10/1998 - 21:04:32 | R | 71680] F:\Setup.exe
[02/10/1998 - 21:15:08 | R | 297989] F:\_INST32I.EX_
[27/10/1998 - 14:06:48 | R | 27648] F:\_ISDel.exe
[08/10/1998 - 16:41:18 | R | 34816] F:\_Setup.dll
[26/01/2004 - 11:02:38 | R | 176978] F:\_sys1.cab
[26/01/2004 - 11:02:38 | R | 3942] F:\_sys1.hdr
[26/01/2004 - 11:02:38 | R | 374213] F:\_user1.cab
[26/01/2004 - 11:02:38 | R | 4413] F:\_user1.hdr
[03/12/1999 - 14:18:28 | R | 113] F:\autorun.inf
[07/10/2005 - 14:26:54 | D ] F:\bezpecnost
[09/03/2005 - 09:41:18 | R | 2092] F:\cti_mne.txt
[07/10/2005 - 14:28:08 | D ] F:\data
[26/01/2004 - 11:03:54 | R | 239031022] F:\data1.cab
[26/01/2004 - 11:02:42 | R | 12630] F:\data1.hdr
[07/10/2005 - 14:28:23 | D ] F:\hudba
[04/10/2005 - 13:00:59 | R | 761] F:\index.htm
[04/10/2005 - 13:00:59 | R | 764] F:\index2.htm
[04/10/2005 - 13:00:59 | R | 770] F:\index3.htm
[04/10/2005 - 13:00:51 | R | 771] F:\index4.htm
[18/09/1998 - 17:12:08 | R | 4679] F:\lang.dat
[26/01/2004 - 11:03:54 | R | 609] F:\layout.bin
[27/07/1998 - 20:41:06 | R | 450] F:\os.dat
[06/03/2005 - 15:25:18 | R | 396288] F:\ppk.exe
[07/10/2005 - 14:28:25 | D ] F:\ppkplus
[07/10/2005 - 14:28:35 | D ] F:\servis
[10/12/2002 - 15:37:28 | R | 741654] F:\setup.bmp
[05/05/2003 - 18:03:38 | R | 58124] F:\setup.ins
[26/01/2004 - 11:02:38 | R | 49] F:\setup.lid
[21/03/2009 - 15:04:14 | D ] H:\Fotky - mobil
[09/02/2006 - 14:59:36 | RHD ] H:\autorun
[10/05/2010 - 18:02:02 | RA | 528] H:\MediaID.bin
[04/05/2010 - 07:36:24 | ASH | 9216] H:\Thumbs.db
[07/11/2007 - 08:00:40 | A | 1110] H:\globdata.ini
[01/03/2010 - 21:18:02 | RD ] H:\DELUX
[29/12/2008 - 16:02:32 | SHD ] H:\System Volume Information
[29/12/2008 - 16:02:32 | D ] H:\Program Files
[24/12/2009 - 12:15:06 | D ] H:\Images
[07/11/2007 - 08:03:18 | A | 562688] H:\install.exe
[29/12/2008 - 16:03:14 | D ] H:\Media
[07/12/2009 - 14:38:22 | D ] H:\Záloha USB
[07/11/2007 - 08:00:40 | A | 843] H:\install.ini
[29/12/2008 - 16:03:24 | D ] H:\Download Area
[25/12/2009 - 22:22:20 | D ] H:\Render
[07/11/2007 - 08:12:28 | A | 232960] H:\VC_RED.MSI
[29/12/2008 - 16:04:16 | D ] H:\Install
[10/04/2010 - 21:47:48 | D ] H:\Windows.old
[29/12/2008 - 17:45:22 | SHD ] H:\Recycled
[05/02/2010 - 22:14:18 | A | 77824] H:\mobil.doc
[13/05/2010 - 17:44:54 | D ] H:\Users
[13/01/2010 - 16:43:30 | D ] H:\images 8
[28/02/2010 - 18:06:06 | D ] H:\W7 BACKUP
[30/12/2008 - 13:05:16 | D ] H:\Iné
[07/11/2007 - 08:03:18 | A | 75792] H:\install.res.2052.dll
[19/06/2010 - 23:00:00 | A | 1992425476] H:\Markiza(100619_230000).mpg
[11/05/2010 - 16:30:36 | A | 5963440] H:\FlashFXP_376_BETA_Setup.exe
[20/06/2010 - 00:17:52 | A | 1449132036] H:\Markiza(100619_230000)001.MPG
[07/11/2007 - 08:03:18 | A | 76304] H:\install.res.1028.dll
[07/11/2007 - 08:03:18 | A | 96272] H:\install.res.1031.dll
[07/11/2007 - 08:03:18 | A | 91152] H:\install.res.1033.dll
[07/11/2007 - 08:03:18 | A | 96272] H:\install.res.3082.dll
[07/11/2007 - 08:03:18 | A | 97296] H:\install.res.1036.dll
[07/11/2007 - 08:03:18 | A | 95248] H:\install.res.1040.dll
[07/11/2007 - 08:03:18 | A | 81424] H:\install.res.1041.dll
[07/11/2007 - 08:03:18 | A | 79888] H:\install.res.1042.dll
[07/11/2007 - 08:00:40 | A | 17734] H:\eula.2052.txt
[07/11/2007 - 08:00:40 | A | 5686] H:\vcredist.bmp
[16/01/2009 - 16:35:36 | SHD ] H:\Config.Msi
[07/11/2007 - 08:00:40 | A | 17734] H:\eula.1028.txt
[07/11/2007 - 08:00:40 | A | 17734] H:\eula.1031.txt
[07/11/2007 - 08:00:40 | A | 10134] H:\eula.1033.txt
[07/11/2007 - 08:00:40 | A | 17734] H:\eula.3082.txt
[07/11/2007 - 08:00:40 | A | 17734] H:\eula.1036.txt
[07/11/2007 - 08:00:40 | A | 17734] H:\eula.1040.txt
[07/11/2007 - 08:00:40 | A | 118] H:\eula.1041.txt
[07/11/2007 - 08:00:40 | A | 17734] H:\eula.1042.txt
[07/11/2007 - 08:09:22 | A | 1442522] H:\VC_RED.cab
[30/01/2009 - 16:02:00 | D ] H:\RECYCLER
[31/01/2009 - 12:11:10 | RASHD ] H:\autorun.inf
[25/05/2009 - 19:09:20 | D ] H:\Vlado
[28/07/2009 - 11:04:16 | D ] H:\Nový priečinok
[13/09/2009 - 11:47:06 | D ] H:\POLICE ACADEMY
[23/09/2009 - 14:28:02 | D ] H:\Záloha PC
[23/09/2009 - 14:40:50 | A | 2359350] H:\Disk D.bmp
[23/09/2009 - 14:41:16 | A | 2359350] H:\Disk C.bmp
[23/09/2009 - 18:55:56 | SHD ] H:\$RECYCLE.BIN
[25/09/2009 - 16:51:28 | HD ] H:\msdownld.tmp
[27/09/2009 - 10:01:48 | RHD ] H:\ZÁLOHA WINDOWS - NEMAZAŤ!!!!!
[04/10/2009 - 17:07:14 | D ] H:\Záloha mobil
[13/06/2010 - 21:51:50 | D ] I:\Marec
[19/06/2010 - 22:35:48 | D ] I:\PVR
[25/06/2010 - 19:21:06 | HD ] I:\LiberKey
[25/06/2010 - 19:42:00 | A | 420] I:\LiberKey.lnk
[27/06/2010 - 13:41:30 | D ] I:\Screenshots
[11/07/2010 - 19:27:30 | D ] I:\104_PANA
[11/07/2010 - 19:36:38 | D ] I:\103_PANA
[26/07/2007 - 15:49:32 | D ] J:\ACE
[01/12/2009 - 12:28:06 | H | 179712] J:\~WRL4002.tmp
[01/12/2009 - 12:29:56 | H | 179712] J:\~WRL1189.tmp
[19/11/2009 - 15:31:20 | H | 342528] J:\~WRL1420.tmp
[22/04/2010 - 14:09:44 | D ] J:\ine
[24/10/2008 - 13:32:24 | SHD ] J:\FOUND.000
[31/01/2009 - 12:11:10 | HD ] J:\autorun.inf
[13/03/2009 - 13:58:50 | D ] J:\FirefoxPortable
[12/06/2009 - 17:51:24 | SHD ] J:\FOUND.001
[11/04/2010 - 12:55:36 | D ] J:\BIN
[01/12/2009 - 12:38:46 | H | 162816] J:\~WRL0011.tmp
[03/05/2010 - 12:57:56 | D ] J:\music
[31/01/2009 - 09:45:16 | HD ] J:\RECYCLER
[01/06/2010 - 13:09:16 | D ] J:\IMPULZ 4
[04/06/2010 - 12:38:44 | A | 36] J:\pisma.txt
[02/04/2010 - 21:43:08 | D ] J:\optim
[01/06/2010 - 12:47:58 | D ] J:\a PROJEKTY
[01/10/2008 - 19:18:14 | D ] J:\TČ
[14/05/2010 - 20:09:06 | D ] J:\SEDLICE
[05/07/2010 - 08:47:32 | D ] J:\Harry Potter
[23/07/2010 - 22:17:22 | D ] J:\bjsnst

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
E:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
H:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
I:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
J:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | Upload |

Please send the file: D:\UsbFix_Upload_Me_DELUX.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution.

################## | E.O.F |

#4 Příspěvek od **vyosek** » 03 srp 2010 12:55

Fajn, ted jeste logy z OTL

martin195 · #5 Příspěvek od **martin195** » 03 srp 2010 13:41

OTL logfile created on: 3.8.2010 13:50:24 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = D:\Users\Martin\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Slovensko | Language: SKY | Date Format: d. M. yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 30,27 Gb Total Space | 11,68 Gb Free Space | 38,58% Space Free | Partition Type: NTFS
Drive D: | 50,78 Gb Total Space | 11,90 Gb Free Space | 23,43% Space Free | Partition Type: NTFS
Drive E: | 30,73 Gb Total Space | 12,23 Gb Free Space | 39,82% Space Free | Partition Type: NTFS
Drive F: | 693,23 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
Drive H: | 465,64 Gb Total Space | 100,18 Gb Free Space | 21,51% Space Free | Partition Type: FAT32
Drive I: | 7,45 Gb Total Space | 4,25 Gb Free Space | 57,09% Space Free | Partition Type: FAT32
Drive J: | 3,84 Gb Total Space | 0,65 Gb Free Space | 16,89% Space Free | Partition Type: FAT32

Computer Name: DELUX
Current User Name: Martin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.08.03 13:47:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Users\Martin\Desktop\OTL.exe
PRC - [2010.06.30 14:52:22 | 000,836,464 | ---- | M] (Opera Software) -- D:\Program Files (x86)\Opera\opera.exe
PRC - [2010.02.26 06:41:12 | 000,810,120 | ---- | M] (ESET) -- D:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009.08.05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) -- D:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

========== Modules (SafeList) ==========

MOD - [2010.08.03 13:47:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Users\Martin\Desktop\OTL.exe
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWOW64\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- D:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010.02.26 06:42:36 | 000,042,336 | ---- | M] (ESET) [On_Demand | Stopped] -- D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2010.02.26 06:41:12 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- D:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009.12.21 11:44:06 | 000,535,552 | ---- | M] (CSR, plc) [Auto | Running] -- D:\Windows\SysNative\HFGService.dll -- (HFGService)
SRV:64bit: - [2009.07.14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- D:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009.07.14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.07.14 00:18:12 | 000,071,096 | ---- | M] () [Auto | Stopped] -- D:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2010.07.30 16:18:09 | 000,028,762 | ---- | M] () [Auto | Stopped] -- D:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2010.03.30 11:16:14 | 001,823,112 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009.08.05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- D:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2010.03.02 20:02:42 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- D:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.02.26 06:42:00 | 000,124,760 | ---- | M] (ESET) [Kernel | Auto | Running] -- D:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2010.02.26 06:41:10 | 000,139,704 | ---- | M] (ESET) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010.02.26 06:39:32 | 000,163,888 | ---- | M] (ESET) [File_System | Auto | Running] -- D:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010.02.03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.12.21 11:43:36 | 000,052,224 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\BthAudioHF.sys -- (BthAudioHF)
DRV:64bit: - [2009.12.21 11:43:00 | 000,078,848 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\bthav.sys -- (csr_a2dp)
DRV:64bit: - [2009.08.13 09:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2009.08.06 00:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- D:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009.07.14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- D:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009.07.14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009.07.14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009.07.14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009.07.14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009.07.13 23:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- D:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.01.03 18:56:04 | 000,047,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\stusb2ir.sys -- (stus2x64)
DRV:64bit: - [2007.06.28 11:47:14 | 000,173,056 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\nmwcdx64.sys -- (nmwcdx64)
DRV:64bit: - [2006.04.13 04:52:24 | 000,468,992 | ---- | M] (Leadtek Research Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\cxavsvid.sys -- (CX88VID)
DRV:64bit: - [2005.10.20 16:30:00 | 000,017,920 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Stopped] -- D:\Windows\SysNative\drivers\EIO64.sys -- (EIO)
DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- D:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-39410807-938470477-3063820386-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-39410807-938470477-3063820386-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-39410807-938470477-3063820386-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 13 5F 6A 55 B9 CA 01 [binary data]
IE - HKU\S-1-5-21-39410807-938470477-3063820386-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-39410807-938470477-3063820386-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-39410807-938470477-3063820386-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "IObit"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..keyword.URL: "http://results.myway.com/GGmain.jhtml?i ... searchfor="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010.07.30 13:00:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010.07.30 13:00:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2010.07.23 14:02:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: D:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.03.30 16:42:54 | 000,000,000 | ---D | M]

[2010.03.02 19:36:51 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\mozilla\Extensions
[2010.08.03 12:33:48 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\qzyu1y9h.default\extensions
[2010.06.09 16:10:10 | 000,000,000 | ---D | M] (Greasemonkey) -- D:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\qzyu1y9h.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.02.04 16:45:40 | 000,002,254 | ---- | M] () -- D:\Users\Martin\AppData\Roaming\Mozilla\FireFox\Profiles\qzyu1y9h.default\searchplugins\askcom.xml
[2010.04.01 18:45:04 | 000,002,059 | ---- | M] () -- D:\Users\Martin\AppData\Roaming\Mozilla\FireFox\Profiles\qzyu1y9h.default\searchplugins\daemon-search.xml
[2010.07.23 13:00:26 | 000,009,927 | ---- | M] () -- D:\Users\Martin\AppData\Roaming\Mozilla\FireFox\Profiles\qzyu1y9h.default\searchplugins\IObitBar.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - D:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - D:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - D:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - D:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - D:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O3 - HKU\S-1-5-21-39410807-938470477-3063820386-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-39410807-938470477-3063820386-1000\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - D:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O4:64bit: - HKLM..\Run: [egui] D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [SelectRebates] D:\Program Files (x86)\SelectRebates\SelectRebates.exe ()
O4 - HKLM..\Run: [Standby] D:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKU\S-1-5-19..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-39410807-938470477-3063820386-1000..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-39410807-938470477-3063820386-1000..\Run: [Speed Typing] E:\Program Files\Speed Typing [Windows 7]\STyping.exe (Invention Pilot, Inc)
O4 - HKLM..\RunOnce: [] File not found
O4 - HKLM..\RunOnce: [MyWebSearch bar Uninstall] D:\Program Files (x86)\Uninstall Fun Web Products.dll (MyWebSearch.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] D:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] D:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-39410807-938470477-3063820386-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-39410807-938470477-3063820386-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-39410807-938470477-3063820386-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-39410807-938470477-3063820386-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: E&xportovať do programu Microsoft Excel - D:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - D:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - D:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.5.18.5 10.5.18.2 195.80.171.4
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - D:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.23 15:18:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.08.03 13:43:05 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009.03.20 17:42:25 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.08.03 13:43:05 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.08.03 13:43:05 | 000,000,000 | RHSD | M] - E:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [1999.12.03 14:18:28 | 000,000,113 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006.02.09 14:59:36 | 000,000,000 | RH-D | M] - H:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2010.08.03 13:43:06 | 000,000,000 | RHSD | M] - H:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010.08.03 13:43:06 | 000,000,000 | RHSD | M] - I:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010.08.03 13:43:08 | 000,000,000 | RHSD | M] - J:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - D:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - D:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.dvacm - D:\Program Files (x86)\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
Drivers32: msacm.l3acm - D:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - D:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.MPEGacm - D:\Program Files (x86)\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - D:\Program Files (x86)\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: vidc.cvid - D:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.tscc - D:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.VP60 - D:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - D:\Windows\SysWOW64\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 7 Days ==========

[2010.08.03 13:47:07 | 000,574,976 | ---- | C] (OldTimer Tools) -- D:\Users\Martin\Desktop\OTL.exe
[2010.08.03 13:43:05 | 000,000,000 | RHSD | C] -- D:\Autorun.inf
[2010.08.03 13:33:56 | 000,000,000 | ---D | C] -- D:\UsbFix
[2010.08.03 13:33:01 | 001,204,363 | ---- | C] (C_XX & El Desaparecido) -- D:\Users\Martin\Desktop\UsbFix.exe
[2010.08.03 13:32:01 | 000,775,696 | ---- | C] (MyWebSearch.com) -- D:\Program Files (x86)\Uninstall Fun Web Products.dll
[2010.08.03 11:45:59 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\SystemRequirementsLab
[2010.08.03 11:45:52 | 000,000,000 | ---D | C] -- D:\Users\Martin\SystemRequirementsLab
[2010.07.30 16:18:09 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\MyWebSearch
[2010.07.30 16:11:28 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\SelectRebates
[2010.04.10 21:09:06 | 000,053,248 | ---- | C] ( ) -- D:\Windows\vsnpstd3.dll

========== Files - Modified Within 7 Days ==========

[2010.08.03 13:50:48 | 003,145,728 | -HS- | M] () -- D:\Users\Martin\NTUSER.DAT
[2010.08.03 13:47:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Users\Martin\Desktop\OTL.exe
[2010.08.03 13:43:12 | 000,004,628 | ---- | M] () -- D:\UsbFix_Upload_Me_DELUX.zip
[2010.08.03 13:34:59 | 000,614,620 | ---- | M] () -- D:\Windows\SysNative\perfh005.dat
[2010.08.03 13:34:59 | 000,607,298 | ---- | M] () -- D:\Windows\SysNative\perfh009.dat
[2010.08.03 13:34:59 | 000,118,792 | ---- | M] () -- D:\Windows\SysNative\perfc005.dat
[2010.08.03 13:34:59 | 000,103,676 | ---- | M] () -- D:\Windows\SysNative\perfc009.dat
[2010.08.03 13:34:58 | 001,445,734 | ---- | M] () -- D:\Windows\SysNative\PerfStringBackup.INI
[2010.08.03 13:33:18 | 001,204,363 | ---- | M] (C_XX & El Desaparecido) -- D:\Users\Martin\Desktop\UsbFix.exe
[2010.08.03 11:44:07 | 000,014,016 | -H-- | M] () -- D:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.03 11:44:07 | 000,014,016 | -H-- | M] () -- D:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.03 11:36:45 | 000,000,006 | -H-- | M] () -- D:\Windows\tasks\SA.DAT
[2010.08.03 11:36:39 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2010.08.03 11:36:35 | 2817,433,600 | -HS- | M] () -- D:\hiberfil.sys
[2010.07.30 22:50:23 | 004,850,866 | -H-- | M] () -- D:\Users\Martin\AppData\Local\IconCache.db
[2010.07.30 18:17:21 | 000,000,366 | ---- | M] () -- D:\Windows\tasks\AWC Update.job
[2010.07.30 18:16:04 | 000,443,136 | ---- | M] () -- D:\Users\Martin\Desktop\setup_akl.exe
[2010.07.30 16:18:09 | 000,775,696 | ---- | M] (MyWebSearch.com) -- D:\Program Files (x86)\Uninstall Fun Web Products.dll

========== Files Created - No Company Name ==========

[2010.08.03 13:43:12 | 000,004,628 | ---- | C] () -- D:\UsbFix_Upload_Me_DELUX.zip
[2010.07.30 18:16:02 | 000,443,136 | ---- | C] () -- D:\Users\Martin\Desktop\setup_akl.exe
[2010.05.09 19:16:19 | 000,197,120 | ---- | C] () -- D:\Windows\patchw32.dll
[2010.05.04 21:46:58 | 001,463,836 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2010.04.15 19:16:11 | 000,001,156 | ---- | C] () -- D:\Windows\disney.ini
[2010.04.15 19:15:53 | 000,000,200 | ---- | C] () -- D:\Windows\disneysy.ini
[2010.03.27 18:52:54 | 000,000,571 | ---- | C] () -- D:\Windows\SysWow64\FeMakro.ini
[2010.03.27 18:52:54 | 000,000,497 | ---- | C] () -- D:\Windows\SysWow64\FeAnim.ini
[2010.03.02 20:19:41 | 000,007,168 | ---- | C] () -- D:\Windows\SysWow64\drivers\StarOpen.sys
[2010.03.01 20:08:54 | 000,000,376 | ---- | C] () -- D:\Windows\ODBC.INI
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2004.04.27 09:26:48 | 000,005,824 | ---- | C] () -- D:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2010.03.01 20:21:14 | 000,000,000 | ---D | M] -- D:\Users\Daniel\AppData\Roaming\Opera
[2010.05.24 17:26:58 | 000,000,000 | ---D | M] -- D:\Users\Daniel\AppData\Roaming\PC Suite
[2010.05.16 13:10:01 | 000,000,000 | ---D | M] -- D:\Users\Guest\AppData\Roaming\Bump Technologies, Inc
[2010.03.26 23:19:00 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Azureus
[2010.05.09 19:19:35 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Bump Technologies, Inc
[2010.03.30 19:21:30 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Canneverbe Limited
[2010.03.03 16:29:46 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\DAEMON Tools Lite
[2010.04.23 19:20:40 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Disney Interactive Studios
[2010.03.02 19:52:38 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Foxit Software
[2010.03.26 18:33:22 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\GameRanger
[2010.04.10 20:28:42 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\GetRightToGo
[2010.05.19 21:55:34 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\GHISLER
[2010.03.07 23:06:58 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\IObit
[2010.06.26 14:17:52 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Jasc
[2010.03.05 18:56:12 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Leadertech
[2010.04.05 16:32:30 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Luxand
[2010.05.04 21:54:48 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Nokia
[2010.06.30 22:06:10 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Opera
[2010.05.24 16:31:33 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\PC Suite
[2010.05.03 11:31:38 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\PDFCreator
[2010.03.27 18:53:04 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\pdfMachine
[2010.03.20 19:33:52 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\TeamViewer
[2010.03.01 22:47:17 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Thunderbird
[2010.06.28 15:32:45 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\TS3Client
[2010.06.26 13:50:13 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Ulead Systems
[2010.05.29 13:01:56 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\uTorrent
[2010.03.02 16:51:25 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Windows SideBar
[2010.07.30 18:17:21 | 000,000,366 | ---- | M] () -- D:\Windows\Tasks\AWC Update.job
[2010.06.11 13:48:05 | 000,032,626 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

martin195 · #6 Příspěvek od **martin195** » 03 srp 2010 13:43

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = D:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009.07.14 03:39:41 | 001,475,072 | ---- | M] (Microsoft Corporation)
"Speed Typing" = "E:\Program Files\Speed Typing [Windows 7]\STyping.exe" -- [2002.12.12 20:18:16 | 000,101,376 | ---- | M] (Invention Pilot, Inc)
"DAEMON Tools Lite" = "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun -- [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd)

< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.05.10 19:38:31 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Adobe
[2010.03.26 23:19:00 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Azureus
[2010.05.09 19:19:35 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Bump Technologies, Inc
[2010.03.30 19:21:30 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Canneverbe Limited
[2010.06.26 14:06:14 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Corel
[2010.03.03 16:29:46 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\DAEMON Tools Lite
[2010.04.23 19:20:40 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Disney Interactive Studios
[2010.07.23 13:07:00 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\dvdcss
[2010.03.02 19:52:38 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Foxit Software
[2010.03.26 18:33:22 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\GameRanger
[2010.04.10 20:28:42 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\GetRightToGo
[2010.05.19 21:55:34 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\GHISLER
[2010.06.30 13:05:19 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Hamachi
[2010.03.01 16:49:29 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Identities
[2010.04.15 19:16:06 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\InstallShield
[2010.03.07 23:06:58 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\IObit
[2010.06.26 14:17:52 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Jasc
[2010.03.05 18:56:12 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Leadertech
[2010.04.05 16:32:30 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Luxand
[2010.03.01 20:12:17 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Macromedia
[2009.07.14 17:36:38 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Media Center Programs
[2010.07.23 11:02:18 | 000,000,000 | --SD | M] -- D:\Users\Martin\AppData\Roaming\Microsoft
[2010.03.02 19:36:51 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Mozilla
[2010.05.04 21:54:48 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Nokia
[2010.06.30 22:06:10 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Opera
[2010.05.24 16:31:33 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\PC Suite
[2010.05.03 11:31:38 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\PDFCreator
[2010.03.27 18:53:04 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\pdfMachine
[2010.08.02 23:01:04 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Skype
[2010.08.02 21:50:15 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\skypePM
[2010.03.01 22:47:23 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Talkback
[2010.06.28 16:12:12 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\teamspeak2
[2010.03.20 19:33:52 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\TeamViewer
[2010.03.01 22:47:17 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Thunderbird
[2010.06.28 15:32:45 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\TS3Client
[2010.06.26 13:50:13 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Ulead Systems
[2010.05.29 13:01:56 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\uTorrent
[2010.07.30 14:32:25 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\vlc
[2010.03.02 16:51:25 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\Windows SideBar
[2010.04.10 15:24:33 | 000,000,000 | ---D | M] -- D:\Users\Martin\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2010.06.30 00:45:56 | 001,240,800 | ---- | M] (GameRanger Technologies) -- D:\Users\Martin\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
[2010.06.19 12:44:48 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- D:\Users\Martin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.06.26 14:17:33 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- D:\Users\Martin\AppData\Roaming\Microsoft\Installer\{174D5678-D941-433C-BD23-58A5C7B0D36D}\Anim3TryAndBuy.exe
[2010.06.26 14:17:33 | 000,010,134 | R--- | M] () -- D:\Users\Martin\AppData\Roaming\Microsoft\Installer\{174D5678-D941-433C-BD23-58A5C7B0D36D}\ARPPRODUCTICON.exe
[2010.03.27 18:52:47 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- D:\Users\Martin\AppData\Roaming\Microsoft\Installer\{26E20136-E332-4BC6-903F-ADDCAEE53263}\ARPPRODUCTICON.exe
[2010.05.10 17:35:24 | 000,010,134 | R--- | M] () -- D:\Users\Martin\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.04.22 07:24:12 | 000,053,328 | ---- | M] (Microsoft Corporation) MD5=7DFFC1CD425BCD998D9FDA0192383A19 -- D:\Windows.old\Windows\System32\drivers\AGP440.sys
[2009.04.22 07:24:12 | 000,053,328 | ---- | M] (Microsoft Corporation) MD5=7DFFC1CD425BCD998D9FDA0192383A19 -- D:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_e13b2b757efc5205\AGP440.sys
[2009.04.22 07:24:12 | 000,053,328 | ---- | M] (Microsoft Corporation) MD5=7DFFC1CD425BCD998D9FDA0192383A19 -- D:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7100.0_none_2b05e59d13c6aac3\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.04.22 07:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- D:\Windows.old\Windows\System32\drivers\atapi.sys
[2009.04.22 07:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- D:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_b27d5421375ad1cd\atapi.sys
[2009.04.22 07:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- D:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7100.0_none_4e2b207b769f9fe5\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- D:\Windows\SysWOW64\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- D:\Windows\SysWOW64\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- D:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- D:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2009.04.22 07:18:45 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=DCE8C59D84D5923D0CA54EF116DD8138 -- D:\Windows.old\Windows\System32\autochk.exe
[2009.04.22 07:18:45 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=DCE8C59D84D5923D0CA54EF116DD8138 -- D:\Windows.old\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7100.0_none_52e6e5ab16d6f438\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- D:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- D:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2009.04.22 05:08:50 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=EDF617E3CE277E60B8DDC2B6E99B1D54 -- D:\Windows.old\Windows\System32\drivers\cdrom.sys
[2009.04.22 05:08:50 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=EDF617E3CE277E60B8DDC2B6E99B1D54 -- D:\Windows.old\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_979e56719b05c594\cdrom.sys
[2009.04.22 05:08:50 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=EDF617E3CE277E60B8DDC2B6E99B1D54 -- D:\Windows.old\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7100.0_none_d09c5443f8dd3b93\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
[2009.04.22 07:20:04 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=EC9930C8CDF46295A1354256435CB5DE -- D:\Windows.old\Windows\System32\cngaudit.dll
[2009.04.22 07:20:04 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=EC9930C8CDF46295A1354256435CB5DE -- D:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7100.0_none_5956e38684aa4f03\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009.04.22 07:20:07 | 000,135,168 | ---- | M] (Microsoft Corporation) MD5=3DA62576A423BB1A9D882F7CDEAF21BB -- D:\Windows.old\Windows\System32\cryptsvc.dll
[2009.04.22 07:20:07 | 000,135,168 | ---- | M] (Microsoft Corporation) MD5=3DA62576A423BB1A9D882F7CDEAF21BB -- D:\Windows.old\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7100.0_none_e6f291c5efe51f32\cryptsvc.dll
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- D:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- D:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- D:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- D:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- D:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- D:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- D:\Windows\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.04.22 07:19:02 | 002,607,616 | ---- | M] (Microsoft Corporation) MD5=C133788B393EEC01439AD997D24E66ED -- D:\Windows.old\Windows\explorer.exe
[2009.04.22 07:19:02 | 002,607,616 | ---- | M] (Microsoft Corporation) MD5=C133788B393EEC01439AD997D24E66ED -- D:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7100.0_none_c2a79f73ced24008\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009.04.22 07:24:20 | 000,194,128 | ---- | M] (Microsoft Corporation) MD5=826E8635457E8215C87DB6300DFC8F35 -- D:\Windows.old\Windows\System32\hal.dll
[2009.04.22 07:24:20 | 000,194,128 | ---- | M] (Microsoft Corporation) MD5=826E8635457E8215C87DB6300DFC8F35 -- D:\Windows.old\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7100.0_none_1c1beb05aec0089e\hal.dll
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- D:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll

< MD5 for: IASTORV.SYS >
[2009.04.22 07:24:21 | 000,332,368 | ---- | M] (Intel Corporation) MD5=AC958B65CDE27ADFDEC628BF7ECCEB8C -- D:\Windows.old\Windows\System32\drivers\iaStorV.sys
[2009.04.22 07:24:21 | 000,332,368 | ---- | M] (Intel Corporation) MD5=AC958B65CDE27ADFDEC628BF7ECCEB8C -- D:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.04.22 07:24:21 | 000,332,368 | ---- | M] (Intel Corporation) MD5=AC958B65CDE27ADFDEC628BF7ECCEB8C -- D:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7100.0_none_20044ad9dcddcbd8\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- D:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- D:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- D:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys
[2009.04.22 07:24:06 | 000,046,672 | ---- | M] (Microsoft Corporation) MD5=C3B2BCDC1C62EB774C1625F8023671CA -- D:\Windows.old\Windows\System32\drivers\isapnp.sys
[2009.04.22 07:24:06 | 000,046,672 | ---- | M] (Microsoft Corporation) MD5=C3B2BCDC1C62EB774C1625F8023671CA -- D:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_e13b2b757efc5205\isapnp.sys
[2009.04.22 07:24:06 | 000,046,672 | ---- | M] (Microsoft Corporation) MD5=C3B2BCDC1C62EB774C1625F8023671CA -- D:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7100.0_none_2b05e59d13c6aac3\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- D:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- D:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- D:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
[2009.04.22 07:19:08 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=62C4EF46A710A84416AEA89E52C01833 -- D:\Windows.old\Windows\System32\lsass.exe
[2009.04.22 07:19:08 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=62C4EF46A710A84416AEA89E52C01833 -- D:\Windows.old\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7100.0_none_173d8323b1e1097f\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- D:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
[2009.04.22 07:24:26 | 000,710,736 | ---- | M] (Microsoft Corporation) MD5=FE0FFC312609BD9EB75E57F930BB0236 -- D:\Windows.old\Windows\System32\drivers\ndis.sys
[2009.04.22 07:24:26 | 000,710,736 | ---- | M] (Microsoft Corporation) MD5=FE0FFC312609BD9EB75E57F930BB0236 -- D:\Windows.old\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7100.0_none_18ba24287124de61\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- D:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.04.22 07:21:18 | 000,561,152 | ---- | M] (Microsoft Corporation) MD5=A3EA8619FBBC2D270D79C241CE426618 -- D:\Windows.old\Windows\System32\netlogon.dll
[2009.04.22 07:21:18 | 000,561,152 | ---- | M] (Microsoft Corporation) MD5=A3EA8619FBBC2D270D79C241CE426618 -- D:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7100.0_none_6eaaafa48d0fb9a0\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- D:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- D:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- D:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- D:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys
[2009.04.22 07:24:14 | 000,117,328 | ---- | M] (NVIDIA Corporation) MD5=4A5984C5859D951D0B62B7B406AFE357 -- D:\Windows.old\Windows\System32\drivers\nvraid.sys
[2009.04.22 07:24:14 | 000,117,328 | ---- | M] (NVIDIA Corporation) MD5=4A5984C5859D951D0B62B7B406AFE357 -- D:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_4d1b6b7b67c54c8c\nvraid.sys
[2009.04.22 07:24:14 | 000,117,328 | ---- | M] (NVIDIA Corporation) MD5=4A5984C5859D951D0B62B7B406AFE357 -- D:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7100.0_none_aacdbb89141475b0\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- D:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2009.04.22 07:24:17 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=93CF6F974095F7D146AA273F3BF418D7 -- D:\Windows.old\Windows\System32\drivers\nvstor.sys
[2009.04.22 07:24:17 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=93CF6F974095F7D146AA273F3BF418D7 -- D:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_4d1b6b7b67c54c8c\nvstor.sys
[2009.04.22 07:24:17 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=93CF6F974095F7D146AA273F3BF418D7 -- D:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7100.0_none_aacdbb89141475b0\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- D:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- D:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- D:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- D:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2009.04.22 07:21:47 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=686BAFE6AF35AF1C8D5EB536A8500430 -- D:\Windows.old\Windows\System32\scecli.dll
[2009.04.22 07:21:47 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=686BAFE6AF35AF1C8D5EB536A8500430 -- D:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7100.0_none_a900dabd2e31405b\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- D:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
[2009.04.22 07:19:30 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=846B9BCE1C4CFC944D04DFC476C850AA -- D:\Windows.old\Windows\System32\smss.exe
[2009.04.22 07:19:30 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=846B9BCE1C4CFC944D04DFC476C850AA -- D:\Windows.old\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7100.0_none_1d2da05e6e477103\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- D:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- D:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- D:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.04.22 07:19:35 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5F1FE2F551E74B069C436152F06CCFDC -- D:\Windows.old\Windows\System32\svchost.exe
[2009.04.22 07:19:35 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5F1FE2F551E74B069C436152F06CCFDC -- D:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7100.0_none_26ae52025a638f2e\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- D:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2009.04.22 07:23:55 | 001,267,280 | ---- | M] (Microsoft Corporation) MD5=4EB1831B5C67AFF9CFFA5269A3905505 -- D:\Windows.old\Windows\System32\drivers\tcpip.sys
[2009.04.22 07:23:55 | 001,267,280 | ---- | M] (Microsoft Corporation) MD5=4EB1831B5C67AFF9CFFA5269A3905505 -- D:\Windows.old\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7100.0_none_24110ab3bb7c123f\tcpip.sys
[2009.07.14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.04.22 07:19:37 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=50771CA86FF1ADAF5FD1920F8CB5665E -- D:\Windows.old\Windows\System32\userinit.exe
[2009.04.22 07:19:37 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=50771CA86FF1ADAF5FD1920F8CB5665E -- D:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7100.0_none_4d1bb27726c5c954\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- D:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.04.22 07:19:40 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=B9CFF761509E6C95E964B29B279D7721 -- D:\Windows.old\Windows\System32\winlogon.exe
[2009.04.22 07:19:40 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=B9CFF761509E6C95E964B29B279D7721 -- D:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7100.0_none_e0b5f9782a074d3e\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- D:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009.04.22 07:22:22 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=B5CB7AE5F565869DF4F0E90C9AF662E5 -- D:\Windows.old\Windows\System32\ws2_32.dll
[2009.04.22 07:22:22 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=B5CB7AE5F565869DF4F0E90C9AF662E5 -- D:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7100.0_none_63aaa924236bd70d\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- D:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- D:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- D:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
< End of report >

Nevošlo sa dojedneho prispevku

martin195 · #7 Příspěvek od **martin195** » 03 srp 2010 13:44

OTL Extras logfile created on: 3.8.2010 13:50:25 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = D:\Users\Martin\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Slovensko | Language: SKY | Date Format: d. M. yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 30,27 Gb Total Space | 11,68 Gb Free Space | 38,58% Space Free | Partition Type: NTFS
Drive D: | 50,78 Gb Total Space | 11,90 Gb Free Space | 23,43% Space Free | Partition Type: NTFS
Drive E: | 30,73 Gb Total Space | 12,23 Gb Free Space | 39,82% Space Free | Partition Type: NTFS
Drive F: | 693,23 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
Drive H: | 465,64 Gb Total Space | 100,18 Gb Free Space | 21,51% Space Free | Partition Type: FAT32
Drive I: | 7,45 Gb Total Space | 4,25 Gb Free Space | 57,09% Space Free | Partition Type: FAT32
Drive J: | 3,84 Gb Total Space | 0,65 Gb Free Space | 16,89% Space Free | Partition Type: FAT32

Computer Name: DELUX
Current User Name: Martin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- D:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- D:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- D:\Program Files (x86)\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "D:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "D:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "D:\Windows\System32\rundll32.exe" "D:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "D:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with Corel PaintShop Photo Pro X3] -- "H:\Program Files\PaintShop Photo Pro X3\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "D:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "D:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "D:\Windows\System32\rundll32.exe" "D:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with Corel PaintShop Photo Pro X3] -- "H:\Program Files\PaintShop Photo Pro X3\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1793A632-5EB9-493E-B9B3-38DB2E9912C2}" = ESET NOD32 Antivirus
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{9B7AF25E-2978-4EC9-AC7C-1E117CF80C12}" = Bezpečnosť rodiny v službe Windows Live
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{D5FE818E-F1C7-44F8-A3C0-C08761906E27}" = Share64
"Recuva" = Recuva

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01CBFCE7-95AD-40F3-BC63-C46EFB2FC9C4}" = Piráti z Karibiku - Na konci světa
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Zem
"{174D5678-D941-433C-BD23-58A5C7B0D36D}" = Jasc Animation Shop 3
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Odovzdávací nástroj lokality Windows Live
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{26E20136-E332-4BC6-903F-ADDCAEE53263}" = ArCon 9 Profesionál
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 Luxusní bydlení – Kolekce
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{9011041B-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Povolání snů
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A789920E-E183-4311-9DEB-972913AB2FBF}" = Asistent pri prihlasovaní v sieti Windows Live
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 Cestovní horečka
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{D3BCC13A-E4F2-45EE-846F-D143CEDDDBCB}" = DeviceIO
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D7D99A66-493F-468B-BCE1-6F88612B89D5}" = Contents
"{D84B7C7E-2E4D-4002-8CA8-EED4EDB333AC}" = MLE
"{D875FFEE-2FCE-4774-902A-749198C00A68}" = PureHD
"{D94ABC2B-5CA9-48B2-9266-15AB78384D3C}" = Share
"{D9C4FA35-7C6B-4C9E-863B-58C4D7472F41}" = VIO
"{DA4A2F61-1E26-4D51-94BB-36D77678BDAD}" = PSPH10Pro
"{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro
"{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DE29025A-091F-4998-AD2D-24C84421190F}" = Railroad Tycoon 3
"{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EE092FB2-4B8D-4C02-AEDA-D8DE697F7794}" = Windows Live Essentials
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2B5A2A7-2DF9-4361-8BD5-362714528B51}" = NHL® 09
"{FE32B8A0-7844-4A36-9F83-EF92432CD3D2}_is1" = Fire Department 3
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"µTorrent CZ_is1" = µTorrent CZ 1.8.5 (build 17414)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"EA Download Manager" = EA Download Manager
"FileHippo.com" = FileHippo.com Update Checker
"FormatFactory" = FormatFactory 2.30
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"Game Booster_is1" = Game Booster
"HijackThis" = HijackThis 2.0.2
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"Kaan" = Kaan
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"RRT3_CZ" = RRT3_CZ
"SelectRebatesUninstall" = ShopAtHome SelectRebates
"Syncrosoft's License Control" = Syncrosoft's License Control
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 2 Server_is1" = TeamSpeak 2 Server RC2
"Totalcmd" = Total Commander (Remove or Repair)
"Uloz.to Uploader" = Uloz.to Uploader 1.1.1.122
"Usbfix" = Usbfix By C_XX & El Desaparecido
"VLC media player" = VLC media player 1.0.5
"Warzone 2100" = Warzone 2100
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archivátor

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-39410807-938470477-3063820386-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
"Google Translator" = Google Translator
"InstallShield_{26E20136-E332-4BC6-903F-ADDCAEE53263}" = ArCon 9 Profesionál
"Speed Typing" = Speed Typing

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20.7.2010 4:22:41 | Computer Name = Delux | Source = System Restore | ID = 8193
Description =

Error - 20.7.2010 4:23:57 | Computer Name = Delux | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Zlyhala extrakcia zoznamu koreňových certifikátov nezávislých vydavateľov
z kabinetu automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
s chybou: Pri overovaní s aktuálnymi systémovými hodinami alebo časovou pečiatkou
podpísaného súboru sa zistilo, že požadovaný certifikát je mimo dobu platnosti.
.

Error - 20.7.2010 5:47:54 | Computer Name = Delux | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Zlyhala extrakcia zoznamu koreňových certifikátov nezávislých vydavateľov
z kabinetu automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
s chybou: Pri overovaní s aktuálnymi systémovými hodinami alebo časovou pečiatkou
podpísaného súboru sa zistilo, že požadovaný certifikát je mimo dobu platnosti.
.

Error - 21.7.2010 14:28:08 | Computer Name = Delux | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "H:\Program Files\PaintShop
Photo Pro X3\Corel PaintShop Photo Pro\X3\PSPClassic\Python Libraries\Lib\distutils\command\wininst-8_d.exe".
Dependent
Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 22.7.2010 6:34:50 | Computer Name = Delux | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "H:\Program Files\PaintShop
Photo Pro X3\Corel PaintShop Photo Pro\X3\PSPClassic\Python Libraries\Lib\distutils\command\wininst-8_d.exe".
Dependent
Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 22.7.2010 15:39:45 | Computer Name = Delux | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: svchost.exe_SysMain, verzia: 6.1.7600.16385,
časová značka: 0x4a5bc3c1 Názov chybového modulu: sysmain.dll, verzia: 6.1.7600.16385,
časová značka: 0x4a5be07e Kód výnimky: 0xc0000005 Odstup chyby: 0x0000000000004c63
Identifikácia
chybného procesu: 0x398 Čas spustenia chybnej aplikácie: 0x01cb27dd52f817bc Cesta
chybnej aplikácie: D:\Windows\System32\svchost.exe Cesta chybného modulu: d:\windows\system32\sysmain.dll
Identifikácia
hlásenia: e13f981f-95c8-11df-a499-0017318752a2

Error - 29.7.2010 15:04:47 | Computer Name = Delux | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "H:\Program Files\PaintShop
Photo Pro X3\Corel PaintShop Photo Pro\X3\PSPClassic\Python Libraries\Lib\distutils\command\wininst-8_d.exe".
Dependent
Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 30.7.2010 8:53:24 | Computer Name = Delux | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "H:\Program Files\PaintShop
Photo Pro X3\Corel PaintShop Photo Pro\X3\PSPClassic\Python Libraries\Lib\distutils\command\wininst-8_d.exe".
Dependent
Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 30.7.2010 12:22:00 | Computer Name = Delux | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: HTV.exe, verzia: 0.0.0.0, časová značka:
0x47ea92fe Názov chybového modulu: KERNELBASE.dll, verzia: 6.1.7600.16385, časová
značka: 0x4a5bdbdf Kód výnimky: 0xc000001d Odstup chyby: 0x0000b727 Identifikácia
chybného procesu: 0x6bc Čas spustenia chybnej aplikácie: 0x01cb30029a0889c6 Cesta
chybnej aplikácie: E:\Program Files\HTV klg\HTV.exe Cesta chybného modulu: D:\Windows\syswow64\KERNELBASE.dll
Identifikácia
hlásenia: 942adf41-9bf6-11df-911e-0017318752a2

Error - 30.7.2010 12:22:00 | Computer Name = Delux | Source = Application Error | ID = 1005
Description = Systém Windows nemôže získať prístup k súboru E:\Program Files\HTV
klg\HTV.exe kvôli jednej z nasledujúcich príčin: existuje problém so sieťovým pripojením,
diskom, na ktorom je súbor uložený, alebo ovládačmi pamäťových zariadení inštalovanými
v tomto počítači; alebo chýba disk. Systém Windows kvôli tejto chybe zavrel program
HTV.exe. Program: HTV.exe Súbor: E:\Program Files\HTV klg\HTV.exe Hodnota chyby sa
uvádza v sekcii Ďalšie údaje. Akcia používateľa 1. Otvorte znova súbor. Táto situácia
môže byť dočasným problémom, ktorý sa vyrieši sám pri ďalšom spustení programu.
2.
Ak
sa k súboru naďalej nedá získať prístup a - je v sieti, váš správca siete by mal
overiť, či sa nevyskytol problém so sieťou a či sa server dá kontaktovať. - je na
vymeniteľnom disku, napríklad na diskete alebo disku CD-ROM, overte či je disk
úplne vložený v počítači. 3. Skontrolujte a opravte systém súborov spustením programu
CHKDSK. Ak chcete spustiť program CHKDSK, kliknite na tlačidlo Štart, kliknite
na položku Spustiť, zadajte CMD a potom kliknite na tlačidlo OK. V príkazovom riadku
zadajte príkaz CHKDSK /F a potom stlačte kláves ENTER. 4. Ak problém pretrváva,
obnovte súbor zo záložnej kópie. 5. Zistite, či sa dajú otvoriť iné súbory na tom
istom disku. Ak nie, disk môže byť poškodený. Ak ide o pevný disk, požiadajte o
pomoc svojho správcu systému alebo dodávateľa počítačového hardvéru. Ďalšie údaje
Chybová
hodnota: 00672AB8 Typ disku: 3

[ System Events ]
Error - 25.6.2010 14:26:39 | Computer Name = Delux | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR17.

Error - 25.6.2010 14:26:39 | Computer Name = Delux | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR17.

Error - 25.6.2010 14:26:39 | Computer Name = Delux | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR17.

Error - 25.6.2010 14:26:39 | Computer Name = Delux | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR17.

Error - 25.6.2010 14:26:39 | Computer Name = Delux | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR17.

Error - 25.6.2010 14:26:39 | Computer Name = Delux | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR17.

Error - 25.6.2010 14:26:39 | Computer Name = Delux | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR17.

Error - 25.6.2010 14:26:39 | Computer Name = Delux | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR17.

Error - 25.6.2010 14:26:39 | Computer Name = Delux | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR17.

Error - 25.6.2010 14:26:39 | Computer Name = Delux | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR17.

< End of report >

#8 Příspěvek od **vyosek** » 03 srp 2010 13:51

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
SRV - [2010.07.30 16:18:09 | 000,028,762 | ---- | M] () [Auto | Stopped] -- D:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
IE - HKU\S-1-5-21-39410807-938470477-3063820386-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 13 5F 6A 55 B9 CA 01 [binary data]
FF - prefs.js..browser.search.selectedEngine: "IObit"
FF - prefs.js..keyword.URL: "http://results.myway.com/GGmain.jhtml?id=YI&ptb=C4E95784-0CB5-4B94-B5B4-FFE0E521A9BA&psa=&ind=2010072011&ptnrS=YI&si=&st=kwd&n=&searchfor="
[2010.04.01 18:45:04 | 000,002,059 | ---- | M] () -- D:\Users\Martin\AppData\Roaming\Mozilla\FireFox\Profiles\qzyu1y9h.default\searchplugins\daemon-search.xml
[2010.07.23 13:00:26 | 000,009,927 | ---- | M] () -- D:\Users\Martin\AppData\Roaming\Mozilla\FireFox\Profiles\qzyu1y9h.default\searchplugins\IObitBar.xml
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-39410807-938470477-3063820386-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\RunOnce: [] File not found
O4 - HKLM..\RunOnce: [MyWebSearch bar Uninstall] D:\Program Files (x86)\Uninstall Fun Web Products.dll (MyWebSearch.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] D:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] D:\Windows\SysWow64\mctadmin.exe File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
[2010.08.03 13:32:01 | 000,775,696 | ---- | C] (MyWebSearch.com) -- D:\Program Files (x86)\Uninstall Fun Web Products.dll
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

Provedte aktualizaci - treti zalozka
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

martin195 · #9 Příspěvek od **martin195** » 03 srp 2010 15:08

All processes killed
========== OTL ==========
Error: No service named MyWebSearchService was found to stop!
Service\Driver key MyWebSearchService not found.
File D:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE not found.
Service pccsmcfd stopped successfully!
Service pccsmcfd deleted successfully!
File D:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys not found.
HKU\S-1-5-21-39410807-938470477-3063820386-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Prefs.js: "IObit" removed from browser.search.selectedEngine
Prefs.js: "http://results.myway.com/GGmain.jhtml?i ... searchfor=" removed from keyword.URL
D:\Users\Martin\AppData\Roaming\Mozilla\FireFox\Profiles\qzyu1y9h.default\searchplugins\daemon-search.xml moved successfully.
D:\Users\Martin\AppData\Roaming\Mozilla\FireFox\Profiles\qzyu1y9h.default\searchplugins\IObitBar.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-21-39410807-938470477-3063820386-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\MyWebSearch bar Uninstall deleted successfully.
D:\Program Files (x86)\Uninstall Fun Web Products.dll moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\0x00000001\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\oledb\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\0x00000001\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\oledb\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap11\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32505114-5902-49B2-880A-1F7738E5A384}\ not found.
File {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807553E5-5146-11D5-A672-00B0D022E945}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
File D:\Program Files (x86)\Uninstall Fun Web Products.dll not found.
c:\windows\NV272216.TMP\nvtcp.sys deleted successfully.
c:\windows\NV272216.TMP folder deleted successfully.
c:\windows\SET3.tmp deleted successfully.
c:\windows\SET4.tmp deleted successfully.
c:\windows\SET8.tmp deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
========== FILES ==========
C:\WINDOWS\system32\_000006_.tmp.dll moved successfully.
C:\WINDOWS\system32\SET12.tmp moved successfully.
C:\WINDOWS\system32\SET1A.tmp moved successfully.
C:\WINDOWS\system32\SET1C.tmp moved successfully.
C:\WINDOWS\system32\SET52.tmp moved successfully.
C:\WINDOWS\system32\SET72.tmp moved successfully.
C:\WINDOWS\system32\SET75.tmp moved successfully.
C:\WINDOWS\system32\SET84.tmp moved successfully.
C:\WINDOWS\system32\SET9.tmp moved successfully.
C:\WINDOWS\system32\SETA.tmp moved successfully.
C:\WINDOWS\system32\SETC.tmp moved successfully.
C:\WINDOWS\system32\SETD.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\Temp\NOD757E.tmp moved successfully.
C:\WINDOWS\twain_32\hpqgends.tmp moved successfully.
========== COMMANDS ==========
D:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Daniel
->Temp folder emptied: 2108237 bytes
->Temporary Internet Files folder emptied: 16620318 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 32854626 bytes
->Opera cache emptied: 321681 bytes
->Flash cache emptied: 8807 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 109851 bytes
->Temporary Internet Files folder emptied: 15488708 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 63833643 bytes
->Flash cache emptied: 1169 bytes

User: Martin
->Temp folder emptied: 60224338 bytes
->Temporary Internet Files folder emptied: 5870397 bytes
->Java cache emptied: 570184 bytes
->FireFox cache emptied: 36948024 bytes
->Opera cache emptied: 19233147 bytes
->Flash cache emptied: 71396 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 38694709 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67978 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 736 bytes
RecycleBin emptied: 1850714 bytes

Total Files Cleaned = 281,00 mb

[EMPTYFLASH]

User: All Users

User: Daniel
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Martin
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.9.1 log created on 08032010_160007

Files\Folders moved on Reboot...
File move failed. D:\Users\Daniel\AppData\Local\Temp\IDC1.tmp\[1]swflash[1].cab scheduled to be moved on reboot.
D:\Users\Martin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

to vysypanie kosa byt nemuselo

martin195 · #10 Příspěvek od **martin195** » 03 srp 2010 15:18

ten log z MBAM pridam zajtra, dam skenovat cez noc...

#11 Příspěvek od **vyosek** » 03 srp 2010 15:32

Ok, co mam zkusenosti tak trva cca 2 hodky, ale zalezi na velikosti i disku...

#12 Příspěvek od **vyosek** » 03 srp 2010 15:34

Za kos se omlouvam, ale ukladat veci ktere potrebujete do kose mi neprijde zrovna logicke...zkuste se podivat do slozky C:\_OTM jestli to tam neni...

martin195 · #13 Příspěvek od **martin195** » 10 srp 2010 11:59

tu je ten log z MBAM, ardamax keylogger mam schvalne

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verzia databázy: 4385

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10. 8. 2010 02:02:55
mbam-log-2010-08-10 (02-02-55).txt

Typ kontroly: Úplná kontrola (C:\|D:\|E:\|H:\|)
Objektov kontrolovaných: 651694
Uplynulý čas: 2 hod, 23 min, 43 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 22
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 16

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
C:\System Volume Information\_restore{B9F089AF-45F4-483A-87C3-E41B7EF7E9E5}\RP74\A0053440.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{B9F089AF-45F4-483A-87C3-E41B7EF7E9E5}\RP74\A0053487.exe (Trojan.Agent) -> No action taken.
D:\$Recycle.Bin\S-1-5-21-39410807-938470477-3063820386-1000\$R5JIQ93\setup_akl.exe (PUP.ArdamaxKeyLogger) -> No action taken.
D:\$Recycle.Bin\S-1-5-21-39410807-938470477-3063820386-1000\$RV1ICTU\Ardamax Keylogger 3.0\ony-ak30r-rep\ony-ak30r-rep\setup_akl.exe (PUP.ArdamaxKeyLogger) -> No action taken.
D:\Users\Martin\Desktop\tor\Hide IP Platinum 3.5 And Keygen (New Version)\keygen.exe (Trojan.Agent.CK) -> No action taken.
D:\Windows.old\Program Files\COMODO\COMODO Internet Security\Quarantine\Keygen.exe (Trojan.Downloader) -> No action taken.
D:\Windows.old\Program Files\COMODO\COMODO Internet Security\Quarantine\opr01Y0J (Trojan.Downloader) -> No action taken.
D:\Windows.old\Program Files\COMODO\COMODO Internet Security\Quarantine\opr01Y0R (Trojan.Downloader) -> No action taken.
D:\Windows.old\Program Files\COMODO\COMODO Internet Security\Quarantine\opr01Y5G (Trojan.Downloader) -> No action taken.
D:\_OTL\MovedFiles\08032010_160007\D_Program Files (x86)\Uninstall Fun Web Products.dll (Adware.MyWebSearch) -> No action taken.
E:\Program Files\POLKLG\AKV.exe (PUP.ArdamaxKeyLogger) -> No action taken.
E:\Program Files\POLKLG\POL.006 (PUP.ArdamaxKeyLogger) -> No action taken.
E:\Program Files\POLKLG\POL.007 (PUP.ArdamaxKeyLogger) -> No action taken.
H:\Windows.old\Používatelia\user\AppData\Local\Temp\ckz_TMCJ\Loader.exe (Trojan.Dropper) -> No action taken.
H:\W7 BACKUP\Users\user\AppData\Local\Temp\ckz_TMCJ\Loader.exe (Trojan.Dropper) -> No action taken.
H:\Záloha PC\My Documents\Iné\PassGenerator\fff-ea173.exe (Trojan.Orsam) -> No action taken.

Ten kôš nieje ziadna katastrofa len ja vsetko hadzem do kosa a potom ho raz otvorim a pomaly vyhadzujem, zvycajne ide aj tak skoro vsetko prec ale nemam rad ked nieco zmazem a neviem co... no ale stalo sa

#14 Příspěvek od **vyosek** » 10 srp 2010 15:32

Krome tedy tech polozek keyloggeru
E:\Program Files\POLKLG\AKV.exe (PUP.ArdamaxKeyLogger) -> No action taken.
E:\Program Files\POLKLG\POL.006 (PUP.ArdamaxKeyLogger) -> No action taken.
E:\Program Files\POLKLG\POL.007 (PUP.ArdamaxKeyLogger) -> No action taken.
vse smazte

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
Spustte a kliknete na Deletion
Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

Havet sebusadila v bodech obnoveni - smazte je dle navodu kolegy riffa http://www.viry.cz/forum/viewtopic.php?f=11&t=47040

martin195 · #15 Příspěvek od **martin195** » 10 srp 2010 15:54

Ako mám zmazať tie viry z MBAM? musim urobit novu kontrolu? a pri vypinani obnovy systemu som sa zarazil - ziadne body neexistuju... nejedna sa nahodou o subory druheho systemu (C:) ?

VIRY.CZ

preventívka

preventívka

Re: preventívka

Re: preventívka

Re: preventívka

Re: preventívka

Re: preventívka

Re: preventívka

Re: preventívka

Re: preventívka

Re: preventívka

Re: preventívka

Re: preventívka

Re: preventívka

Re: preventívka

Re: preventívka