Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

posím o preventivku mal som security tol

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: posím o preventivku mal som security tol

#16 Příspěvek od vyosek »

Kde presne je ta havet hlasena - soubor a cesta k nemu...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
ruso
Návštěvník
Návštěvník
Příspěvky: 32
Registrován: 03 lis 2010 07:11

Re: posím o preventivku mal som security tol

#17 Příspěvek od ruso »

Hlavný panel
do vyhladávača som zadal hladanie
res
píšem pre istotu všetko čo ukazuje

Pod - Programy
riadky
1.license reservation LicenseRes C:/program files/Sescoi/WorkXPlore
2.one-buton restore sbe1stpr C://program files/Roxio/backup MYPC 7
3.reset to recommended settings Codec Tweak Tools C://program files/K-lite Codec Pack/Tools
4.reset vlc media player preferens and cache files VLC C://program files/Video Lan/VLC

pod -Oblúbené položky história
1.sitte explorer-search results HTTP:// siteexplorer. search.Yahoo.com/search?...

Pod-





pod - komunikácia
4 súbory s jednou adresou
1. RE:GOOD NEWS C:/users/peto/appdata/local/microsoft/windows mail/local/folders/inbox
2.NEWSLETER MARKETINGOVÝCH NOVÍN C:/users/peto/appdata/local/microsoft/windows mail/local/folders/inbox
3.***VIRUS***UPDATED ACCOUNT AGREEMENT C:/users/peto/appdata/local/microsoft/windows mail/local/folders/inbox
4. detto ako 3 C:/users/peto/appdata/local/microsoft/windows mail/local/folders/inbox
Naposledy upravil(a) ruso dne 05 lis 2010 11:16, celkem upraveno 3 x.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: posím o preventivku mal som security tol

#18 Příspěvek od vyosek »

:arrow: Zabalte mi prosim ty soubory a upnete na LP http://leteckaposta.cz/ ale dle meho je to havet, uz jen podle nazvu, pokud je navic i Vy sam neznate...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
ruso
Návštěvník
Návštěvník
Příspěvky: 32
Registrován: 03 lis 2010 07:11

Re: posím o preventivku mal som security tol

#19 Příspěvek od ruso »

Nepoznám odoslal som čo som stihol - začal sa čudne správať
skopírujem a dokončím to

Hlavný panel
do vyhladávača som zadal hladanie
res
píšem pre istotu všetko čo ukazuje

Pod - Programy
riadky
1.license reservation LicenseRes C:/program files/Sescoi/WorkXPlore
2.one-buton restore sbe1stpr C://program files/Roxio/backup MYPC 7
3.reset to recommended settings Codec Tweak Tools C://program files/K-lite Codec Pack/Tools
4.reset vlc media player preferens and cache files VLC C://program files/Video Lan/VLC

pod -Oblúbené položky história
1.sitte explorer-search results HTTP:// siteexplorer. search.Yahoo.com/search?...

Pod- Súbormi
1. RESOURCE VERSION C:/Program Filles/Sescoi/WorkXPlore/LicenseRsv.exe"
2.Detto
3.Detto
4.Abdobe Acrobat Document INFORMATOR-04-2008 cesta detto
5.word doc
6.3mbam-setup-1.46
7.word doc
8.word doc
9. WIN rar zip APP RESOURCES C:/Program Filles/Sescoi/WorkXPlore/LicenseRsv.exe"

pod - komunikácia
4 súbory s jednou adresou
1. RE:GOOD NEWS C:/users/peto/appdata/local/microsoft/windows mail/local/folders/inbox
2.NEWSLETER MARKETINGOVÝCH NOVÍN C:/users/peto/appdata/local/microsoft/windows mail/local/folders/inbox
3.***VIRUS***UPDATED ACCOUNT AGREEMENT C:/users/peto/appdata/local/microsoft/windows mail/local/folders/inbox
4. detto ako 3 C:/users/peto/appdata/local/microsoft/windows mail/local/folders/inbox

IDEM NA TO
Naposledy upravil(a) ruso dne 05 lis 2010 11:42, celkem upraveno 2 x.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: posím o preventivku mal som security tol

#20 Příspěvek od vyosek »

:arrow: Pokud ty soubory ve slozce C:/users/peto/appdata/local/microsoft/windows mail/local/folders/inbox neznate, tak je smazte, jsou to nejake maily - asi spamy

:arrow: Stahnete OTL (viz muj podpis) a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
  • Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
  • Zaskrtnete okenko Pro vsechny uzivatele
  • Zaskrtnete okenko Kontrola na havet "LOP"
  • Zaskrtnete okenko Kontrola na havet "Purity"
  • Stari souboru zmente z 30 dnu na 7 dnu
  • Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

  • Kód: Vybrat vše

    netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
autochk.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT
  • Kliknete na tlacitko Prohledat
  • Po dokonceni skenu (cca 5 az 10 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
ruso
Návštěvník
Návštěvník
Příspěvky: 32
Registrován: 03 lis 2010 07:11

Re: posím o preventivku mal som security tol

#21 Příspěvek od ruso »

ked kopírujem ten váš súbor ukáži mi okienko

netsvcsdrivers 32HKEY.Current-user/software/microsoft/windows/current versi...

je to normálne , idem to teda skúsiť

po stiahnutí softu nie radšej odpojiť link
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: posím o preventivku mal som security tol

#22 Příspěvek od vyosek »

:arrow: Pokud se bude otl se skriptem sekat, tak jej spustte bez skriptu..

:arrow: Link na ty soubory mi poslete pres soukromou zpravu...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
ruso
Návštěvník
Návštěvník
Příspěvky: 32
Registrován: 03 lis 2010 07:11

Re: posím o preventivku mal som security tol

#23 Příspěvek od ruso »

okienka
mal som nechať Use safe list
či all
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: posím o preventivku mal som security tol

#24 Příspěvek od vyosek »

Nechte vse nastavene jak je, pouze zaskrtnete Purity a LOP, dolu vlozte skript a dejte Search
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: posím o preventivku mal som security tol

#25 Příspěvek od vyosek »

Ja sem logy pro prehlednost a dalsi studium kolegu vlozim

OTL logfile created on: 5. 11. 2010 12:00:20 - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Peťo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 0000041B | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,71 Gb Total Space | 151,48 Gb Free Space | 67,11% Space Free | Partition Type: NTFS
Drive D: | 7,18 Gb Total Space | 1,63 Gb Free Space | 22,78% Space Free | Partition Type: NTFS
Drive F: | 111,79 Gb Total Space | 62,12 Gb Free Space | 55,57% Space Free | Partition Type: NTFS

Computer Name: PETO | User Name: Peťo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2010/11/05 11:55:59 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Peťo\Desktop\OTL.exe
PRC - [2010/11/02 21:26:10 | 000,126,976 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2010/11/02 21:24:27 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/10/22 10:26:19 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/10/22 10:06:44 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Peťo\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/09/08 05:25:50 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
PRC - [2010/09/07 16:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/01/12 19:22:48 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/12/22 18:50:54 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/11 04:17:36 | 000,055,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\jureg.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/24 10:40:00 | 003,073,424 | ---- | M] (Alibaba) -- C:\Program Files\Alibaba\TradeManager\TradeManager.exe
PRC - [2008/01/29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008/01/19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 08:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2007/09/26 16:23:48 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/07/06 12:06:52 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/06/14 19:31:36 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/06/14 19:31:32 | 000,178,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/04/18 16:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 12:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2007/02/09 11:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Floater.exe
PRC - [2007/02/09 11:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
PRC - [2007/01/11 12:26:56 | 000,063,112 | ---- | M] (CANON INC.) -- C:\Windows\System32\CNAB4RPK.EXE


========== Modules (SafeList) ==========

MOD - [2010/11/05 11:55:59 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Peťo\Desktop\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\ComboFix\PEV.cfx -- (PEVSystemStart)
SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Portrait Displays\HP My Display\dtsrvc.exe -- (DTSRVC)
SRV - [2010/11/02 21:24:27 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/09/22 23:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/01/29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/26 16:23:48 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/26 16:23:48 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Plánovač automatické aktualizace LiveUpdate)
SRV - [2007/06/14 19:31:36 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\PEO~1\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\PEO~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/09/22 23:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/09/07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 15:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 15:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/04/11 05:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009/03/16 12:09:46 | 000,022,528 | ---- | M] (Feitian Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rockey4.sys -- (ROCKEYNT)
DRV - [2009/03/16 12:09:46 | 000,013,824 | ---- | M] (Feitian Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rockey4USB.sys -- (Rockey_USB)
DRV - [2008/01/19 07:14:09 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\scsiscan.sys -- (scsiscan)
DRV - [2007/10/01 09:21:08 | 001,129,344 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2007/08/28 01:59:00 | 007,574,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/07/31 17:45:50 | 000,076,800 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007/07/11 11:21:00 | 001,793,880 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/06/14 21:30:28 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/03/26 10:54:28 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hpsunidr.sys -- (hpsunidr)
DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1807514103-992746668-557511064-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.centrum.sk/http://www.elzarus.sk/ [binary data]
IE - HKU\S-1-5-21-1807514103-992746668-557511064-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
IE - HKU\S-1-5-21-1807514103-992746668-557511064-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1807514103-992746668-557511064-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1807514103-992746668-557511064-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.sk/"
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=n ... t&hl=sk&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/07 14:21:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/11/02 21:35:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/02 21:27:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/02 21:27:56 | 000,000,000 | ---D | M]

[2010/11/03 18:34:20 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\mozilla\Extensions
[2010/11/04 23:02:27 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\mozilla\Firefox\Profiles\p241d0hu.default\extensions
[2010/11/03 22:59:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Peťo\AppData\Roaming\mozilla\Firefox\Profiles\p241d0hu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/02 21:27:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/22 05:19:35 | 000,001,583 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\atlas-sk.xml
[2009/12/22 05:19:35 | 000,001,380 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\azet-sk.xml
[2009/12/22 05:19:35 | 000,001,479 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2009/12/22 05:19:35 | 000,001,473 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2009/12/22 05:19:35 | 000,001,104 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2009/12/22 05:19:35 | 000,000,830 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\zoznam-sk.xml

O1 HOSTS File: ([2010/11/04 22:53:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1807514103-992746668-557511064-1000\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKU\S-1-5-21-1807514103-992746668-557511064-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [RegistryMechanic] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TradeManager] C:\Program Files\Alibaba\TradeManager\TradeManager.exe (Alibaba)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1807514103-992746668-557511064-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O8 - Extra context menu item: WikiKomentáře Google... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Nastavenia rozšírenia &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Eurotran XP - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Eurotran XP\etnxp.dll ()
O9 - Extra 'Tools' menuitem : Eurotran XP... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Eurotran XP\etnxp.dll ()
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1807514103-992746668-557511064-1000\..Trusted Domains: drsr.sk ([www] https in Dôveryhodné lokality)
O15 - HKU\S-1-5-21-1807514103-992746668-557511064-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1807514103-992746668-557511064-1000\..Trusted Domains: t-com.sk ([moj] https in Dôveryhodné lokality)
O15 - HKU\S-1-5-21-1807514103-992746668-557511064-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {813A45F9-744F-435F-A815-19E2DF35A9D8} http://www.o2c.de/download/o2cplayerac.cab (O2C-Player - area constructor view (ELECO Software GmbH))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} http://www.o2c.de/download/o2cplayer.cab (O2C-Player (ELECO Software GmbH))
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe (Virtools WebPlayer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Peťo\Pictures\venkovni1.jpg
O24 - Desktop BackupWallPaper: C:\Users\Peťo\Pictures\venkovni1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/07 13:30:41 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 7 Days ==========

[2010/11/05 11:55:57 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Peťo\Desktop\OTL.exe
[2010/11/05 03:03:52 | 000,000,000 | ---D | C] -- C:\Users\Peťo\AppData\Roaming\Windows Live Writer
[2010/11/05 03:03:52 | 000,000,000 | ---D | C] -- C:\Users\Peťo\AppData\Local\Windows Live Writer
[2010/11/05 02:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/11/05 00:57:06 | 000,000,000 | ---D | C] -- C:\Combofixspakovaný5.11
[2010/11/04 22:56:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/11/04 22:53:48 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/11/04 22:42:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/11/04 22:42:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/11/04 22:42:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/11/04 22:42:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/04 22:42:42 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/11/04 22:40:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/04 22:39:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/11/04 22:39:52 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/11/04 21:49:10 | 000,000,000 | ---D | C] -- C:\Users\Peťo\Documents\NAVODY
[2010/11/04 21:44:59 | 000,000,000 | ---D | C] -- C:\Users\Peťo\Documents\OBJEDNAVKY
[2010/11/04 21:43:17 | 000,000,000 | ---D | C] -- C:\Users\Peťo\Documents\DOMACNOSŤ
[2010/11/04 21:42:34 | 000,000,000 | ---D | C] -- C:\Users\Peťo\Documents\REVIZIE
[2010/11/04 21:41:01 | 000,000,000 | ---D | C] -- C:\Users\Peťo\Documents\Cenik- predaj
[2010/11/04 21:40:14 | 000,000,000 | ---D | C] -- C:\Users\Peťo\Documents\Cenik-dodavateľ
[2010/11/04 21:39:44 | 000,000,000 | ---D | C] -- C:\Users\Peťo\Documents\ELEKTRO
[2010/11/04 21:38:31 | 000,000,000 | ---D | C] -- C:\Users\Peťo\Documents\Cenové ponuky - odoslané
[2010/11/04 21:32:11 | 000,000,000 | ---D | C] -- C:\Users\Peťo\Documents\A-Sport
[2010/11/04 21:11:46 | 000,000,000 | ---D | C] -- C:\Users\Peťo\SUBORY z PLOCHY
[2010/11/04 19:40:18 | 000,000,000 | R--D | C] -- C:\Users\Peťo\Desktop\Links
[2010/11/04 19:13:41 | 000,000,000 | ---D | C] -- C:\Users\Peťo\Links
[2010/11/04 13:10:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/04 12:18:48 | 000,000,000 | ---D | C] -- C:\Users\Peťo\AppData\Local\GHISLER
[2010/11/04 12:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\totalcmd
[2010/11/04 12:05:23 | 000,000,000 | ---D | C] -- C:\Users\Peťo\AppData\Roaming\GHISLER
[2010/11/03 18:34:01 | 000,000,000 | ---D | C] -- C:\Users\Peťo\AppData\Local\Mozilla
[2010/11/03 18:34:00 | 000,000,000 | ---D | C] -- C:\Users\Peťo\AppData\Roaming\Mozilla
[2010/11/03 13:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\Hijack This.HJT
[2010/11/03 10:41:50 | 000,000,000 | ---D | C] -- C:\Users\Peťo\AppData\Roaming\Malwarebytes
[2010/11/03 10:41:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/03 10:41:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/03 10:41:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/03 10:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/03 10:41:06 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Peťo\Desktop\3mbam-setup-1.46.exe
[2010/11/03 10:09:37 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/11/02 21:41:59 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/11/02 21:41:59 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/11/02 21:41:53 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/11/02 21:41:53 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/11/02 21:41:42 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/11/02 21:41:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/11/02 21:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/11/02 21:40:59 | 000,000,000 | ---D | C] -- C:\Users\Peťo\AppData\Roaming\PC Tools
[2010/11/02 21:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/11/02 21:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/11/02 21:25:23 | 000,000,000 | ---D | C] -- C:\Users\Peťo\Documents\Moje gadgety Google
[2010/10/31 06:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/10/31 06:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/10/31 06:20:37 | 000,000,000 | RH-D | C] -- C:\AHCache
[2010/10/29 17:32:58 | 000,000,000 | ---D | C] -- C:\Users\Peťo\AppData\Local\FLVService
[2010/10/29 17:32:49 | 000,000,000 | ---D | C] -- C:\Windows\Freecorder
[2010/10/29 17:31:29 | 000,000,000 | ---D | C] -- C:\Windows\Applian FLV Player

========== Files - Modified Within 7 Days ==========

[2010/11/05 12:02:23 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/05 12:02:23 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/05 12:00:30 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{59BDEC23-5F85-4E56-890A-5843EB7F0193}.job
[2010/11/05 11:55:59 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Peťo\Desktop\OTL.exe
[2010/11/05 11:31:00 | 000,001,000 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/05 11:31:00 | 000,000,996 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/05 11:11:00 | 000,001,018 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1807514103-992746668-557511064-1000UA.job
[2010/11/05 11:11:00 | 000,000,966 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1807514103-992746668-557511064-1000Core.job
[2010/11/05 10:08:42 | 000,650,790 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/05 10:08:42 | 000,125,162 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/05 10:08:42 | 000,092,194 | ---- | M] () -- C:\Windows\System32\perfh01B.dat
[2010/11/05 10:08:42 | 000,031,868 | ---- | M] () -- C:\Windows\System32\perfc01B.dat
[2010/11/05 10:02:30 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/11/05 10:02:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/05 10:02:11 | 3219,611,648 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/05 00:04:07 | 000,084,590 | ---- | M] () -- C:\Users\Peťo\Desktop\Qoobox.rar
[2010/11/04 22:55:21 | 396,710,176 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/04 22:53:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/11/04 22:09:02 | 003,902,849 | R--- | M] () -- C:\Users\Peťo\Desktop\ComboFix.exe
[2010/11/04 20:30:18 | 000,151,552 | ---- | M] () -- C:\Users\Peťo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/04 17:02:29 | 000,031,007 | ---- | M] () -- C:\Users\Peťo\AppData\Roaming\UserTile.png
[2010/11/04 16:21:03 | 000,000,804 | ---- | M] () -- C:\Users\Peťo\Desktop\Total Commander.lnk
[2010/11/04 16:17:34 | 000,002,587 | ---- | M] () -- C:\Users\Peťo\Desktop\Microsoft Office Excel 2007.lnk
[2010/11/04 14:35:47 | 000,002,872 | ---- | M] () -- C:\Windows\ST5UNST.002
[2010/11/04 10:35:23 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/11/04 10:32:00 | 000,009,264 | ---- | M] () -- C:\Windows\System32\msqtvcap.dat
[2010/11/03 18:36:29 | 000,088,064 | ---- | M] () -- C:\Windows\MBR.exe
[2010/11/03 14:38:52 | 000,000,806 | ---- | M] () -- C:\Users\Peťo\Desktop\CCleaner.lnk
[2010/11/03 10:27:30 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Peťo\Desktop\3mbam-setup-1.46.exe
[2010/11/02 21:28:01 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/02 21:08:59 | 000,052,779 | ---- | M] () -- C:\Users\Peťo\Desktop\billing_352878115_4cd06ebc5d901[1].pdf
[2010/10/31 06:55:18 | 000,199,904 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010/10/31 06:55:08 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010/10/31 06:55:08 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010/10/29 17:15:47 | 042,636,446 | ---- | M] () -- C:\Users\Peťo\Desktop\ESBE_LTC_a_VTC_ventily.zip

========== Files Created - No Company Name ==========

[2010/11/05 00:04:06 | 000,084,590 | ---- | C] () -- C:\Users\Peťo\Desktop\Qoobox.rar
[2010/11/04 22:55:21 | 396,710,176 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/11/04 22:42:48 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/11/04 22:42:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/11/04 22:42:48 | 000,088,064 | ---- | C] () -- C:\Windows\MBR.exe
[2010/11/04 22:42:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/11/04 22:42:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/11/04 22:05:10 | 003,902,849 | R--- | C] () -- C:\Users\Peťo\Desktop\ComboFix.exe
[2010/11/04 14:35:32 | 000,002,872 | ---- | C] () -- C:\Windows\ST5UNST.002
[2010/11/04 12:05:28 | 000,000,804 | ---- | C] () -- C:\Users\Peťo\Desktop\Total Commander.lnk
[2010/11/04 12:05:24 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF
[2010/11/04 12:05:24 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF
[2010/11/04 12:05:24 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF
[2010/11/04 12:05:24 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF
[2010/11/04 12:05:24 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF
[2010/11/04 12:05:24 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF
[2010/11/04 12:05:24 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF
[2010/11/03 14:38:52 | 000,000,806 | ---- | C] () -- C:\Users\Peťo\Desktop\CCleaner.lnk
[2010/11/02 21:41:59 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/11/02 21:41:53 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/11/02 21:41:53 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/11/02 21:41:42 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/11/02 21:28:01 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/02 21:08:59 | 000,052,779 | ---- | C] () -- C:\Users\Peťo\Desktop\billing_352878115_4cd06ebc5d901[1].pdf
[2010/10/29 17:15:47 | 042,636,446 | ---- | C] () -- C:\Users\Peťo\Desktop\ESBE_LTC_a_VTC_ventily.zip
[2010/06/02 05:35:58 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/01/12 19:26:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/18 09:02:42 | 000,000,680 | ---- | C] () -- C:\Users\Peťo\AppData\Local\d3d9caps.dat
[2009/08/08 01:56:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/05/02 15:16:08 | 000,002,304 | ---- | C] () -- C:\Windows\System32\Machnm32.sys
[2008/04/19 11:11:55 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/04/14 16:50:40 | 000,031,007 | ---- | C] () -- C:\Users\Peťo\AppData\Roaming\UserTile.png
[2008/04/14 14:08:42 | 000,147,456 | ---- | C] () -- C:\Windows\System32\VegaShEx.dll
[2008/04/14 14:08:34 | 000,091,136 | ---- | C] () -- C:\Windows\System32\Lfkodak.dll
[2008/04/14 14:08:33 | 000,308,224 | ---- | C] () -- C:\Windows\System32\Lffpx7.dll
[2008/03/29 20:00:23 | 000,008,861 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/03/23 10:51:55 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/03/23 10:51:49 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/03/23 10:51:49 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/03/23 10:51:48 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/03/23 10:51:45 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/03/18 23:44:29 | 000,004,967 | ---- | C] () -- C:\ProgramData\dbvvomjc.bpt
[2008/03/18 23:44:26 | 000,000,191 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/03/18 23:44:26 | 000,000,145 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/18 23:14:19 | 003,907,640 | ---- | C] () -- C:\Windows\System32\gsdll32.dll
[2008/02/02 13:56:09 | 000,151,552 | ---- | C] () -- C:\Users\Peťo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/02 13:24:38 | 000,000,000 | ---- | C] () -- C:\Users\Peťo\AppData\Roaming\wklnhst.dat
[2007/09/07 13:22:27 | 000,000,343 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/09/07 13:19:34 | 000,006,257 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2007/09/07 13:19:15 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007/09/07 13:09:33 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/09/07 13:09:33 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/07/19 16:07:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/13 22:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/13 22:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/30 01:00:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\besched.dll
[2004/11/19 09:56:00 | 000,032,768 | ---- | C] () -- C:\Windows\System32\RYDLL32.DLL
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\lockres.dll
[2002/05/15 03:58:48 | 000,618,496 | ---- | C] () -- C:\Windows\System32\dXQGridEdit.dll
[1996/08/20 15:08:46 | 000,026,112 | ---- | C] () -- C:\Windows\System32\angel32.dll

========== LOP Check ==========

[2008/03/18 23:14:29 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\AutoCAD DWG to PDF Converter
[2008/04/17 11:57:52 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Autodesk
[2009/03/09 11:38:04 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/04/15 06:37:03 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\DisplayTune
[2008/03/16 16:32:44 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Downloaded Installations
[2010/11/04 16:21:06 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\GHISLER
[2009/06/23 12:19:47 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Kabe
[2010/06/28 08:46:29 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Metrel
[2008/02/02 13:22:10 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\muvee Technologies
[2010/04/13 18:00:38 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Opera
[2010/06/02 05:36:14 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Panasonic
[2008/07/21 15:41:49 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\PeerNetworking
[2008/03/18 16:59:16 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\ProfiCAD
[2008/04/14 14:08:07 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Složka odesílání Share-to-Web
[2010/11/04 13:58:14 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Software Informer
[2008/02/06 22:12:24 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\STORMWARE
[2008/04/14 12:53:43 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Template
[2010/04/06 06:49:21 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Uniblue
[2010/11/05 03:03:52 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Windows Live Writer
[2010/06/22 08:56:07 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\WorkXPlore3D
[2010/11/05 03:34:44 | 000,032,494 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/05 12:05:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{59BDEC23-5F85-4E56-890A-5843EB7F0193}.job

========== Purity Check ==========
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: posím o preventivku mal som security tol

#26 Příspěvek od vyosek »

========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009/04/11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation)
"ehTray.exe" = C:\Windows\ehome\ehTray.exe -- [2008/01/19 08:33:09 | 000,125,952 | ---- | M] (Microsoft Corporation)
"Google Update" = "C:\Users\Peťo\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2009/04/18 03:43:33 | 000,133,104 | ---- | M] (Google Inc.)
"Skype" = "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized -- [2010/04/06 01:27:46 | 026,102,056 | R--- | M] (Skype Technologies S.A.)
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -- [2010/01/12 19:22:48 | 000,039,408 | ---- | M] (Google Inc.)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\OsdMaestro]
"ModelName" = 5189URF
"Version" = 1.00.007
"Language" = 27
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\OsdMaestro\Config]
"DisplayLabel" = 0
"TaskbarIcon" = 1
"ShowLockOSD" = 1

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009/03/09 11:38:03 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Adobe
[2008/03/18 23:14:29 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\AutoCAD DWG to PDF Converter
[2008/04/17 11:57:52 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Autodesk
[2009/03/09 11:38:04 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/04/15 06:37:03 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\DisplayTune
[2008/03/16 16:32:44 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Downloaded Installations
[2010/10/29 17:28:53 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\dvdcss
[2010/11/04 16:21:06 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\GHISLER
[2008/05/13 20:52:03 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Google
[2008/04/15 07:48:28 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\GTek
[2008/01/29 21:21:55 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Identities
[2008/01/31 20:14:04 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\InstallShield
[2009/06/23 12:19:47 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Kabe
[2008/01/31 16:13:44 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Macromedia
[2010/11/03 10:41:50 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Malwarebytes
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Media Center Programs
[2008/03/23 10:53:24 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Media Player Classic
[2010/06/28 08:46:29 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Metrel
[2008/07/07 21:22:08 | 000,000,000 | --SD | M] -- C:\Users\Peťo\AppData\Roaming\Microsoft
[2010/11/03 18:34:20 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Mozilla
[2008/02/02 13:22:10 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\muvee Technologies
[2008/04/14 13:56:42 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Nero
[2010/04/13 18:00:38 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Opera
[2010/06/02 05:36:14 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Panasonic
[2010/11/02 21:40:59 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\PC Tools
[2008/07/21 15:41:49 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\PeerNetworking
[2008/03/18 16:59:16 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\ProfiCAD
[2010/11/04 14:05:57 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Real
[2008/02/02 13:26:24 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Roxio
[2010/09/06 14:49:35 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Skype
[2010/09/06 14:22:49 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\skypePM
[2008/04/14 14:08:07 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Složka odesílání Share-to-Web
[2010/11/04 13:58:14 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Software Informer
[2008/02/06 22:12:24 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\STORMWARE
[2008/04/14 12:53:43 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Template
[2010/04/06 06:49:21 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Uniblue
[2009/12/02 13:12:22 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\vlc
[2010/11/05 03:03:52 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\Windows Live Writer
[2008/02/02 19:44:53 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\WinRAR
[2010/06/22 08:56:07 | 000,000,000 | ---D | M] -- C:\Users\Peťo\AppData\Roaming\WorkXPlore3D

< %APPDATA%\*.exe /s >
[2009/03/09 11:39:28 | 000,038,208 | ---- | M] () -- C:\Users\Peťo\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2009/03/19 07:58:44 | 000,092,219 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Peťo\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe


< MD5 for: AGP440.SYS >
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/13 20:33:42 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/13 20:33:42 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/13 20:33:41 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/04/11 07:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\System32\autochk.exe
[2009/04/11 07:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008/01/19 08:33:01 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2006/11/02 10:44:50 | 000,640,000 | ---- | M] (Microsoft Corporation) MD5=C08D1FE284C3330934E45D6E5F5B768B -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6000.16386_none_dfbd2b4dc4d6121b\autochk.exe

< MD5 for: CDROM.SYS >
[2008/01/19 06:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008/01/19 06:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009/04/11 05:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2009/04/11 05:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009/04/11 05:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006/11/02 09:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2006/11/02 10:46:03 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=1C26FB097170A2A91066D1E3A24366E3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6000.16386_none_73c8d7689de43d15\cryptsvc.dll
[2008/01/19 08:34:00 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll
[2009/04/11 07:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\System32\cryptsvc.dll
[2009/04/11 07:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_77eb127097f11935\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/01/29 22:46:58 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/01/29 22:46:57 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: HAL.DLL >
[2009/04/11 07:32:46 | 000,177,128 | ---- | M] (Microsoft Corporation) MD5=B8D52005181A15D7D1470CBF2AF214DD -- C:\Windows\System32\hal.dll

< MD5 for: IASTOR.SYS >
[2007/06/14 21:30:28 | 000,304,920 | ---- | M] (Intel Corporation) MD5=2D8143C90F246D0F1735AF7D05D515F3 -- C:\hp\DRIVERS\Intel_RAID\iastor.sys
[2007/06/14 19:30:28 | 000,304,920 | ---- | M] (Intel Corporation) MD5=2D8143C90F246D0F1735AF7D05D515F3 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/06/14 21:30:28 | 000,304,920 | ---- | M] (Intel Corporation) MD5=2D8143C90F246D0F1735AF7D05D515F3 -- C:\Windows\System32\drivers\iaStor.sys
[2007/06/14 21:30:28 | 000,304,920 | ---- | M] (Intel Corporation) MD5=2D8143C90F246D0F1735AF7D05D515F3 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_b06897a2\iaStor.sys
[2007/06/14 21:30:28 | 000,304,920 | ---- | M] (Intel Corporation) MD5=2D8143C90F246D0F1735AF7D05D515F3 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_637ce689\iaStor.sys
[2007/06/14 19:31:02 | 000,381,720 | ---- | M] (Intel Corporation) MD5=A808773807CEA68EB7A0BD0D28C845CB -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2006/11/02 10:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- C:\Windows\System32\drivers\isapnp.sys
[2006/11/02 10:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\isapnp.sys
[2008/01/19 08:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\isapnp.sys
[2008/01/19 08:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\isapnp.sys
[2008/01/19 08:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\isapnp.sys
[2008/01/19 08:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\isapnp.sys

< MD5 for: LSASS.EXE >
[2009/06/15 13:51:56 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=203D86EBD6D8E4C8501B222421E81506 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[2009/09/10 15:44:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=2D3AC5E7AC01E905F3ABD2D745FE3A9B -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[2009/06/15 13:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\System32\lsass.exe
[2009/06/15 13:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[2009/02/13 08:26:04 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=59DE082968FDD257FFF0D209B9A5B460 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[2006/11/02 10:45:21 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=6A0E382E74280E4CC0DF17FE2661D003 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\lsass.exe
[2009/06/15 14:03:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=6F1F23D3599EAE17734451936B7F17C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[2009/06/15 13:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[2009/02/13 05:58:37 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=AFF8A58280863629CA4FFA9E0B259F1E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[2009/06/15 13:59:08 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=BA9A67672E025078C77967731BCFC560 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[2009/06/15 14:10:12 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[2009/09/09 12:09:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=CB7E838C140B4087B2DA323F2D4523C5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[2009/09/10 15:47:51 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D09A5DA84B7C9CA9B02EBCD7FAE41C8D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[2008/01/19 08:33:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[2008/01/19 08:33:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[2008/01/19 08:33:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\lsass.exe
[2009/02/13 09:20:29 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=F4C62B07E5BF96F1FDCA9DB393ECED22 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe

< MD5 for: NDIS.SYS >
[2009/04/11 07:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009/04/11 07:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2006/11/02 10:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008/01/19 08:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/19 08:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008/01/19 08:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\drivers\nvraid.sys
[2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: SMSS.EXE >
[2008/01/19 08:33:31 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\smss.exe
[2009/04/11 07:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\System32\smss.exe
[2009/04/11 07:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.18005_none_ae26210916536b06\smss.exe
[2006/11/02 10:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=CAA75757BB3695478C23CB0624342A61 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6000.16386_none_aa03e6011c468ee6\smss.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 10:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TCPIP.SYS >
[2008/04/26 09:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2008/01/29 22:45:56 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=028061C7F6D2D03068C72E2A27E4228A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577ce925d75a7\tcpip.sys
[2009/04/11 07:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2009/12/08 21:52:30 | 000,897,624 | ---- | M] (Microsoft Corporation) MD5=1ACBB7A47E78F4CC82D2EFFB72901528 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
[2009/08/15 22:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009/08/14 18:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2010/02/18 12:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010/02/18 15:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2009/08/14 15:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2008/01/29 22:45:56 | 000,804,352 | ---- | M] (Microsoft Corporation) MD5=43EAE40B50FE3E60D194DD9C97EBB1FD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb7555ab898001\tcpip.sys
[2009/12/08 21:15:00 | 000,907,832 | ---- | M] (Microsoft Corporation) MD5=46E6685F3E92AEC743773ADD4CD54F57 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
[2010/02/18 15:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010/02/18 13:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2008/02/13 20:33:22 | 000,806,400 | ---- | M] (Microsoft Corporation) MD5=52A8BD6294F7D1443C6184C67AE13AF4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys
[2009/12/08 21:37:09 | 000,900,696 | ---- | M] (Microsoft Corporation) MD5=5653230D480A9C54D169E1B080B72CF5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
[2008/02/13 20:33:22 | 000,803,328 | ---- | M] (Microsoft Corporation) MD5=5DF77458AA92FDB36FCE79C60F74AB5D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
[2010/06/16 16:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2009/08/14 17:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2010/06/16 17:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2010/06/16 16:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2008/04/26 09:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009/12/08 18:58:13 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=8734BD051FFDCBF8425CF222141C3741 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
[2009/08/14 18:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010/02/18 18:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010/06/16 17:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\System32\drivers\tcpip.sys
[2010/06/16 17:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2009/12/08 18:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=CA3A5756672013A66BB9D547A5A62DCA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
[2006/11/02 09:58:38 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=D944522B048A5FEB7700B5170D3D9423 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
[2010/02/18 15:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2009/12/08 21:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=DA467E7619AE5F4588E6262C13C8940A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
[2008/01/19 08:43:39 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009/08/14 17:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WS2_32.DLL >
[2006/11/02 10:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=D99A071C1018BB3D4ABAAD4B62048AC2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll
[2008/01/19 08:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
[2008/01/19 08:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010/11/05 12:02:23 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/05 12:02:23 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/04 10:35:23 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/11/05 10:02:30 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/11/04 10:32:00 | 000,009,264 | ---- | M] () -- C:\Windows\System32\msqtvcap.dat
[2010/11/05 10:08:42 | 000,125,162 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/05 10:08:42 | 000,031,868 | ---- | M] () -- C:\Windows\System32\perfc01B.dat
[2010/11/05 10:08:42 | 000,650,790 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/05 10:08:42 | 000,092,194 | ---- | M] () -- C:\Windows\System32\perfh01B.dat
[2010/11/05 10:08:42 | 000,890,216 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FA5F15C4
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: posím o preventivku mal som security tol

#27 Příspěvek od vyosek »

OTL Extras logfile created on: 5. 11. 2010 12:00:21 - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Peťo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 0000041B | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,71 Gb Total Space | 151,48 Gb Free Space | 67,11% Space Free | Partition Type: NTFS
Drive D: | 7,18 Gb Total Space | 1,63 Gb Free Space | 22,78% Space Free | Partition Type: NTFS
Drive F: | 111,79 Gb Total Space | 62,12 Gb Free Space | 55,57% Space Free | Partition Type: NTFS

Computer Name: PETO | User Name: Peťo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1807514103-992746668-557511064-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01093028-1986-4AAD-81FE-20835CBB9209}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{02AA7AC1-914D-4D12-8F22-C6E95746451A}" = rport=139 | protocol=6 | dir=out | app=system |
"{09B194B7-1A7F-49F3-9860-A81C88709A33}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{09C1FBD3-6EEC-4A8A-A44C-2518B0CDEBF8}" = rport=137 | protocol=17 | dir=out | app=system |
"{09E40EFD-EC32-44F7-A4BF-ABC2D873B2C6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1568CF75-9127-4643-8DDC-2757289BC2BC}" = lport=138 | protocol=17 | dir=in | app=system |
"{19645DF7-D65F-4426-ADE4-5C74A718B109}" = rport=138 | protocol=17 | dir=out | app=system |
"{1D39ABFA-645A-459D-92FA-40082711BDF1}" = rport=445 | protocol=6 | dir=out | app=system |
"{3342CB7B-6855-4EEE-A1C2-81A384B9B6F3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{434F3DC6-19E3-42DF-87D3-375343961909}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4C6BEA61-3C96-45A1-8887-D6269847C70D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{72E30D00-F63C-4D00-884A-67AE3D2D20AC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{75132456-C2E9-4F2A-9DF3-08C130A24C6B}" = lport=445 | protocol=6 | dir=in | app=system |
"{88199C60-0874-4AC2-9809-3E4B765D3E52}" = lport=137 | protocol=17 | dir=in | app=system |
"{A1BA0279-897E-49A1-B0F4-D058199F6BA7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B9035107-E919-46A2-9887-9E697915675B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BDD2C658-5BD8-464D-AE53-318331A23A21}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CCC81B31-F6B6-4235-8E60-DEF47521FED1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CE79C8F4-8E6B-46B3-BD36-8E10BFD8BDB8}" = lport=139 | protocol=6 | dir=in | app=system |
"{D543E32F-1DE1-45BA-9D8B-364DEFA86123}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EFD5DB10-2DCC-4D47-A481-DF767E31E5FE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F57CAA68-15D0-4D66-8193-4C7D100607F6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F5C4CB65-A031-4021-82E0-5ED2C799B491}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{141CA284-D278-457E-AF12-C7A448629678}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{143F3FEC-C68F-4F0D-A608-006EB764B642}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{27C191FB-4B89-48DD-8B76-B904F6D161E0}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{2F851BF7-7666-4AF0-A1EB-D70EA27BA442}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3A6DCC50-C091-4FA9-881E-33A4FE999FF9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3B88B312-C29D-46CB-84FF-121C7137CBDF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{401B0C6A-EB8C-4A31-A744-9992EB3A189C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5159D5AA-3E5A-4CDE-BE7E-5E73FEE6F316}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{58C8FD72-B3A7-4752-9564-EF74DAB65DA9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{60ED0CEB-820D-4C48-A5AC-6A7F1DAEEC97}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{69511A2C-4206-4D54-8FEB-7512A8AB396F}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{766A5D3B-4A0D-4B08-BCE4-844370722EC3}" = protocol=17 | dir=in | app=c:\program files\cenkrosplus\krosplus.exe |
"{7713F285-2F60-41BF-9F06-21E28BE93E5D}" = protocol=6 | dir=in | app=c:\program files\cenkrosplus\krosplus.exe |
"{79ED5F60-D8AE-4ADA-95E8-DEAB042887F2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{88773505-8832-4136-AB7D-BA5C4BBC939A}" = protocol=6 | dir=out | app=system |
"{9400799D-55DD-42C1-BEBF-59BE73983F45}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{980BF08B-3C88-4F26-A3FA-849A28A462F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7A016E5-B7BE-42F5-AB99-07BB31713D3E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B649E942-9311-4333-8B3C-6DA249447FD9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B8C3DDAF-32B7-4D60-89AF-8A44F7B8259A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C688D748-AAD6-46EC-956F-E665DFEB0F22}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D5A8919A-2E78-4597-8428-96D313CD4E09}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{E2C86529-3072-42A3-B134-DFB3F9815DA9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ED6C4891-639D-427A-8613-8A342D1C208D}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{F77DB1DE-7282-4D3F-8663-28FE0D7610CA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FC213F8B-7C31-435D-BB09-2926BC6C9019}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FD6B477D-0113-4E46-919C-E459A4B30780}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{08BB3013-2CCC-4C5B-83C0-EF8102892EB3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{3437E131-91EB-4CB0-B5A5-5EB828AFE486}C:\program files\trademanager\aliim.exe" = protocol=6 | dir=in | app=c:\program files\trademanager\aliim.exe |
"TCP Query User{6E8E50FB-13FC-4A44-A8B4-C949DBB8D012}C:\windows\ehome\ehexthost.exe" = protocol=6 | dir=in | app=c:\windows\ehome\ehexthost.exe |
"TCP Query User{A143302B-E52F-447A-BD1E-5F2EF4352812}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{AC8E694E-04A6-4C1D-8DA0-8496D2E89DA7}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{C6901479-6E46-4419-BF8B-E7083EE554FE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F01E4BE0-9DDB-4705-92C3-EA06FD1AE1E4}C:\program files\alibaba\trademanager\multimedia\aliviewer.exe" = protocol=6 | dir=in | app=c:\program files\alibaba\trademanager\multimedia\aliviewer.exe |
"UDP Query User{09389334-8302-46A4-8D31-C0ED3AB8304A}C:\windows\ehome\ehexthost.exe" = protocol=17 | dir=in | app=c:\windows\ehome\ehexthost.exe |
"UDP Query User{320B847A-A492-4792-863F-8251C73C73C1}C:\program files\trademanager\aliim.exe" = protocol=17 | dir=in | app=c:\program files\trademanager\aliim.exe |
"UDP Query User{515CED2C-AA92-47DC-A679-31BE4AE09AAB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5D4F7DB7-53E8-4AC4-A488-235ECD0CFFA4}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{817F78E9-851A-40C8-8265-F07A1FD7B98C}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{E9FE73FF-4328-45C3-B670-82D92D6F26F6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{EFD7F38A-C053-4285-B72E-C98A21CCFADE}C:\program files\alibaba\trademanager\multimedia\aliviewer.exe" = protocol=17 | dir=in | app=c:\program files\alibaba\trademanager\multimedia\aliviewer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02C0A02E-AB30-446C-B4C3-A03310D95F53}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (METREL)
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E4FA4B-9376-4C32-AA46-65FCC0087CD5}" = Windows Live Remote Service Resources
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D2F0A26-ECEA-49CE-833C-9A6125F3D5E8}" = Doplnok programu Messenger
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{7299052B-02A4-4627-81F2-1818DA5D550D}" = Microsoft Visual C++ 2005 Redistributable
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94B6C451-7D85-41E4-B94F-4FAD1B3414EF}" = Metrel PATLink PRO v1.7.4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A27DED03-CADE-4847-97D8-B198A8E57F3E}" = Windows Live Family Safety
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B9D4608E-B155-404E-B24B-8D6AE90FF8A6}_is1" = WorkXPlore 1.6
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}" = Google Apps
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1629C45-9CEF-498E-83CD-D6A09CADA176}" = Windows Live Remote Client Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Any DWG to Image Converter_is1" = Any DWG to Image Converter 2008
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"Freecorder4.1" = Freecorder
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Spyware Doctor" = Spyware Doctor 7.0
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1807514103-992746668-557511064-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BogFran Designer" = BogFran Designer
"Eurotran XP" = Překladač Eurotran XP
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 16. 5. 2008 13:46:24 | Computer Name = Peto | Source = avast! | ID = 33554522
Description =

Error - 14. 10. 2008 1:35:40 | Computer Name = Peto | Source = avast! | ID = 33554522
Description =

Error - 9. 3. 2009 6:20:25 | Computer Name = Peto | Source = avast! | ID = 33554522
Description =

Error - 9. 3. 2009 7:09:07 | Computer Name = Peto | Source = avast! | ID = 33554522
Description =

Error - 25. 3. 2009 14:42:09 | Computer Name = Peto | Source = avast! | ID = 33554522
Description =

Error - 26. 4. 2009 2:44:59 | Computer Name = Peto | Source = avast! | ID = 33554522
Description =

Error - 9. 6. 2009 8:11:33 | Computer Name = Peto | Source = avast! | ID = 33554522
Description =

Error - 23. 2. 2010 6:59:32 | Computer Name = Peto | Source = avast! | ID = 33554522
Description =

Error - 27. 2. 2010 18:47:08 | Computer Name = Peto | Source = avast! | ID = 33554522
Description =

Error - 31. 3. 2010 7:57:08 | Computer Name = Peto | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 4. 11. 2010 12:55:19 | Computer Name = Peto | Source = Windows Search Service | ID = 3013
Description =

Error - 4. 11. 2010 12:55:19 | Computer Name = Peto | Source = Windows Search Service | ID = 3013
Description =

Error - 4. 11. 2010 12:55:19 | Computer Name = Peto | Source = Windows Search Service | ID = 3013
Description =

Error - 4. 11. 2010 12:55:19 | Computer Name = Peto | Source = Windows Search Service | ID = 3013
Description =

Error - 4. 11. 2010 12:55:19 | Computer Name = Peto | Source = Windows Search Service | ID = 3013
Description =

Error - 4. 11. 2010 12:55:19 | Computer Name = Peto | Source = Windows Search Service | ID = 3013
Description =

Error - 4. 11. 2010 18:56:48 | Computer Name = Peto | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18975 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1e88 Start Time: 01cb7c735be8c9b7 Termination Time: 66

Error - 4. 11. 2010 19:09:25 | Computer Name = Peto | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1f8 Start Time: 01cb7c6b0c2f4f07 Termination Time: 50

Error - 4. 11. 2010 19:20:00 | Computer Name = Peto | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18975 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 10e4 Start Time: 01cb7c767efe5274 Termination Time: 13

Error - 4. 11. 2010 22:03:25 | Computer Name = Peto | Source = ESENT | ID = 215
Description = wlmail (5588) WindowsLiveMail0: The backup has been stopped because
it was halted by the client or the connection with the client failed.

[ Media Center Events ]
Error - 17. 4. 2008 4:07:16 | Computer Name = Peto | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: nepodarilo sa prevziať balík
MCESpotlight.

[ OSession Events ]
Error - 7. 2. 2008 1:30:01 | Computer Name = Peto | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 283
seconds with 60 seconds of active time. This session ended with a crash.

Error - 3. 3. 2008 20:22:38 | Computer Name = Peto | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1019
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18. 5. 2008 17:46:54 | Computer Name = Peto | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 105
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4. 11. 2010 19:15:35 | Computer Name = Peto | Source = EventLog | ID = 6008
Description = The previous system shutdown at 0:13:20 on 5. 11. 2010 was unexpected.

Error - 4. 11. 2010 19:16:43 | Computer Name = Peto | Source = Service Control Manager | ID = 7000
Description =

Error - 4. 11. 2010 19:16:43 | Computer Name = Peto | Source = Service Control Manager | ID = 7000
Description =

Error - 4. 11. 2010 19:30:04 | Computer Name = Peto | Source = EventLog | ID = 6008
Description = The previous system shutdown at 0:28:22 on 5. 11. 2010 was unexpected.

Error - 4. 11. 2010 19:30:35 | Computer Name = Peto | Source = Print | ID = 19
Description = Službe zaraďovača tlače sa nepodarilo zdieľať tlačiareň Canon LBP2900
s názvom zdieľaného prostriedku Canon LBP2900. Chyba 1722. Tlačiareň nemôžu používať
iní používatelia v sieti.

Error - 4. 11. 2010 19:31:22 | Computer Name = Peto | Source = Service Control Manager | ID = 7000
Description =

Error - 4. 11. 2010 19:31:22 | Computer Name = Peto | Source = Service Control Manager | ID = 7000
Description =

Error - 5. 11. 2010 5:03:12 | Computer Name = Peto | Source = Service Control Manager | ID = 7000
Description =

Error - 5. 11. 2010 5:03:12 | Computer Name = Peto | Source = Service Control Manager | ID = 7000
Description =

Error - 5. 11. 2010 5:08:09 | Computer Name = Peto | Source = DCOM | ID = 10010
Description =


< End of report >
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: posím o preventivku mal som security tol

#28 Příspěvek od vyosek »

:arrow: Vidim tam Avast a jeste antivir od Microfostu, jeden dejte pryc, jinak bude dochazet ke kolizi

:arrow: Spustte znovu OTL
  • Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

  • Kód: Vybrat vše

    :otl
SRV - File not found [Auto | Stopped] -- C:\ComboFix\PEV.cfx -- (PEVSystemStart)
SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Portrait Displays\HP My Display\dtsrvc.exe -- (DTSRVC)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\PEO~1\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\PEO~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
IE - HKU\S-1-5-21-1807514103-992746668-557511064-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.centrum.sk/http://www.elzarus.sk/ [binary data]
IE - HKU\S-1-5-21-1807514103-992746668-557511064-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - Reg Error: Key error. File not found
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=sk&q="
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1807514103-992746668-557511064-1000\..Trusted Domains: drsr.sk ([www] https in Dôveryhodné lokality)
O15 - HKU\S-1-5-21-1807514103-992746668-557511064-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1807514103-992746668-557511064-1000\..Trusted Domains: t-com.sk ([moj] https in Dôveryhodné lokality)
O15 - HKU\S-1-5-21-1807514103-992746668-557511064-1000\..Trusted Ranges: GD ([http] in Local intranet)
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FA5F15C4
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=-
"Google Update"=-
"Skype"=-
"swg"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"SunJavaUpdateReg"=-
""=-
"RegistryMechanic"=-
"TkBellExe"=-
 
:files
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1807514103-992746668-557511064-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1807514103-992746668-557511064-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{59BDEC23-5F85-4E56-890A-5843EB7F0193}.job
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
  • Nasledne kliknete na Opravit ci Fix
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
:arrow: Udelejte kompletni sken MBAM a log mi sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
ruso
Návštěvník
Návštěvník
Příspěvky: 32
Registrován: 03 lis 2010 07:11

Re: posím o preventivku mal som security tol

#29 Příspěvek od ruso »

už predtým som dal Quick Scan
musím počkať kým dokončí
Ďakujem
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: posím o preventivku mal som security tol

#30 Příspěvek od vyosek »

Dobra tedy, budu tu opravny log z OTL a MBAM vyhlizet...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Odpovědět

Zpět na „Preventivní kontroly logů“