Zdravim,
omlouvam se ze reaguji az tak pozde byl jsem na vikend pryc...
192.168.1.1 - toto jo IP routeru
slozku USERS samozrejme znam.....
nize zasilam log
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Smart engine
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Smart engine
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\ deleted successfully.
C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll moved successfully.
HKU\S-1-5-21-1001319609-1370749333-973425246-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\ not found.
File C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\ not found.
File Eng7\tbSoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_USERS\S-1-5-21-1001319609-1370749333-973425246-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}\ not found.
File Eng7\tbSoft.dll not found.
Registry value HKEY_USERS\S-1-5-21-1001319609-1370749333-973425246-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{144966db-6bcb-11df-b6a2-001d7d003c22}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{144966db-6bcb-11df-b6a2-001d7d003c22}\ not found.
File J:\Autorun.exe not found.
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wlt2B1A.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wlt4492.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wltDE23.tmp moved successfully.
C:\WINDOWS\Temp\DMI2BD0.tmp moved successfully.
C:\WINDOWS\Temp\TS_142D.tmp moved successfully.
C:\WINDOWS\Temp\TS_174A.tmp moved successfully.
C:\WINDOWS\Temp\TS_1E5C.tmp moved successfully.
C:\WINDOWS\Temp\TS_209F.tmp moved successfully.
C:\WINDOWS\Temp\TS_2293.tmp moved successfully.
C:\WINDOWS\Temp\TS_2449.tmp moved successfully.
C:\WINDOWS\Temp\TS_3634.tmp moved successfully.
C:\WINDOWS\Temp\TS_3DD3.tmp moved successfully.
C:\WINDOWS\Temp\TS_F0E.tmp moved successfully.
C:\ProgramData\SMZDLHHE folder moved successfully.
C:\ProgramData\181b6f\SMESys folder moved successfully.
C:\ProgramData\181b6f\Quarantine Items folder moved successfully.
C:\ProgramData\181b6f folder moved successfully.
C:\Users\hulda\AppData\Roaming\Smart Engine folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: hulda
->Temp folder emptied: 31958651 bytes
->Temporary Internet Files folder emptied: 32019463 bytes
->FireFox cache emptied: 83555468 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 10556 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 629428 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50507 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 141,00 mb
[EMPTYFLASH]
User: All Users
User: AppData
User: Default
User: Default User
User: hulda
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.17.3 log created on 11142010_165742
Files\Folders moved on Reboot...
C:\Users\hulda\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
========== OTL ==========
No active process named explorer.exe was found!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\ deleted successfully.
C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll moved successfully.
HKU\S-1-5-21-1001319609-1370749333-973425246-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\ not found.
File C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\ not found.
File Eng7\tbSoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_USERS\S-1-5-21-1001319609-1370749333-973425246-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}\ not found.
File Eng7\tbSoft.dll not found.
Registry value HKEY_USERS\S-1-5-21-1001319609-1370749333-973425246-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{144966db-6bcb-11df-b6a2-001d7d003c22}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{144966db-6bcb-11df-b6a2-001d7d003c22}\ not found.
File J:\Autorun.exe not found.
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wlt2B1A.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wlt4492.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wltDE23.tmp moved successfully.
C:\WINDOWS\Temp\DMI2BD0.tmp moved successfully.
C:\WINDOWS\Temp\TS_142D.tmp moved successfully.
C:\WINDOWS\Temp\TS_174A.tmp moved successfully.
C:\WINDOWS\Temp\TS_1E5C.tmp moved successfully.
C:\WINDOWS\Temp\TS_209F.tmp moved successfully.
C:\WINDOWS\Temp\TS_2293.tmp moved successfully.
C:\WINDOWS\Temp\TS_2449.tmp moved successfully.
C:\WINDOWS\Temp\TS_3634.tmp moved successfully.
C:\WINDOWS\Temp\TS_3DD3.tmp moved successfully.
C:\WINDOWS\Temp\TS_F0E.tmp moved successfully.
C:\ProgramData\SMZDLHHE folder moved successfully.
C:\ProgramData\181b6f\SMESys folder moved successfully.
C:\ProgramData\181b6f\Quarantine Items folder moved successfully.
C:\ProgramData\181b6f folder moved successfully.
C:\Users\hulda\AppData\Roaming\Smart Engine folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: hulda
->Temp folder emptied: 31958651 bytes
->Temporary Internet Files folder emptied: 32019463 bytes
->FireFox cache emptied: 83555468 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 10556 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 629428 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50507 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 141,00 mb
[EMPTYFLASH]
User: All Users
User: AppData
User: Default
User: Default User
User: hulda
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.17.3 log created on 11142010_165742
Files\Folders moved on Reboot...
C:\Users\hulda\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
Re: Smart engine
Fajn, poprosím o nový log z OTL. Jak se chová počítač?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Smart engine
zda se ze pocitac uz se chova jak ma....
Re: Smart engine
Ještě poprosím o ten log 
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Smart engine
OTL logfile created on: 14.11.2010 18:45:04 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = D:\Data\....DownLoaD\aaa
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 71,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 31,14 Gb Total Space | 6,14 Gb Free Space | 19,72% Space Free | Partition Type: NTFS
Drive D: | 101,69 Gb Total Space | 15,26 Gb Free Space | 15,01% Space Free | Partition Type: NTFS
Drive E: | 332,93 Gb Total Space | 26,57 Gb Free Space | 7,98% Space Free | Partition Type: NTFS
Computer Name: HULDA-PC | User Name: hulda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2010.11.14 17:30:19 | 001,154,880 | ---- | M] (Ghisler Software GmbH) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2010.11.11 22:41:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Data\....DownLoaD\aaa\OTL.exe
PRC - [2010.10.28 13:03:49 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010.10.28 13:03:49 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010.08.13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.04.03 15:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.04.01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2008.12.09 17:00:52 | 003,259,392 | ---- | M] (The Author of QIP) -- D:\Data\Install\....Net\QIP\qip.exe
========== Modules (SafeList) ==========
MOD - [2010.11.11 22:41:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Data\....DownLoaD\aaa\OTL.exe
MOD - [2009.07.14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010.01.11 17:14:02 | 000,153,088 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffWeb)
SRV:64bit: - [2010.01.11 17:14:02 | 000,153,088 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffScheduler)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010.11.05 18:27:47 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.08.13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.04.03 15:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WPRO_40_1340.sys -- (WPRO_40_1340) WinPcap Packet Driver (WPRO_40_1340)
DRV:64bit: - [2010.05.30 09:36:39 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.04.19 19:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.03.04 14:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.04 17:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1001319609-1370749333-973425246-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 35 BA 2F D6 D1 FF CA 01 [binary data]
IE - HKU\S-1-5-21-1001319609-1370749333-973425246-1001\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1001319609-1370749333-973425246-1001\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1001319609-1370749333-973425246-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1001319609-1370749333-973425246-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1001319609-1370749333-973425246-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25571
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.seznam.cz"
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.30 18:51:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.10.30 18:51:05 | 000,000,000 | ---D | M]
[2010.05.30 09:28:45 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Mozilla\Extensions
[2010.11.14 17:10:22 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Mozilla\Firefox\Profiles\p76rt2xi.default\extensions
[2010.11.07 14:45:15 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\hulda\AppData\Roaming\Mozilla\Firefox\Profiles\p76rt2xi.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.05.30 09:28:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.07.27 22:37:36 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.07.27 22:37:36 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.07.27 22:37:37 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.07.27 22:37:37 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.07.27 22:37:37 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2010.11.14 16:58:04 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1001319609-1370749333-973425246-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1001319609-1370749333-973425246-1001..\Run: [Steam] d:\games\steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1001319609-1370749333-973425246-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 30 Days ==========
[2010.11.14 17:34:52 | 000,000,000 | ---D | C] -- C:\totalcmd
[2010.11.12 22:03:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Texas Holdem Poker 3D Deluxe Edition DeLEGiON
[2010.11.11 21:56:57 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.11.11 21:56:57 | 000,000,000 | ---D | C] -- C:\rsit
[2010.11.08 21:09:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.11.08 21:09:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.11.08 20:11:16 | 000,000,000 | ---D | C] -- C:\Users\hulda\AppData\Local\Diagnostics
[2010.11.08 18:37:42 | 000,000,000 | ---D | C] -- C:\Users\hulda\AppData\Roaming\Malwarebytes
[2010.11.08 18:37:31 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.11.08 18:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.08 18:34:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malware Scan
[2010.11.07 18:58:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DigiDNA
[2010.11.07 18:54:28 | 000,000,000 | ---D | C] -- C:\Users\hulda\AppData\Roaming\DiskAid
[2010.11.07 14:45:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoftTB
[2010.11.07 14:43:05 | 000,000,000 | ---D | C] -- C:\Users\hulda\Documents\DVDVideoSoft
[2010.11.07 14:43:03 | 000,000,000 | ---D | C] -- C:\Users\hulda\AppData\Roaming\DVDVideoSoft
[2010.11.07 14:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2010.11.07 14:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2010.11.05 20:35:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iPhone Tunnel Suite
[2010.11.05 19:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\Zrychleni Pocitace
[2010.11.05 19:45:27 | 000,000,000 | ---D | C] -- C:\Users\hulda\AppData\Local\OpenCandy
[2010.11.05 19:45:26 | 000,000,000 | ---D | C] -- C:\Users\hulda\AppData\Roaming\OpenCandy
[2010.11.05 19:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSCP
[2010.10.30 18:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.10.30 18:51:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010.10.30 18:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.10.30 18:50:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.10.30 18:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.10.30 18:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010.10.30 18:44:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2010.10.30 18:42:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.10.30 18:39:40 | 000,000,000 | ---D | C] -- C:\Users\hulda\AppData\Roaming\Apple Computer
[2010.10.30 18:39:40 | 000,000,000 | ---D | C] -- C:\Users\hulda\AppData\Local\Apple Computer
[2010.10.30 18:39:36 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2010.10.30 18:39:36 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2010.10.30 18:39:36 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010.10.30 18:39:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010.10.30 18:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010.10.30 18:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.10.30 18:39:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010.10.30 18:39:08 | 000,000,000 | ---D | C] -- C:\Users\hulda\AppData\Local\Apple
[2010.10.30 18:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010.10.30 18:38:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.10.30 18:38:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010.10.30 17:20:37 | 000,000,000 | ---D | C] -- C:\Users\hulda\Documents\FIFA 11
[2010.10.30 17:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Sports
[2010.10.23 15:23:07 | 000,000,000 | ---D | C] -- C:\Users\hulda\Documents\My Received Files
[2010.10.23 15:16:19 | 000,000,000 | ---D | C] -- C:\Users\hulda\Tracing
[2010.10.23 15:15:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010.10.23 15:12:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Softonic-Eng7
[2010.10.17 22:15:28 | 000,000,000 | ---D | C] -- C:\Users\hulda\Documents\ZPS12
[2010.10.17 22:14:28 | 000,000,000 | ---D | C] -- C:\Users\hulda\AppData\Roaming\Zoner
[2010.10.17 22:14:28 | 000,000,000 | ---D | C] -- C:\Users\hulda\AppData\Local\Zoner
[2010.10.17 22:14:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zoner
========== Files - Modified Within 30 Days ==========
[2010.11.14 17:34:53 | 000,000,632 | ---- | M] () -- C:\Users\hulda\Desktop\Total Commander.lnk
[2010.11.14 17:24:04 | 000,000,320 | ---- | M] () -- C:\Windows\WINCMD.INI
[2010.11.14 17:18:08 | 000,669,892 | -H-- | M] () -- C:\TREEINFO.WC
[2010.11.14 17:16:34 | 001,445,734 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.11.14 17:16:34 | 000,622,422 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2010.11.14 17:16:34 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.11.14 17:16:34 | 000,118,604 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2010.11.14 17:16:34 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.11.14 17:06:28 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.14 17:06:28 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.14 16:59:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.14 16:59:12 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.14 16:58:04 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010.11.11 19:52:59 | 000,001,912 | ---- | M] () -- C:\Users\hulda\Desktop\fifaconfig – zástupce.lnk
[2010.11.08 21:09:32 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.07 18:58:07 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\DiskAid.lnk
[2010.11.07 16:18:50 | 000,000,095 | ---- | M] () -- C:\Windows\winamp.ini
[2010.11.06 08:05:19 | 000,000,600 | ---- | M] () -- C:\Users\hulda\AppData\Local\PUTTY.RND
[2010.11.05 21:11:17 | 000,000,600 | ---- | M] () -- C:\Users\hulda\AppData\Roaming\winscp.rnd
[2010.11.05 20:35:42 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\iPhone Tunnel Suite.lnk
[2010.11.05 19:45:28 | 000,001,789 | ---- | M] () -- C:\Users\hulda\Desktop\WinSCP.lnk
[2010.10.30 19:24:50 | 000,093,604 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.10.30 18:54:35 | 000,000,629 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf
[2010.10.30 18:51:44 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.10.30 18:51:01 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.10.30 18:44:02 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010.10.30 17:14:09 | 000,001,676 | ---- | M] () -- C:\Users\hulda\Desktop\fifa – zástupce.lnk
[2010.10.17 22:14:24 | 000,002,057 | ---- | M] () -- C:\Users\Public\Desktop\Zoner Photo Studio 12.lnk
========== Files Created - No Company Name ==========
[2010.11.14 17:34:53 | 000,000,632 | ---- | C] () -- C:\Users\hulda\Desktop\Total Commander.lnk
[2010.11.14 17:13:49 | 000,669,892 | -H-- | C] () -- C:\TREEINFO.WC
[2010.11.14 17:13:37 | 000,000,320 | ---- | C] () -- C:\Windows\WINCMD.INI
[2010.11.11 19:52:59 | 000,001,912 | ---- | C] () -- C:\Users\hulda\Desktop\fifaconfig – zástupce.lnk
[2010.11.08 21:09:32 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.07 18:58:07 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\DiskAid.lnk
[2010.11.05 20:35:42 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\iPhone Tunnel Suite.lnk
[2010.11.05 20:25:54 | 000,000,600 | ---- | C] () -- C:\Users\hulda\AppData\Local\PUTTY.RND
[2010.11.05 19:45:29 | 000,000,600 | ---- | C] () -- C:\Users\hulda\AppData\Roaming\winscp.rnd
[2010.11.05 19:45:28 | 000,001,789 | ---- | C] () -- C:\Users\hulda\Desktop\WinSCP.lnk
[2010.10.30 19:24:50 | 000,093,604 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.10.30 18:54:35 | 000,000,629 | ---- | C] () -- C:\Windows\SysNative\mapisvc.inf
[2010.10.30 18:51:44 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.10.30 18:51:01 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.10.30 18:44:02 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010.10.30 17:14:09 | 000,001,676 | ---- | C] () -- C:\Users\hulda\Desktop\fifa – zástupce.lnk
[2010.10.17 22:14:24 | 000,002,057 | ---- | C] () -- C:\Users\Public\Desktop\Zoner Photo Studio 12.lnk
[2010.05.30 09:42:08 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini
[2010.05.30 09:37:38 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\ldf252.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
========== LOP Check ==========
[2010.06.09 19:40:19 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\ACD Systems
[2010.09.21 22:16:21 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Airytec
[2010.11.14 17:34:21 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Azureus
[2010.05.30 10:12:13 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\DAEMON Tools Lite
[2010.11.07 18:59:11 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\DiskAid
[2010.11.07 16:28:14 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\DVDVideoSoft
[2010.05.30 09:24:54 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\GHISLER
[2010.05.30 10:58:21 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Leadertech
[2010.11.05 19:45:26 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\OpenCandy
[2010.08.07 07:57:12 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Raptr
[2010.10.17 22:14:28 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Zoner
[2010.09.30 17:47:48 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"DAEMON Tools Lite" = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun -- [2010.04.01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd)
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009.07.14 02:39:41 | 001,475,072 | ---- | M] (Microsoft Corporation)
"Steam" = "d:\games\steam\steam.exe" -silent -- [2010.08.24 10:49:50 | 001,242,448 | ---- | M] (Valve Corporation)
< c:\windows\*.* /U >
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010.06.09 19:40:19 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\ACD Systems
[2010.05.30 16:22:50 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Adobe
[2010.09.21 22:16:21 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Airytec
[2010.10.30 19:24:47 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Apple Computer
[2010.11.14 17:34:21 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Azureus
[2010.05.30 10:12:13 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\DAEMON Tools Lite
[2010.11.07 18:59:11 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\DiskAid
[2010.11.07 16:28:14 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\DVDVideoSoft
[2010.05.30 09:24:54 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\GHISLER
[2010.05.30 08:58:26 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Identities
[2010.05.30 10:58:21 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Leadertech
[2010.05.30 09:32:57 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Macromedia
[2010.11.08 18:37:42 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Malwarebytes
[2009.07.14 16:36:38 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Media Center Programs
[2010.11.05 19:49:38 | 000,000,000 | --SD | M] -- C:\Users\hulda\AppData\Roaming\Microsoft
[2010.05.30 09:28:45 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Mozilla
[2010.09.17 17:06:49 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\NVIDIA
[2010.11.05 19:45:26 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\OpenCandy
[2010.08.07 07:57:12 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Raptr
[2010.10.17 22:14:28 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Zoner
< %APPDATA%\*.exe /s >
[2010.11.08 18:31:26 | 000,000,074 | ---- | M] () -- C:\Users\hulda\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.exe
[2010.11.08 18:31:26 | 000,000,034 | ---- | M] () -- C:\Users\hulda\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
[2010.11.08 18:31:49 | 000,000,039 | ---- | M] () -- C:\Users\hulda\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
[2010.11.08 19:01:55 | 000,000,040 | ---- | M] () -- C:\Users\hulda\AppData\Roaming\Microsoft\Windows\Recent\FS.exe
[2010.11.08 18:41:21 | 000,000,062 | ---- | M] () -- C:\Users\hulda\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe
[2 C:\Users\hulda\AppData\Roaming\Microsoft\Windows\Recent\*.tmp files -> C:\Users\hulda\AppData\Roaming\Microsoft\Windows\Recent\*.tmp -> ]
[2010.11.05 19:45:27 | 000,349,296 | ---- | M] () -- C:\Users\hulda\AppData\Roaming\OpenCandy\OpenCandy_973240A9A698428AB8F8545061648B3E\DLMgr_3_1.6.87.exe
[2010.10.15 21:41:18 | 000,043,440 | ---- | M] () -- C:\Users\hulda\AppData\Roaming\OpenCandy\OpenCandy_973240A9A698428AB8F8545061648B3E\SpeedstarterCZ.exe
[2010.10.23 00:29:06 | 001,472,552 | ---- | M] (Speedchecker Limited ) -- C:\Users\hulda\AppData\Roaming\OpenCandy\OpenCandy_973240A9A698428AB8F8545061648B3E\ZrychleniPocitace.exe
< MD5 for: AGP440.SYS >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
< MD5 for: CDROM.SYS >
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2009.07.14 02:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\SysWOW64\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\SysWOW64\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
< MD5 for: HAL.DLL >
[2009.07.14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
< MD5 for: IASTORV.SYS >
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys
< MD5 for: LSASS.EXE >
[2009.07.14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
< MD5 for: NDIS.SYS >
[2009.07.14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVRAID.SYS >
[2009.07.14 02:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 02:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
< MD5 for: SMSS.EXE >
[2009.07.14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: TCPIP.SYS >
[2009.07.14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
< MD5 for: WS2_32.DLL >
[2009.07.14 02:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
< End of report >
OTL by OldTimer - Version 3.2.17.3 Folder = D:\Data\....DownLoaD\aaa
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 71,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 31,14 Gb Total Space | 6,14 Gb Free Space | 19,72% Space Free | Partition Type: NTFS
Drive D: | 101,69 Gb Total Space | 15,26 Gb Free Space | 15,01% Space Free | Partition Type: NTFS
Drive E: | 332,93 Gb Total Space | 26,57 Gb Free Space | 7,98% Space Free | Partition Type: NTFS
Computer Name: HULDA-PC | User Name: hulda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2010.11.14 17:30:19 | 001,154,880 | ---- | M] (Ghisler Software GmbH) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2010.11.11 22:41:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Data\....DownLoaD\aaa\OTL.exe
PRC - [2010.10.28 13:03:49 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010.10.28 13:03:49 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010.08.13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.04.03 15:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.04.01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2008.12.09 17:00:52 | 003,259,392 | ---- | M] (The Author of QIP) -- D:\Data\Install\....Net\QIP\qip.exe
========== Modules (SafeList) ==========
MOD - [2010.11.11 22:41:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Data\....DownLoaD\aaa\OTL.exe
MOD - [2009.07.14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010.01.11 17:14:02 | 000,153,088 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffWeb)
SRV:64bit: - [2010.01.11 17:14:02 | 000,153,088 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffScheduler)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010.11.05 18:27:47 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.08.13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.04.03 15:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WPRO_40_1340.sys -- (WPRO_40_1340) WinPcap Packet Driver (WPRO_40_1340)
DRV:64bit: - [2010.05.30 09:36:39 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.04.19 19:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.03.04 14:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.04 17:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1001319609-1370749333-973425246-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 35 BA 2F D6 D1 FF CA 01 [binary data]
IE - HKU\S-1-5-21-1001319609-1370749333-973425246-1001\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1001319609-1370749333-973425246-1001\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1001319609-1370749333-973425246-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1001319609-1370749333-973425246-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1001319609-1370749333-973425246-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25571
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.seznam.cz"
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.30 18:51:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.10.30 18:51:05 | 000,000,000 | ---D | M]
[2010.05.30 09:28:45 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Mozilla\Extensions
[2010.11.14 17:10:22 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Mozilla\Firefox\Profiles\p76rt2xi.default\extensions
[2010.11.07 14:45:15 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\hulda\AppData\Roaming\Mozilla\Firefox\Profiles\p76rt2xi.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.05.30 09:28:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.07.27 22:37:36 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.07.27 22:37:36 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.07.27 22:37:37 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.07.27 22:37:37 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.07.27 22:37:37 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2010.11.14 16:58:04 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1001319609-1370749333-973425246-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1001319609-1370749333-973425246-1001..\Run: [Steam] d:\games\steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1001319609-1370749333-973425246-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 30 Days ==========
[2010.11.14 17:34:52 | 000,000,000 | ---D | C] -- C:\totalcmd
[2010.11.12 22:03:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Texas Holdem Poker 3D Deluxe Edition DeLEGiON
[2010.11.11 21:56:57 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.11.11 21:56:57 | 000,000,000 | ---D | C] -- C:\rsit
[2010.11.08 21:09:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.11.08 21:09:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.11.08 20:11:16 | 000,000,000 | ---D | C] -- C:\Users\hulda\AppData\Local\Diagnostics
[2010.11.08 18:37:42 | 000,000,000 | ---D | C] -- C:\Users\hulda\AppData\Roaming\Malwarebytes
[2010.11.08 18:37:31 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.11.08 18:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.08 18:34:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malware Scan
[2010.11.07 18:58:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DigiDNA
[2010.11.07 18:54:28 | 000,000,000 | ---D | C] -- C:\Users\hulda\AppData\Roaming\DiskAid
[2010.11.07 14:45:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoftTB
[2010.11.07 14:43:05 | 000,000,000 | ---D | C] -- C:\Users\hulda\Documents\DVDVideoSoft
[2010.11.07 14:43:03 | 000,000,000 | ---D | C] -- C:\Users\hulda\AppData\Roaming\DVDVideoSoft
[2010.11.07 14:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2010.11.07 14:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2010.11.05 20:35:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iPhone Tunnel Suite
[2010.11.05 19:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\Zrychleni Pocitace
[2010.11.05 19:45:27 | 000,000,000 | ---D | C] -- C:\Users\hulda\AppData\Local\OpenCandy
[2010.11.05 19:45:26 | 000,000,000 | ---D | C] -- C:\Users\hulda\AppData\Roaming\OpenCandy
[2010.11.05 19:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSCP
[2010.10.30 18:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.10.30 18:51:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010.10.30 18:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.10.30 18:50:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.10.30 18:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.10.30 18:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010.10.30 18:44:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2010.10.30 18:42:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.10.30 18:39:40 | 000,000,000 | ---D | C] -- C:\Users\hulda\AppData\Roaming\Apple Computer
[2010.10.30 18:39:40 | 000,000,000 | ---D | C] -- C:\Users\hulda\AppData\Local\Apple Computer
[2010.10.30 18:39:36 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2010.10.30 18:39:36 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2010.10.30 18:39:36 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010.10.30 18:39:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010.10.30 18:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010.10.30 18:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.10.30 18:39:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010.10.30 18:39:08 | 000,000,000 | ---D | C] -- C:\Users\hulda\AppData\Local\Apple
[2010.10.30 18:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010.10.30 18:38:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.10.30 18:38:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010.10.30 17:20:37 | 000,000,000 | ---D | C] -- C:\Users\hulda\Documents\FIFA 11
[2010.10.30 17:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Sports
[2010.10.23 15:23:07 | 000,000,000 | ---D | C] -- C:\Users\hulda\Documents\My Received Files
[2010.10.23 15:16:19 | 000,000,000 | ---D | C] -- C:\Users\hulda\Tracing
[2010.10.23 15:15:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010.10.23 15:12:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Softonic-Eng7
[2010.10.17 22:15:28 | 000,000,000 | ---D | C] -- C:\Users\hulda\Documents\ZPS12
[2010.10.17 22:14:28 | 000,000,000 | ---D | C] -- C:\Users\hulda\AppData\Roaming\Zoner
[2010.10.17 22:14:28 | 000,000,000 | ---D | C] -- C:\Users\hulda\AppData\Local\Zoner
[2010.10.17 22:14:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zoner
========== Files - Modified Within 30 Days ==========
[2010.11.14 17:34:53 | 000,000,632 | ---- | M] () -- C:\Users\hulda\Desktop\Total Commander.lnk
[2010.11.14 17:24:04 | 000,000,320 | ---- | M] () -- C:\Windows\WINCMD.INI
[2010.11.14 17:18:08 | 000,669,892 | -H-- | M] () -- C:\TREEINFO.WC
[2010.11.14 17:16:34 | 001,445,734 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.11.14 17:16:34 | 000,622,422 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2010.11.14 17:16:34 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.11.14 17:16:34 | 000,118,604 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2010.11.14 17:16:34 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.11.14 17:06:28 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.14 17:06:28 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.14 16:59:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.14 16:59:12 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.14 16:58:04 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010.11.11 19:52:59 | 000,001,912 | ---- | M] () -- C:\Users\hulda\Desktop\fifaconfig – zástupce.lnk
[2010.11.08 21:09:32 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.07 18:58:07 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\DiskAid.lnk
[2010.11.07 16:18:50 | 000,000,095 | ---- | M] () -- C:\Windows\winamp.ini
[2010.11.06 08:05:19 | 000,000,600 | ---- | M] () -- C:\Users\hulda\AppData\Local\PUTTY.RND
[2010.11.05 21:11:17 | 000,000,600 | ---- | M] () -- C:\Users\hulda\AppData\Roaming\winscp.rnd
[2010.11.05 20:35:42 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\iPhone Tunnel Suite.lnk
[2010.11.05 19:45:28 | 000,001,789 | ---- | M] () -- C:\Users\hulda\Desktop\WinSCP.lnk
[2010.10.30 19:24:50 | 000,093,604 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.10.30 18:54:35 | 000,000,629 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf
[2010.10.30 18:51:44 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.10.30 18:51:01 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.10.30 18:44:02 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010.10.30 17:14:09 | 000,001,676 | ---- | M] () -- C:\Users\hulda\Desktop\fifa – zástupce.lnk
[2010.10.17 22:14:24 | 000,002,057 | ---- | M] () -- C:\Users\Public\Desktop\Zoner Photo Studio 12.lnk
========== Files Created - No Company Name ==========
[2010.11.14 17:34:53 | 000,000,632 | ---- | C] () -- C:\Users\hulda\Desktop\Total Commander.lnk
[2010.11.14 17:13:49 | 000,669,892 | -H-- | C] () -- C:\TREEINFO.WC
[2010.11.14 17:13:37 | 000,000,320 | ---- | C] () -- C:\Windows\WINCMD.INI
[2010.11.11 19:52:59 | 000,001,912 | ---- | C] () -- C:\Users\hulda\Desktop\fifaconfig – zástupce.lnk
[2010.11.08 21:09:32 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.07 18:58:07 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\DiskAid.lnk
[2010.11.05 20:35:42 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\iPhone Tunnel Suite.lnk
[2010.11.05 20:25:54 | 000,000,600 | ---- | C] () -- C:\Users\hulda\AppData\Local\PUTTY.RND
[2010.11.05 19:45:29 | 000,000,600 | ---- | C] () -- C:\Users\hulda\AppData\Roaming\winscp.rnd
[2010.11.05 19:45:28 | 000,001,789 | ---- | C] () -- C:\Users\hulda\Desktop\WinSCP.lnk
[2010.10.30 19:24:50 | 000,093,604 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.10.30 18:54:35 | 000,000,629 | ---- | C] () -- C:\Windows\SysNative\mapisvc.inf
[2010.10.30 18:51:44 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.10.30 18:51:01 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.10.30 18:44:02 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010.10.30 17:14:09 | 000,001,676 | ---- | C] () -- C:\Users\hulda\Desktop\fifa – zástupce.lnk
[2010.10.17 22:14:24 | 000,002,057 | ---- | C] () -- C:\Users\Public\Desktop\Zoner Photo Studio 12.lnk
[2010.05.30 09:42:08 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini
[2010.05.30 09:37:38 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\ldf252.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
========== LOP Check ==========
[2010.06.09 19:40:19 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\ACD Systems
[2010.09.21 22:16:21 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Airytec
[2010.11.14 17:34:21 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Azureus
[2010.05.30 10:12:13 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\DAEMON Tools Lite
[2010.11.07 18:59:11 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\DiskAid
[2010.11.07 16:28:14 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\DVDVideoSoft
[2010.05.30 09:24:54 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\GHISLER
[2010.05.30 10:58:21 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Leadertech
[2010.11.05 19:45:26 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\OpenCandy
[2010.08.07 07:57:12 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Raptr
[2010.10.17 22:14:28 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Zoner
[2010.09.30 17:47:48 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"DAEMON Tools Lite" = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun -- [2010.04.01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd)
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009.07.14 02:39:41 | 001,475,072 | ---- | M] (Microsoft Corporation)
"Steam" = "d:\games\steam\steam.exe" -silent -- [2010.08.24 10:49:50 | 001,242,448 | ---- | M] (Valve Corporation)
< c:\windows\*.* /U >
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010.06.09 19:40:19 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\ACD Systems
[2010.05.30 16:22:50 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Adobe
[2010.09.21 22:16:21 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Airytec
[2010.10.30 19:24:47 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Apple Computer
[2010.11.14 17:34:21 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Azureus
[2010.05.30 10:12:13 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\DAEMON Tools Lite
[2010.11.07 18:59:11 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\DiskAid
[2010.11.07 16:28:14 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\DVDVideoSoft
[2010.05.30 09:24:54 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\GHISLER
[2010.05.30 08:58:26 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Identities
[2010.05.30 10:58:21 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Leadertech
[2010.05.30 09:32:57 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Macromedia
[2010.11.08 18:37:42 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Malwarebytes
[2009.07.14 16:36:38 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Media Center Programs
[2010.11.05 19:49:38 | 000,000,000 | --SD | M] -- C:\Users\hulda\AppData\Roaming\Microsoft
[2010.05.30 09:28:45 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Mozilla
[2010.09.17 17:06:49 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\NVIDIA
[2010.11.05 19:45:26 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\OpenCandy
[2010.08.07 07:57:12 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Raptr
[2010.10.17 22:14:28 | 000,000,000 | ---D | M] -- C:\Users\hulda\AppData\Roaming\Zoner
< %APPDATA%\*.exe /s >
[2010.11.08 18:31:26 | 000,000,074 | ---- | M] () -- C:\Users\hulda\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.exe
[2010.11.08 18:31:26 | 000,000,034 | ---- | M] () -- C:\Users\hulda\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
[2010.11.08 18:31:49 | 000,000,039 | ---- | M] () -- C:\Users\hulda\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
[2010.11.08 19:01:55 | 000,000,040 | ---- | M] () -- C:\Users\hulda\AppData\Roaming\Microsoft\Windows\Recent\FS.exe
[2010.11.08 18:41:21 | 000,000,062 | ---- | M] () -- C:\Users\hulda\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe
[2 C:\Users\hulda\AppData\Roaming\Microsoft\Windows\Recent\*.tmp files -> C:\Users\hulda\AppData\Roaming\Microsoft\Windows\Recent\*.tmp -> ]
[2010.11.05 19:45:27 | 000,349,296 | ---- | M] () -- C:\Users\hulda\AppData\Roaming\OpenCandy\OpenCandy_973240A9A698428AB8F8545061648B3E\DLMgr_3_1.6.87.exe
[2010.10.15 21:41:18 | 000,043,440 | ---- | M] () -- C:\Users\hulda\AppData\Roaming\OpenCandy\OpenCandy_973240A9A698428AB8F8545061648B3E\SpeedstarterCZ.exe
[2010.10.23 00:29:06 | 001,472,552 | ---- | M] (Speedchecker Limited ) -- C:\Users\hulda\AppData\Roaming\OpenCandy\OpenCandy_973240A9A698428AB8F8545061648B3E\ZrychleniPocitace.exe
< MD5 for: AGP440.SYS >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
< MD5 for: CDROM.SYS >
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2009.07.14 02:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\SysWOW64\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\SysWOW64\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
< MD5 for: HAL.DLL >
[2009.07.14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
< MD5 for: IASTORV.SYS >
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys
< MD5 for: LSASS.EXE >
[2009.07.14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
< MD5 for: NDIS.SYS >
[2009.07.14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVRAID.SYS >
[2009.07.14 02:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 02:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
< MD5 for: SMSS.EXE >
[2009.07.14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: TCPIP.SYS >
[2009.07.14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
< MD5 for: WS2_32.DLL >
[2009.07.14 02:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
< End of report >
Re: Smart engine
Vypadá to ok
Ještě znovu spustte OTL, klikněte na tlačítko vyčisti, uklidí po sobě
Pokud nejsou problémy, je to vše
Ještě znovu spustte OTL, klikněte na tlačítko vyčisti, uklidí po sobě Pokud nejsou problémy, je to vše
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Smart engine
moc diky za pomoc...dlouho jsem nepotkal na forech nekoho tak ochotnyho .....
.....Re: Smart engine
Tak to chodíte asi po špatných forech 
.
Není zač, kdyby byly problémy, ozvěte se. Hezký večer
.Není zač, kdyby byly problémy, ozvěte se. Hezký večer
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?