bidne zabezpeceny net+ haze to hlasku o skriptu - jsem v USA

Zpráva

flip. · #1 Příspěvek od **flip.** » 13 led 2011 23:04

Ahoj, nachazim se v USA ted a nejak mi to zacalo vyhazovat hlasku, ze je nejaka stranka zacinajici na ad., a ze blbne skript, ze jestli chci aby bezel dal, nebo ne...

spustil jsem ad-aware a ten nasel infikovany soubor patcher.exe, takl jsem to smazal... avast se mi zda, ze nic nenasel..

tady jsou logy z MBAMU A COMBOFIXU

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Database version: 5512

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

13.01.11 10:13:07
mbam-log-2011-01-13 (10-13-07).txt

Scan type: Quick scan
Objects scanned: 138091
Time elapsed: 17 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ComboFix 11-01-12.04 - c 13.01.11 10:00:25.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1307 [GMT -8:00]
Running from: c:\users\c\Desktop\Apps\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\c\AppData\Roaming\.#
c:\users\c\AppData\Roaming\.#\MBX@1090@172910.###
c:\users\c\AppData\Roaming\.#\MBX@1090@172940.###
c:\users\c\AppData\Roaming\.#\MBX@1090@172970.###
c:\users\c\AppData\Roaming\.#\MBX@1160@1552910.###
c:\users\c\AppData\Roaming\.#\MBX@1160@1552940.###
c:\users\c\AppData\Roaming\.#\MBX@1160@1552970.###
c:\users\c\AppData\Roaming\.#\MBX@126C@15C2910.###
c:\users\c\AppData\Roaming\.#\MBX@126C@15C2940.###
c:\users\c\AppData\Roaming\.#\MBX@126C@15C2970.###
c:\users\c\AppData\Roaming\.#\MBX@1274@932910.###
c:\users\c\AppData\Roaming\.#\MBX@1274@932940.###
c:\users\c\AppData\Roaming\.#\MBX@1274@932970.###
c:\users\c\AppData\Roaming\.#\MBX@150@1562910.###
c:\users\c\AppData\Roaming\.#\MBX@150@1562940.###
c:\users\c\AppData\Roaming\.#\MBX@150@1562970.###
c:\users\c\AppData\Roaming\.#\MBX@16C@782910.###
c:\users\c\AppData\Roaming\.#\MBX@16C@782940.###
c:\users\c\AppData\Roaming\.#\MBX@16C@782970.###
c:\users\c\AppData\Roaming\.#\MBX@17C8@662910.###
c:\users\c\AppData\Roaming\.#\MBX@17C8@662940.###
c:\users\c\AppData\Roaming\.#\MBX@17C8@662970.###
c:\users\c\AppData\Roaming\.#\MBX@260@14F2910.###
c:\users\c\AppData\Roaming\.#\MBX@260@14F2940.###
c:\users\c\AppData\Roaming\.#\MBX@260@14F2970.###
c:\users\c\AppData\Roaming\.#\MBX@660@3A2910.###
c:\users\c\AppData\Roaming\.#\MBX@660@3A2940.###
c:\users\c\AppData\Roaming\.#\MBX@660@3A2970.###
c:\users\c\AppData\Roaming\.#\MBX@B7C@742910.###
c:\users\c\AppData\Roaming\.#\MBX@B7C@742940.###
c:\users\c\AppData\Roaming\.#\MBX@B7C@742970.###
c:\users\c\AppData\Roaming\.#\MBX@E70@1542910.###
c:\users\c\AppData\Roaming\.#\MBX@E70@1542940.###
c:\users\c\AppData\Roaming\.#\MBX@E70@1542970.###
c:\users\c\AppData\Roaming\.#\MBX@E84@342910.###
c:\users\c\AppData\Roaming\.#\MBX@E84@342940.###
c:\users\c\AppData\Roaming\.#\MBX@E84@342970.###
c:\users\c\AppData\Roaming\.#\MBX@F38@14F2910.###
c:\users\c\AppData\Roaming\.#\MBX@F38@14F2940.###
c:\users\c\AppData\Roaming\.#\MBX@F38@14F2970.###

.
((((((((((((((((((((((((( Files Created from 2010-12-13 to 2011-01-13 )))))))))))))))))))))))))))))))
.

2011-01-13 18:28 . 2011-01-13 18:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-13 17:53 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-13 17:53 . 2011-01-13 17:53 -------- d-----w- c:\programdata\Malwarebytes
2011-01-13 17:53 . 2011-01-13 17:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-13 17:53 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-10 23:00 . 2011-01-10 23:00 203576 ----a-w- c:\windows\system32\richtx32.ocx
2011-01-10 23:00 . 2011-01-10 23:00 140288 ----a-w- c:\windows\system32\comdlg32.ocx
2011-01-10 23:00 . 2011-01-10 23:00 124688 ----a-w- c:\windows\system32\mswinsck.ocx
2011-01-10 19:34 . 2011-01-10 19:34 -------- d-----w- c:\programdata\TomTom
2011-01-10 19:29 . 2011-01-10 19:29 -------- d-----w- c:\program files\TomTom International B.V
2011-01-10 19:29 . 2011-01-10 19:29 -------- d-----w- c:\program files\TomTom HOME 2
2011-01-10 17:32 . 2011-01-10 18:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-01-10 17:32 . 2011-01-10 17:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-10 17:29 . 2011-01-10 17:23 15880 ----a-w- c:\windows\system32\lsdelete.exe
2011-01-10 17:17 . 2010-11-22 08:50 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-01-10 17:17 . 2011-01-10 17:17 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-01-10 17:08 . 2011-01-10 17:08 -------- dc-h--w- c:\programdata\{589802B2-1BF3-4609-9ADE-CF6E6608D06D}
2011-01-10 17:07 . 2011-01-10 17:17 -------- d-----w- c:\programdata\Lavasoft
2011-01-10 17:07 . 2011-01-10 17:07 -------- d-----w- c:\program files\Lavasoft
2011-01-03 01:29 . 2011-01-10 17:17 -------- dc----w- c:\windows\system32\DRVSTORE
2011-01-03 01:29 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-01-03 01:29 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-01-03 01:28 . 2011-01-03 01:28 -------- d-----w- c:\program files\iPod
2011-01-03 01:28 . 2011-01-03 01:29 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-01-03 01:28 . 2011-01-03 01:29 -------- d-----w- c:\program files\iTunes
2010-12-30 18:49 . 2010-12-30 18:49 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-12-30 05:57 . 2010-12-30 05:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-12-30 02:52 . 2010-12-30 02:52 -------- d-----w- c:\program files\Google
2010-12-25 16:45 . 2010-12-25 16:45 -------- d-----w- c:\programdata\HP
2010-12-25 16:12 . 2009-06-22 17:58 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2010-12-22 17:16 . 2010-12-22 17:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-12-20 16:05 . 2010-12-20 16:05 -------- d-----w- c:\program files\Common Files\COWON
2010-12-20 16:05 . 2010-12-20 16:05 -------- d-----w- c:\program files\JetAudio
2010-12-20 10:34 . 2010-12-20 10:34 -------- d-----w- c:\windows\system32\Wat
2010-12-20 04:22 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-12-20 04:21 . 2009-11-25 11:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-12-20 04:21 . 2009-11-25 11:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-12-20 04:21 . 2009-11-25 11:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-12-20 04:21 . 2009-11-25 11:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-12-20 04:21 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-12-20 04:17 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-12-20 04:16 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-12-20 04:16 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-12-20 03:24 . 2010-12-19 18:36 -------- d-----w- c:\windows\Panther
2010-12-20 03:23 . 2010-12-20 03:23 -------- d-----w- C:\Boot
2010-12-20 03:10 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-20 03:07 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-12-20 03:07 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-12-20 03:07 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-12-20 03:07 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-19 19:40 . 2010-12-19 19:40 -------- d-----w- c:\windows\system32\Macromed
2010-12-19 19:29 . 2010-12-19 19:29 -------- d-----w- c:\program files\ICQ-Banner-Remover
2010-12-19 19:26 . 2010-12-19 19:26 -------- d--h--w- c:\windows\AxInstSV
2010-12-19 19:24 . 2010-12-19 19:24 -------- d-----w- c:\program files\Common Files\Skype
2010-12-19 19:24 . 2010-12-19 19:24 -------- d-----r- c:\program files\Skype
2010-12-19 19:24 . 2010-12-19 19:24 -------- d-----w- c:\programdata\Skype
2010-12-19 19:23 . 2011-01-07 18:09 -------- d-----w- c:\program files\ICQ7.2
2010-12-19 19:21 . 2008-11-10 10:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-12-19 19:21 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-12-19 19:21 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-19 19:21 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-19 19:21 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-19 19:21 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-19 19:20 . 2010-09-07 15:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-12-19 19:17 . 2010-12-19 19:17 -------- d-----r- C:\MSOCache
2010-12-19 19:15 . 2010-12-19 19:15 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-12-19 19:14 . 2010-12-19 19:15 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-12-19 19:13 . 2010-12-19 19:13 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-12-19 19:13 . 2010-12-19 19:13 -------- d-----w- c:\programdata\Logitech
2010-12-19 19:12 . 2010-12-19 19:12 -------- d-----w- c:\program files\MoRUN.net
2010-12-19 19:12 . 2011-01-09 21:48 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-12-19 19:11 . 2010-12-19 19:12 -------- d-----w- c:\programdata\Logishrd
2010-12-19 19:11 . 2010-12-19 19:11 -------- d-----w- c:\program files\Logitech
2010-12-19 19:11 . 2010-12-19 19:12 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-12-19 19:10 . 2010-12-19 19:10 -------- d-----w- c:\program files\CCleaner
2010-12-19 19:10 . 2010-12-19 21:39 -------- d-----w- c:\program files\CamStudio
2010-12-19 19:10 . 2010-12-19 19:10 -------- d-----w- c:\program files\Xvid CZ
2010-12-19 19:10 . 2011-01-13 17:14 -------- d-----w- c:\program files\BetVoyager Online Casino
2010-12-19 19:10 . 2010-12-19 19:10 -------- d-----w- c:\programdata\ESTsoft
2010-12-19 19:10 . 2010-12-19 19:10 -------- d-----w- c:\program files\ESTsoft
2010-12-19 19:05 . 2010-12-19 19:05 -------- d-----w- c:\program files\DellTPad
2010-12-19 19:05 . 2007-06-25 18:51 100418 ----a-w- c:\windows\system32\Vxdif.dll
2010-12-19 19:05 . 2007-06-25 17:53 155136 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2010-12-19 19:05 . 2006-11-02 07:09 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2010-12-19 19:04 . 2006-11-14 23:16 32256 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2010-12-19 19:04 . 2006-11-14 18:42 43520 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2010-12-19 19:04 . 2004-09-03 09:00 90112 ----a-w- c:\windows\system32\snymsico.dll
2010-12-19 19:03 . 2007-09-07 09:25 102400 ----a-w- c:\windows\system32\stacsv.exe
2010-12-19 19:03 . 2007-09-07 09:24 4947968 ----a-w- c:\windows\system32\stacgui.cpl
2010-12-19 19:03 . 2007-08-29 12:25 53248 ----a-w- c:\windows\system32\aestaren.dll
2010-12-19 19:03 . 2007-08-29 12:25 73728 ----a-w- c:\windows\system32\AEstSrv.exe
2010-12-19 19:03 . 2007-08-29 12:25 131072 ----a-w- c:\windows\system32\aestacap.dll
2010-12-19 19:03 . 2007-08-29 12:25 643072 ----a-w- c:\windows\system32\aestecap.dll
2010-12-19 19:03 . 2007-04-10 17:02 1601536 ----a-w- c:\windows\system32\stlang.dll
2010-12-19 19:02 . 2010-12-20 16:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-12-19 19:02 . 2010-12-19 19:02 -------- d-----w- c:\program files\SigmaTel
2010-12-19 19:02 . 2007-09-07 09:26 330240 ----a-w- c:\windows\system32\drivers\stwrt.sys
2010-12-19 19:02 . 2007-09-07 09:25 328704 ----a-w- c:\windows\system32\stcplx.dll
2010-12-19 19:02 . 2007-09-07 09:25 595968 ----a-w- c:\windows\system32\stapo.dll
2010-12-19 19:02 . 2007-09-07 09:24 146944 ----a-w- c:\windows\system32\staco.dll
2010-12-19 19:02 . 2007-09-07 09:23 299520 ----a-w- c:\windows\system32\stapi32.dll
2010-12-19 19:02 . 2007-03-05 13:05 45568 ----a-w- c:\windows\system32\ctppld.dll
2010-12-19 19:02 . 2007-03-05 13:05 492544 ----a-w- c:\windows\system32\ctapo32.dll
2010-12-19 19:02 . 2010-12-19 19:02 -------- d-----w- c:\program files\Common Files\InstallShield
2010-12-19 19:02 . 2010-12-19 19:02 -------- d-----w- C:\dell
2010-12-19 18:58 . 2011-01-13 15:21 -------- d-----w- c:\programdata\NVIDIA
2010-12-19 18:57 . 2011-01-12 08:33 -------- d-sh--w- c:\windows\Installer
2010-12-19 18:57 . 2010-12-19 18:57 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-12-19 18:53 . 2010-10-19 09:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-19 18:50 . 2010-12-19 18:57 -------- d-----w- c:\program files\NVIDIA Corporation
2010-12-19 18:50 . 2010-12-19 18:50 -------- d-----w- C:\NVIDIA
2010-12-19 18:39 . 2011-01-10 19:37 -------- d-----w- c:\windows\system32\wbem\Performance
2010-12-19 18:38 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-12-19 18:38 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-12-19 18:36 . 2010-12-19 18:36 -------- d-----w- c:\users\c
2010-12-19 18:36 . 2010-12-19 18:36 -------- d-----w- C:\Recovery

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-10-16 18:55 . 2010-12-19 18:56 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-10-16 11:42 . 2010-10-16 11:42 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-10-16 11:42 . 2010-10-16 11:42 600680 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 11:42 . 2010-10-16 11:42 279144 ----a-w- c:\windows\system32\nvhotkey.dll
2010-10-16 11:42 . 2010-10-16 11:42 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-10-16 11:42 . 2010-10-16 11:42 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 11:42 . 2010-10-16 11:42 3420776 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 11:42 . 2010-10-16 11:42 2079336 ----a-w- c:\windows\system32\nvsvc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\c\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-12-19 136176]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-03 15028104]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-10-16 279144]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-20 1343400]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-11-22 64288]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-19 691696]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-12-22 1402272]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-11-22 15264]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

.
Contents of the 'Scheduled Tasks' folder

2011-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1250615672-1310049006-2949046049-1001Core.job
- c:\users\c\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 18:43]

2011-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1250615672-1310049006-2949046049-1001UA.job
- c:\users\c\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 18:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://eu.ask.com?o=102866&l=dis&gct=hp
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-13 10:33:36
ComboFix-quarantined-files.txt 2011-01-13 18:33

Pre-Run: 262,647,607,296 bytes free
Post-Run: 262,937,305,088 bytes free

- - End Of File - - 8A47E980F6656D388E2D0DDBF5DEAE1F

DIKY MOC ZA POMOC...

flip. · #2 Příspěvek od **flip.** » 14 led 2011 18:01

a mimo to je teda PC neskutecne zpomalene...

#3 Příspěvek od **motji** » 14 led 2011 22:55

Dobrý večer

Po použití combofixu se něco změnilo?

Nedoporučujeme používat combofix bez dozoru rádce, při nesprávnem použití může dojít k poškození systému.

flip. · #4 Příspěvek od **flip.** » 15 led 2011 01:45

nic se nezmenilo...
nevim, jestli combofix neco mazal, delal jsem jen scan..

takhle to vypada:

Uploaded with ImageShack.us

a celkove je pc dost pomale...

pls help

diky moc

#5 Příspěvek od **motji** » 15 led 2011 09:49

Combofix něco maže automaticky.

Ten skript Vám hází na ploše nebo v nějakém prohlížeči?

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

flip. · #6 Příspěvek od **flip.** » 16 led 2011 21:24

napise mi top tohle a logy nikde nevidim:/

Uploaded with ImageShack.us

hlaska mi porad vyskakuje a PC je porad pomale...

hlavne se bojim, aby mi nekdo neukradl hesla, protoze pouzivam internet banking a jiny financni transakce, email apod... je toto mozne?

#7 Příspěvek od **motji** » 16 led 2011 21:28

Zkuste ho spustit v nouzovém režimu ( po restartu mačkejte F8)

flip. · #8 Příspěvek od **flip.** » 16 led 2011 22:17

OTL Extras logfile created on: 16.01.11 13:08:28 - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\c\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd.MM.yy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 295.04 Gb Total Space | 243.87 Gb Free Space | 82.66% Space Free | Partition Type: NTFS

Computer Name: C-PC | User Name: c | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1250615672-1310049006-2949046049-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\c\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{087C2584-FCE8-42E0-9613-3403BF52ABD8}_is1" = Xvid CZ
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{620797B0-A022-4B57-A95E-CD7DD0325015}" = MoRUN.net Sticker Lite
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic VX
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ALZip_is1" = ALZip
"avast5" = avast! Free Antivirus
"BetVoyager Online Casino" = BetVoyager Online Casino 1.0.1.8
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Picasa 3" = Picasa 3
"SP6" = Logitech SetPoint 6.0
"TomTom HOME" = TomTom HOME 2.7.6.2056

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1250615672-1310049006-2949046049-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15.01.11 04:27:37 | Computer Name = c-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4400

Error - 15.01.11 05:37:10 | Computer Name = c-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 15.01.11 05:37:10 | Computer Name = c-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4176365

Error - 15.01.11 05:37:10 | Computer Name = c-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4176365

Error - 15.01.11 15:53:04 | Computer Name = c-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
0x4d27c1b0 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00604e00 Faulting process id: 0x15c4 Faulting application
start time: 0x01cbb4e23d0464f0 Faulting application path: C:\Users\c\AppData\Local\Google\Chrome\Application\chrome.exe
Faulting
module path: unknown Report Id: 1030c5be-20e1-11e0-9400-001ec9021be1

Error - 15.01.11 15:53:10 | Computer Name = c-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
0x4d27c1b0 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00604e00 Faulting process id: 0x15c4 Faulting application
start time: 0x01cbb4e23d0464f0 Faulting application path: C:\Users\c\AppData\Local\Google\Chrome\Application\chrome.exe
Faulting
module path: unknown Report Id: 13e96ee1-20e1-11e0-9400-001ec9021be1

Error - 15.01.11 16:53:43 | Computer Name = c-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 15.01.11 23:18:58 | Computer Name = c-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
0x4d27c1b0 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x02583c40 Faulting process id: 0x1214 Faulting application
start time: 0x01cbb526b7297a9f Faulting application path: C:\Users\c\AppData\Local\Google\Chrome\Application\chrome.exe
Faulting
module path: unknown Report Id: 5ad16870-211f-11e0-9400-001ec9021be1

Error - 16.01.11 07:21:37 | Computer Name = c-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 16.01.11 16:11:41 | Computer Name = c-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.20.2 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 59c Start Time:
01cbb5b9439c3736 Termination Time: 6 Application Path: C:\Users\c\Desktop\OTL.exe

Report
Id:

[ System Events ]
Error - 16.01.11 17:06:55 | Computer Name = c-PC | Source = DCOM | ID = 10005
Description =

Error - 16.01.11 17:06:57 | Computer Name = c-PC | Source = DCOM | ID = 10005
Description =

Error - 16.01.11 17:06:57 | Computer Name = c-PC | Source = DCOM | ID = 10005
Description =

Error - 16.01.11 17:06:57 | Computer Name = c-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 16.01.11 17:06:58 | Computer Name = c-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 16.01.11 17:06:58 | Computer Name = c-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 16.01.11 17:06:58 | Computer Name = c-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 16.01.11 17:06:58 | Computer Name = c-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 16.01.11 17:06:58 | Computer Name = c-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 16.01.11 17:06:58 | Computer Name = c-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

< End of report >

flip. · #9 Příspěvek od **flip.** » 16 led 2011 22:23

OTL logfile created on: 16.01.11 13:08:28 - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\c\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd.MM.yy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 295.04 Gb Total Space | 243.87 Gb Free Space | 82.66% Space Free | Partition Type: NTFS

Computer Name: C-PC | User Name: c | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.01.15 19:10:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\c\Desktop\OTL.exe
PRC - [2011.01.07 19:35:52 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Users\c\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010.12.22 01:04:14 | 000,936,712 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010.12.22 01:04:06 | 001,402,272 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010.11.22 00:50:18 | 000,755,096 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
PRC - [2009.10.30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011.01.15 19:10:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\c\Desktop\OTL.exe
MOD - [2010.08.20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009.07.13 17:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.13 17:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.13 17:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.13 17:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.13 17:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.13 17:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.13 17:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010.12.22 01:04:06 | 001,402,272 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.12.19 20:16:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.11.01 20:36:16 | 000,801,792 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010.10.16 02:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.10.15 15:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.09.07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.09.07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.09.07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.08.24 01:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.01.29 13:17:14 | 000,292,944 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.07.13 17:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.13 17:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.13 17:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.13 17:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.13 17:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.13 17:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009.07.13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.13 17:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.13 17:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.13 17:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.13 17:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.13 17:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.13 17:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.13 17:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009.07.13 17:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.13 17:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007.09.07 01:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007.08.29 04:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)

========== Driver Services (SafeList) ==========

DRV - [2010.12.19 11:15:11 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.11.22 00:50:19 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010.11.22 00:50:18 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010.10.16 10:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.09.07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.09.07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.09.07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.09.07 07:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010.09.07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.12.10 23:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.11.10 03:55:08 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.11.10 03:54:52 | 000,035,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.07.13 17:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.13 17:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.13 17:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.13 17:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.13 17:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.13 17:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.13 17:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.13 17:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.13 17:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.13 17:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.13 17:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.13 17:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.13 17:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.13 17:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.13 17:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.13 17:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.13 17:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.13 17:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.13 17:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.13 17:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.13 17:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.13 17:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.13 17:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.13 17:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.13 17:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.13 17:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.13 17:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.13 17:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.13 17:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.13 17:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.13 17:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.13 17:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.13 17:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.13 17:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.13 17:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.13 17:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.13 17:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.13 17:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.13 17:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.13 17:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.13 17:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.13 16:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009.07.13 16:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.13 16:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.13 15:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.13 15:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.13 15:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.13 15:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.13 15:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009.07.13 15:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.13 15:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.13 15:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.13 15:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.13 15:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.13 15:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.13 15:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.13 15:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.13 15:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.13 15:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.13 15:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.13 15:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.13 14:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.13 14:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.13 14:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.13 14:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.13 14:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.13 14:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.13 14:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009.07.13 14:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009.07.13 14:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009.07.13 14:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.13 14:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.13 14:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.13 14:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2007.10.10 08:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007.09.07 01:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.06.25 09:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.03.05 01:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006.11.14 15:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006.11.14 10:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.14 08:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1250615672-1310049006-2949046049-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1250615672-1310049006-2949046049-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=102866&l=dis&gct=hp
IE - HKU\S-1-5-21-1250615672-1310049006-2949046049-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1250615672-1310049006-2949046049-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 03 7A AF E8 AB 9F CB 01 [binary data]
IE - HKU\S-1-5-21-1250615672-1310049006-2949046049-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1250615672-1310049006-2949046049-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1250615672-1310049006-2949046049-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1250615672-1310049006-2949046049-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2

[2011.01.10 11:32:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\c\AppData\Roaming\mozilla\Extensions
[2011.01.10 11:32:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\c\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.01.10 11:44:28 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

O1 HOSTS File: ([2011.01.13 10:28:19 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-1250615672-1310049006-2949046049-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1250615672-1310049006-2949046049-1001..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-1250615672-1310049006-2949046049-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1250615672-1310049006-2949046049-1001..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1250615672-1310049006-2949046049-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1250615672-1310049006-2949046049-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1250615672-1310049006-2949046049-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.xvid - C:\Windows\System32\xvid.dll ()

flip. · #10 Příspěvek od **flip.** » 16 led 2011 22:23

========== Files/Folders - Created Within 30 Days ==========

[2011.01.15 19:10:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\c\Desktop\OTL.exe
[2011.01.15 10:48:46 | 000,000,000 | -HSD | C] -- C:\Users\c\AppData\Roaming\.#
[2011.01.14 21:42:19 | 000,000,000 | ---D | C] -- C:\Users\c\Desktop\chrysler
[2011.01.13 10:33:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.01.13 09:57:16 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.01.13 09:57:16 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.01.13 09:57:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.01.13 09:57:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.01.13 09:56:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.01.13 09:55:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.01.13 09:53:54 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\Malwarebytes
[2011.01.13 09:53:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.01.13 09:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.13 09:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.13 09:53:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.01.13 09:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.01.11 12:55:29 | 000,000,000 | ---D | C] -- C:\Users\c\Desktop\IDs
[2011.01.11 12:34:41 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.11 12:34:37 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.01.11 12:34:37 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.01.11 12:34:37 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.01.11 12:34:37 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.01.11 12:34:36 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011.01.11 12:34:36 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011.01.11 12:34:36 | 000,801,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011.01.11 12:34:36 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.01.11 12:34:36 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.01.11 12:34:36 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.01.11 12:34:36 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.01.11 12:34:36 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.01.11 12:34:36 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.01.11 12:34:36 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.01.11 12:34:35 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.01.10 15:00:51 | 000,203,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\richtx32.ocx
[2011.01.10 15:00:51 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.ocx
[2011.01.10 15:00:50 | 000,124,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswinsck.ocx
[2011.01.10 11:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TomTom
[2011.01.10 11:33:43 | 000,000,000 | ---D | C] -- C:\Users\c\Documents\TomTom
[2011.01.10 11:33:27 | 000,000,000 | ---D | C] -- C:\Users\c\Desktop\tomtom
[2011.01.10 11:32:40 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\TomTom
[2011.01.10 11:32:40 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Local\TomTom
[2011.01.10 11:32:40 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\Mozilla
[2011.01.10 11:32:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
[2011.01.10 11:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2011.01.10 11:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
[2011.01.10 09:32:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.01.10 09:32:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.01.10 09:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.01.10 09:17:29 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011.01.10 09:17:25 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.01.10 09:08:37 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Local\Sunbelt Software
[2011.01.10 09:08:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\{589802B2-1BF3-4609-9ADE-CF6E6608D06D}
[2011.01.10 09:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011.01.10 09:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011.01.10 09:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011.01.04 15:57:31 | 000,000,000 | ---D | C] -- C:\Users\c\Desktop\stuff
[2011.01.03 16:50:04 | 000,000,000 | ---D | C] -- C:\Users\c\Desktop\Others
[2011.01.02 17:29:27 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\Apple Computer
[2011.01.02 17:29:27 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Local\Apple Computer
[2011.01.02 17:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.01.02 17:29:13 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011.01.02 17:29:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011.01.02 17:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.01.02 17:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.01.02 17:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.01.02 17:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.01.02 17:28:02 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011.01.02 17:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.01.02 17:27:54 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Local\Apple
[2011.01.02 17:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011.01.02 17:27:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.01.02 17:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011.01.02 17:27:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011.01.02 14:39:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011.01.02 06:50:44 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Local\PackageAware
[2010.12.29 21:57:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2010.12.29 21:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010.12.29 18:52:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2010.12.29 18:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010.12.29 18:20:08 | 000,000,000 | ---D | C] -- C:\Users\c\Desktop\Pictures
[2010.12.25 08:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2010.12.22 09:17:57 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Local\Adobe
[2010.12.22 09:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010.12.22 09:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010.12.22 09:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.12.20 08:07:34 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\COWON
[2010.12.20 08:05:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COWON Media Center - jetAudio
[2010.12.20 08:05:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\COWON
[2010.12.20 08:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\JetAudio
[2010.12.20 02:34:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2010.12.19 20:21:46 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.12.19 20:21:46 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.12.19 20:21:46 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.12.19 20:17:39 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.12.19 20:16:55 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2010.12.19 19:28:18 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.12.19 19:26:08 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010.12.19 19:25:05 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010.12.19 19:24:03 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010.12.19 19:23:48 | 000,000,000 | ---D | C] -- C:\Boot
[2010.12.19 19:11:38 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.12.19 19:11:38 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.12.19 19:11:37 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010.12.19 19:11:37 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.12.19 19:11:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.19 19:11:31 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010.12.19 19:11:31 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010.12.19 19:11:31 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010.12.19 19:11:31 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.12.19 19:11:31 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.12.19 19:11:28 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.19 19:11:27 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.12.19 19:11:27 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.19 19:11:27 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.19 19:11:27 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.12.19 19:11:27 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.19 19:11:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.12.19 19:11:27 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.12.19 19:11:27 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.12.19 19:11:27 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.12.19 19:11:27 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.12.19 19:11:26 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.19 19:11:25 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.19 19:11:25 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.19 19:11:25 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2010.12.19 19:11:23 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.12.19 19:11:23 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010.12.19 19:11:19 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.12.19 19:11:15 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010.12.19 19:11:15 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010.12.19 19:11:15 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010.12.19 19:11:13 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.12.19 19:11:11 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.12.19 19:11:11 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.12.19 19:11:02 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.12.19 19:11:01 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.12.19 19:11:01 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2010.12.19 19:10:59 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.12.19 19:10:59 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.19 19:10:59 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.19 19:10:59 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.19 19:10:58 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.12.19 19:10:58 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.12.19 19:10:57 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2010.12.19 19:10:56 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.12.19 19:10:55 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.12.19 19:10:49 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.12.19 19:10:49 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.19 19:10:48 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010.12.19 19:10:48 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010.12.19 19:10:48 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010.12.19 19:10:48 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010.12.19 19:10:48 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010.12.19 19:10:48 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010.12.19 19:10:48 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010.12.19 19:10:48 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010.12.19 19:10:47 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.12.19 19:10:47 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
[2010.12.19 19:07:17 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.19 12:07:10 | 000,000,000 | ---D | C] -- C:\Users\c\Desktop\R
[2010.12.19 11:41:27 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\skypePM
[2010.12.19 11:40:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010.12.19 11:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ-Banner-Remover
[2010.12.19 11:26:14 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2010.12.19 11:24:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.2
[2010.12.19 11:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2010.12.19 11:24:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.12.19 11:24:19 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010.12.19 11:24:19 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\Skype
[2010.12.19 11:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.12.19 11:23:36 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\ICQ
[2010.12.19 11:23:34 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Local\AOL
[2010.12.19 11:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.2
[2010.12.19 11:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2010.12.19 11:21:42 | 000,032,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
[2010.12.19 11:21:11 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010.12.19 11:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2010.12.19 11:21:10 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010.12.19 11:21:08 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010.12.19 11:21:01 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010.12.19 11:20:52 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010.12.19 11:20:42 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010.12.19 11:20:42 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010.12.19 11:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010.12.19 11:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2010.12.19 11:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.12.19 11:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010.12.19 11:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010.12.19 11:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010.12.19 11:19:59 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.12.19 11:19:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.12.19 11:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010.12.19 11:18:11 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Local\Microsoft Help
[2010.12.19 11:18:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010.12.19 11:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010.12.19 11:17:23 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010.12.19 11:15:11 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010.12.19 11:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2010.12.19 11:14:58 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010.12.19 11:13:39 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\DAEMON Tools Lite
[2010.12.19 11:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010.12.19 11:13:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2010.12.19 11:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MoRUN.net
[2010.12.19 11:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\MoRUN.net
[2010.12.19 11:12:15 | 000,016,400 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys
[2010.12.19 11:11:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2010.12.19 11:11:53 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\ESTsoft
[2010.12.19 11:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2010.12.19 11:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010.12.19 11:11:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2010.12.19 11:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2010.12.19 11:11:03 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\Logitech
[2010.12.19 11:11:02 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\Logishrd
[2010.12.19 11:10:56 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
[2010.12.19 11:10:55 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.12.19 11:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio
[2010.12.19 11:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2010.12.19 11:10:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid CZ
[2010.12.19 11:10:32 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid CZ
[2010.12.19 11:10:18 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BetVoyager Online Casino
[2010.12.19 11:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BetVoyager Online Casino
[2010.12.19 11:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\BetVoyager Online Casino
[2010.12.19 11:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\ESTsoft
[2010.12.19 11:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESTsoft
[2010.12.19 11:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESTsoft
[2010.12.19 11:05:49 | 000,000,000 | ---D | C] -- C:\Program Files\DellTPad
[2010.12.19 11:05:43 | 001,419,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01005.dll
[2010.12.19 11:05:43 | 000,155,136 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\System32\drivers\Apfiltr.sys
[2010.12.19 11:05:43 | 000,100,418 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\System32\Vxdif.dll
[2010.12.19 11:04:05 | 000,090,112 | ---- | C] (Sony Corporation) -- C:\Windows\System32\snymsico.dll
[2010.12.19 11:04:05 | 000,043,520 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys
[2010.12.19 11:04:05 | 000,032,256 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys
[2010.12.19 11:03:13 | 004,947,968 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stacgui.cpl
[2010.12.19 11:03:13 | 001,601,536 | ---- | C] (SigmaTel, Inc.) -- C:\Windows\System32\stlang.dll
[2010.12.19 11:03:13 | 000,643,072 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\aestecap.dll
[2010.12.19 11:03:13 | 000,131,072 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\aestacap.dll
[2010.12.19 11:03:13 | 000,102,400 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
[2010.12.19 11:03:13 | 000,073,728 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
[2010.12.19 11:03:13 | 000,053,248 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\aestaren.dll
[2010.12.19 11:02:48 | 000,595,968 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapo.dll
[2010.12.19 11:02:48 | 000,492,544 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\ctapo32.dll
[2010.12.19 11:02:48 | 000,330,240 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys
[2010.12.19 11:02:48 | 000,328,704 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stcplx.dll
[2010.12.19 11:02:48 | 000,299,520 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
[2010.12.19 11:02:48 | 000,146,944 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\staco.dll
[2010.12.19 11:02:48 | 000,045,568 | ---- | C] (Creative Technology Ltd) -- C:\Windows\System32\ctppld.dll
[2010.12.19 11:02:48 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010.12.19 11:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\SigmaTel
[2010.12.19 11:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010.12.19 11:02:39 | 000,000,000 | ---D | C] -- C:\dell
[2010.12.19 11:01:36 | 000,000,000 | ---D | C] -- C:\Users\c\Desktop\Apps
[2010.12.19 10:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2010.12.19 10:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010.12.19 10:57:18 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010.12.19 10:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010.12.19 10:56:48 | 014,899,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010.12.19 10:56:48 | 013,019,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010.12.19 10:56:48 | 010,084,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010.12.19 10:56:48 | 010,023,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2010.12.19 10:56:48 | 005,473,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2010.12.19 10:56:48 | 004,837,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010.12.19 10:56:48 | 002,912,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010.12.19 10:56:48 | 002,666,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010.12.19 10:56:48 | 001,719,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2010.12.19 10:56:48 | 000,888,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco322050.dll
[2010.12.19 10:56:48 | 000,813,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco322030.dll
[2010.12.19 10:56:48 | 000,319,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll
[2010.12.19 10:56:48 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010.12.19 10:56:48 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010.12.19 10:53:08 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.12.19 10:52:04 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2010.12.19 10:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010.12.19 10:50:32 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010.12.19 10:45:11 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\Macromedia
[2010.12.19 10:45:11 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\Adobe
[2010.12.19 10:43:05 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Local\Google
[2010.12.19 10:42:52 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Local\Apps
[2010.12.19 10:42:51 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Local\Deployment
[2010.12.19 10:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam
[2010.12.19 10:36:51 | 000,000,000 | R--D | C] -- C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2010.12.19 10:36:51 | 000,000,000 | R--D | C] -- C:\Users\c\Searches
[2010.12.19 10:36:51 | 000,000,000 | R--D | C] -- C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2010.12.19 10:36:51 | 000,000,000 | -H-D | C] -- C:\Users\c\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010.12.19 10:36:39 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\Identities
[2010.12.19 10:36:38 | 000,000,000 | R--D | C] -- C:\Users\c\Contacts
[2010.12.19 10:36:31 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Local\VirtualStore
[2010.12.19 10:36:29 | 000,000,000 | --SD | C] -- C:\Users\c\AppData\Roaming\Microsoft
[2010.12.19 10:36:29 | 000,000,000 | R--D | C] -- C:\Users\c\Videos
[2010.12.19 10:36:29 | 000,000,000 | R--D | C] -- C:\Users\c\Saved Games
[2010.12.19 10:36:29 | 000,000,000 | R--D | C] -- C:\Users\c\Pictures
[2010.12.19 10:36:29 | 000,000,000 | R--D | C] -- C:\Users\c\Music
[2010.12.19 10:36:29 | 000,000,000 | R--D | C] -- C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2010.12.19 10:36:29 | 000,000,000 | R--D | C] -- C:\Users\c\Links
[2010.12.19 10:36:29 | 000,000,000 | R--D | C] -- C:\Users\c\Favorites
[2010.12.19 10:36:29 | 000,000,000 | R--D | C] -- C:\Users\c\Downloads
[2010.12.19 10:36:29 | 000,000,000 | R--D | C] -- C:\Users\c\Documents
[2010.12.19 10:36:29 | 000,000,000 | R--D | C] -- C:\Users\c\Desktop
[2010.12.19 10:36:29 | 000,000,000 | R--D | C] -- C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\AppData\Local\Temporary Internet Files
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\Templates
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\Start Menu
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\SendTo
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\Recent
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\PrintHood
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\NetHood
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\Documents\My Videos
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\Documents\My Pictures
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\Documents\My Music
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\My Documents
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\Local Settings
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\AppData\Local\History
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\Cookies
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\Application Data
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\AppData\Local\Application Data
[2010.12.19 10:36:29 | 000,000,000 | -H-D | C] -- C:\Users\c\AppData
[2010.12.19 10:36:29 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Local\Temp
[2010.12.19 10:36:29 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Local\Microsoft
[2010.12.19 10:36:29 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\Media Center Programs
[2010.12.19 10:36:15 | 000,000,000 | ---D | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2011.01.16 13:07:15 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.01.16 13:06:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.16 13:06:13 | 2414,379,008 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.16 13:04:55 | 000,009,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.16 13:04:55 | 000,009,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.16 12:48:00 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1250615672-1310049006-2949046049-1001UA.job
[2011.01.16 12:23:19 | 000,124,303 | ---- | M] () -- C:\Users\c\Desktop\error.jpg
[2011.01.15 19:10:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\c\Desktop\OTL.exe
[2011.01.14 16:44:12 | 000,028,021 | ---- | M] () -- C:\Users\c\Desktop\script error.JPG
[2011.01.13 19:48:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1250615672-1310049006-2949046049-1001Core.job
[2011.01.13 10:28:19 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.01.13 09:53:26 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.11 23:14:29 | 001,165,733 | ---- | M] () -- C:\Users\c\Desktop\how to tom-tom.docx
[2011.01.11 23:14:29 | 000,000,162 | -H-- | M] () -- C:\Users\c\Desktop\~$w to tom-tom.docx
[2011.01.11 13:05:52 | 002,187,683 | ---- | M] () -- C:\Users\c\Desktop\photographs.zip
[2011.01.11 13:05:45 | 000,330,012 | ---- | M] () -- C:\Users\c\Desktop\state id back with address.JPG
[2011.01.11 13:05:01 | 000,920,048 | ---- | M] () -- C:\Users\c\Desktop\state id front.JPG
[2011.01.11 13:04:44 | 000,899,916 | ---- | M] () -- C:\Users\c\Desktop\passport.JPG
[2011.01.11 12:50:02 | 000,062,465 | ---- | M] () -- C:\Users\c\Desktop\insurance statement valid from 29-09-2010 to 28-09-2011.jpg
[2011.01.10 23:27:38 | 004,510,208 | ---- | M] () -- C:\Users\c\Desktop\sixlines.xls
[2011.01.10 15:00:51 | 000,203,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\richtx32.ocx
[2011.01.10 15:00:51 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.ocx
[2011.01.10 15:00:50 | 000,124,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mswinsck.ocx
[2011.01.10 11:37:33 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.01.10 11:37:33 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.01.10 09:17:25 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.01.10 09:08:01 | 000,001,124 | ---- | M] () -- C:\Users\c\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011.01.10 09:08:01 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.01.09 13:48:12 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys
[2011.01.02 18:23:38 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.29 11:57:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.12.25 05:06:47 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.20 08:05:38 | 000,001,807 | ---- | M] () -- C:\Users\c\Application Data\Microsoft\Internet Explorer\Quick Launch\COWON Media Center - jetAudio.lnk
[2010.12.19 19:23:51 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010.12.19 11:41:30 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2010.12.19 11:20:52 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010.12.19 11:15:11 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010.12.19 11:05:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2010.12.19 10:38:15 | 000,001,411 | ---- | M] () -- C:\Users\c\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010.12.19 10:29:31 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf

========== Files Created - No Company Name ==========

[2011.01.16 13:07:15 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.01.16 12:23:19 | 000,124,303 | ---- | C] () -- C:\Users\c\Desktop\error.jpg
[2011.01.14 16:44:12 | 000,028,021 | ---- | C] () -- C:\Users\c\Desktop\script error.JPG
[2011.01.13 09:57:16 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.01.13 09:57:16 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.01.13 09:57:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.01.13 09:57:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.01.13 09:57:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.01.13 09:53:26 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.11 23:14:29 | 000,000,162 | -H-- | C] () -- C:\Users\c\Desktop\~$w to tom-tom.docx
[2011.01.11 23:14:28 | 001,165,733 | ---- | C] () -- C:\Users\c\Desktop\how to tom-tom.docx
[2011.01.11 13:05:51 | 002,187,683 | ---- | C] () -- C:\Users\c\Desktop\photographs.zip
[2011.01.11 12:56:40 | 000,920,048 | ---- | C] () -- C:\Users\c\Desktop\state id front.JPG
[2011.01.11 12:56:40 | 000,899,916 | ---- | C] () -- C:\Users\c\Desktop\passport.JPG
[2011.01.11 12:56:40 | 000,330,012 | ---- | C] () -- C:\Users\c\Desktop\state id back with address.JPG
[2011.01.11 12:50:12 | 000,062,465 | ---- | C] () -- C:\Users\c\Desktop\insurance statement valid from 29-09-2010 to 28-09-2011.jpg
[2011.01.10 09:29:07 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011.01.10 09:08:01 | 000,001,124 | ---- | C] () -- C:\Users\c\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011.01.10 09:08:01 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.12.29 11:57:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.12.25 09:04:13 | 004,510,208 | ---- | C] () -- C:\Users\c\Desktop\sixlines.xls
[2010.12.25 08:45:38 | 000,000,362 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010.12.25 05:06:47 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.12.20 08:05:38 | 000,001,807 | ---- | C] () -- C:\Users\c\Application Data\Microsoft\Internet Explorer\Quick Launch\COWON Media Center - jetAudio.lnk
[2010.12.20 04:04:10 | 000,000,049 | ---- | C] () -- C:\Users\c\Desktop\danceradio192.mp3.m3u
[2010.12.19 19:25:05 | 2414,379,008 | -HS- | C] () -- C:\hiberfil.sys
[2010.12.19 19:23:51 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2010.12.19 19:23:49 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2010.12.19 11:41:30 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.12.19 11:05:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2010.12.19 10:56:48 | 000,004,962 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2010.12.19 10:43:07 | 000,000,946 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1250615672-1310049006-2949046049-1001UA.job
[2010.12.19 10:43:06 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1250615672-1310049006-2949046049-1001Core.job
[2010.12.19 10:38:15 | 000,001,411 | ---- | C] () -- C:\Users\c\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010.12.19 10:36:29 | 000,000,290 | ---- | C] () -- C:\Users\c\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010.12.19 10:36:29 | 000,000,272 | ---- | C] () -- C:\Users\c\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2009.07.13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2005.05.06 10:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2003.07.16 04:09:32 | 000,202,752 | ---- | C] () -- C:\Windows\System32\xvid.dll

========== LOP Check ==========

[2011.01.15 12:23:32 | 000,000,000 | -HSD | M] -- C:\Users\c\AppData\Roaming\.#
[2010.12.20 08:07:34 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\COWON
[2011.01.05 07:04:35 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\DAEMON Tools Lite
[2011.01.16 13:04:42 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\ICQ
[2011.01.10 11:32:40 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\TomTom
[2011.01.16 13:07:15 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009.07.13 20:53:46 | 000,016,674 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Google Update" = "C:\Users\c\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2010.12.19 10:43:05 | 000,136,176 | ---- | M] (Google Inc.)
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun -- [2010.04.01 01:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd)
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2011.01.03 06:44:14 | 015,028,104 | R--- | M] (Skype Technologies S.A.)
"ICQ" = "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4 -- [2011.01.05 00:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.)
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -- [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.)
"TomTomHOME.exe" = "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -- [2010.08.24 01:38:16 | 000,247,144 | ---- | M] (TomTom)

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.01.15 12:23:32 | 000,000,000 | -HSD | M] -- C:\Users\c\AppData\Roaming\.#
[2010.12.22 09:17:57 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\Adobe
[2011.01.04 16:51:03 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\Apple Computer
[2010.12.20 08:07:34 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\COWON
[2011.01.05 07:04:35 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\DAEMON Tools Lite
[2010.12.19 11:11:53 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\ESTsoft
[2011.01.16 13:04:42 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\ICQ
[2010.12.19 10:36:39 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\Identities
[2010.12.19 11:11:06 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\Logishrd
[2010.12.19 11:13:30 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\Logitech
[2010.12.19 10:45:11 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\Macromedia
[2011.01.13 09:53:54 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\Malwarebytes
[2009.07.13 23:48:45 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\Media Center Programs
[2010.12.23 13:52:12 | 000,000,000 | --SD | M] -- C:\Users\c\AppData\Roaming\Microsoft
[2011.01.10 11:32:40 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\Mozilla
[2011.01.16 13:00:57 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\Skype
[2011.01.16 12:02:11 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\skypePM
[2011.01.10 11:32:40 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\TomTom

< %APPDATA%\*.exe /s >

< MD5 for: AGP440.SYS >
[2009.07.13 17:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009.07.13 17:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.13 17:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.13 17:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.13 17:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009.07.13 17:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.13 17:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.13 17:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CDROM.SYS >
[2009.07.13 15:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009.07.13 15:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009.07.13 15:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009.07.13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009.07.13 17:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\ERDNT\cache\cryptsvc.dll
[2009.07.13 17:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\System32\cryptsvc.dll
[2009.07.13 17:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2009.07.13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.10.30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009.08.02 21:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.02 21:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.30 22:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.13 17:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009.07.13 17:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: IASTORV.SYS >
[2009.07.13 17:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.13 17:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.13 17:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.13 17:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009.07.13 17:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\isapnp.sys
[2009.07.13 17:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.07.13 17:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\ERDNT\cache\lsass.exe
[2009.07.13 17:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\System32\lsass.exe
[2009.07.13 17:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009.07.13 17:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009.07.13 17:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.13 17:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\ERDNT\cache\ndis.sys
[2009.07.13 17:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009.07.13 17:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.07.13 17:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.07.13 17:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.13 17:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009.07.13 17:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\drivers\nvraid.sys
[2009.07.13 17:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.13 17:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009.07.13 17:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.13 17:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.13 17:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.13 17:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.07.13 17:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.13 17:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.13 17:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\System32\smss.exe
[2009.07.13 17:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009.07.13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2009.07.13 17:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010.06.13 22:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2010.06.13 22:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\ERDNT\cache\tcpip.sys
[2010.06.13 22:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\System32\drivers\tcpip.sys
[2010.06.13 22:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.07.13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009.07.13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.10.27 22:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.10.27 22:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.27 22:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.27 21:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.13 17:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009.07.13 17:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\ERDNT\cache\ws2_32.dll
[2009.07.13 17:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
[2009.07.13 17:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2011.01.16 13:04:55 | 000,009,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.16 13:04:55 | 000,009,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

< End of report >

#11 Příspěvek od **motji** » 16 led 2011 22:57

Vypněte tea timer od spybotu

Spustte OTL
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - HKU\S-1-5-21-1250615672-1310049006-2949046049-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=102866&l=dis&gct=hp

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\Users\c\AppData\Roaming\.#

:commands
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]

-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde

Tuhle IP znáte?
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

flip. · #12 Příspěvek od **flip.** » 17 led 2011 00:41

OTL Extras logfile created on: 16.01.11 14:42:47 - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\c\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd.MM.yy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 295.04 Gb Total Space | 243.64 Gb Free Space | 82.58% Space Free | Partition Type: NTFS

Computer Name: C-PC | User Name: c | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1250615672-1310049006-2949046049-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\c\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{087C2584-FCE8-42E0-9613-3403BF52ABD8}_is1" = Xvid CZ
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{620797B0-A022-4B57-A95E-CD7DD0325015}" = MoRUN.net Sticker Lite
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic VX
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ALZip_is1" = ALZip
"avast5" = avast! Free Antivirus
"BetVoyager Online Casino" = BetVoyager Online Casino 1.0.1.8
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Picasa 3" = Picasa 3
"SP6" = Logitech SetPoint 6.0
"TomTom HOME" = TomTom HOME 2.7.6.2056

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1250615672-1310049006-2949046049-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15.01.11 04:27:37 | Computer Name = c-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4400

Error - 15.01.11 05:37:10 | Computer Name = c-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 15.01.11 05:37:10 | Computer Name = c-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4176365

Error - 15.01.11 05:37:10 | Computer Name = c-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4176365

Error - 15.01.11 15:53:04 | Computer Name = c-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
0x4d27c1b0 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00604e00 Faulting process id: 0x15c4 Faulting application
start time: 0x01cbb4e23d0464f0 Faulting application path: C:\Users\c\AppData\Local\Google\Chrome\Application\chrome.exe
Faulting
module path: unknown Report Id: 1030c5be-20e1-11e0-9400-001ec9021be1

Error - 15.01.11 15:53:10 | Computer Name = c-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
0x4d27c1b0 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00604e00 Faulting process id: 0x15c4 Faulting application
start time: 0x01cbb4e23d0464f0 Faulting application path: C:\Users\c\AppData\Local\Google\Chrome\Application\chrome.exe
Faulting
module path: unknown Report Id: 13e96ee1-20e1-11e0-9400-001ec9021be1

Error - 15.01.11 16:53:43 | Computer Name = c-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 15.01.11 23:18:58 | Computer Name = c-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
0x4d27c1b0 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x02583c40 Faulting process id: 0x1214 Faulting application
start time: 0x01cbb526b7297a9f Faulting application path: C:\Users\c\AppData\Local\Google\Chrome\Application\chrome.exe
Faulting
module path: unknown Report Id: 5ad16870-211f-11e0-9400-001ec9021be1

Error - 16.01.11 07:21:37 | Computer Name = c-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 16.01.11 16:11:41 | Computer Name = c-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.20.2 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 59c Start Time:
01cbb5b9439c3736 Termination Time: 6 Application Path: C:\Users\c\Desktop\OTL.exe

Report
Id:

[ System Events ]
Error - 16.01.11 18:40:16 | Computer Name = c-PC | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 16.01.11 18:40:42 | Computer Name = c-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
aswSP aswTdi discache spldr sptd Wanarpv6

Error - 16.01.11 18:40:53 | Computer Name = c-PC | Source = DCOM | ID = 10005
Description =

Error - 16.01.11 18:41:23 | Computer Name = c-PC | Source = DCOM | ID = 10005
Description =

Error - 16.01.11 18:41:24 | Computer Name = c-PC | Source = DCOM | ID = 10005
Description =

Error - 16.01.11 18:41:25 | Computer Name = c-PC | Source = DCOM | ID = 10005
Description =

Error - 16.01.11 18:41:26 | Computer Name = c-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 16.01.11 18:41:26 | Computer Name = c-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 16.01.11 18:41:26 | Computer Name = c-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 16.01.11 18:41:26 | Computer Name = c-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

< End of report >

flip. · #13 Příspěvek od **flip.** » 17 led 2011 00:44

OTL logfile created on: 16.01.11 14:42:47 - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\c\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd.MM.yy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 295.04 Gb Total Space | 243.64 Gb Free Space | 82.58% Space Free | Partition Type: NTFS

Computer Name: C-PC | User Name: c | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.01.16 14:36:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\c\Desktop\OTL.exe
PRC - [2011.01.07 19:35:52 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Users\c\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010.12.22 01:04:14 | 000,936,712 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010.12.22 01:04:06 | 001,402,272 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010.11.22 00:50:18 | 000,755,096 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
PRC - [2009.10.30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011.01.16 14:36:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\c\Desktop\OTL.exe
MOD - [2010.08.20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009.07.13 17:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.13 17:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.13 17:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.13 17:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.13 17:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.13 17:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.13 17:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010.12.22 01:04:06 | 001,402,272 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.12.19 20:16:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.11.01 20:36:16 | 000,801,792 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010.10.16 02:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.10.15 15:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.09.07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.09.07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.09.07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.08.24 01:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.01.29 13:17:14 | 000,292,944 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.07.13 17:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.13 17:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.13 17:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.13 17:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.13 17:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.13 17:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009.07.13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.13 17:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.13 17:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.13 17:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.13 17:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.13 17:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.13 17:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.13 17:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009.07.13 17:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.13 17:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007.09.07 01:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007.08.29 04:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)

========== Driver Services (SafeList) ==========

DRV - [2010.12.19 11:15:11 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.11.22 00:50:19 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010.11.22 00:50:18 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010.10.16 10:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.09.07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.09.07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.09.07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.09.07 07:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010.09.07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.12.10 23:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.11.10 03:55:08 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.11.10 03:54:52 | 000,035,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.07.13 17:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.13 17:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.13 17:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.13 17:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.13 17:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.13 17:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.13 17:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.13 17:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.13 17:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.13 17:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.13 17:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.13 17:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.13 17:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.13 17:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.13 17:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.13 17:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.13 17:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.13 17:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.13 17:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.13 17:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.13 17:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.13 17:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.13 17:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.13 17:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.13 17:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.13 17:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.13 17:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.13 17:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.13 17:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.13 17:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.13 17:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.13 17:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.13 17:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.13 17:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.13 17:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.13 17:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.13 17:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.13 17:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.13 17:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.13 17:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.13 17:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.13 16:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009.07.13 16:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.13 16:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.13 15:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.13 15:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.13 15:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.13 15:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.13 15:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009.07.13 15:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.13 15:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.13 15:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.13 15:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.13 15:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.13 15:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.13 15:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.13 15:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.13 15:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.13 15:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.13 15:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.13 15:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.13 14:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.13 14:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.13 14:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.13 14:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.13 14:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.13 14:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.13 14:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009.07.13 14:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009.07.13 14:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009.07.13 14:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.13 14:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.13 14:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.13 14:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2007.10.10 08:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007.09.07 01:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.06.25 09:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.03.05 01:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006.11.14 15:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006.11.14 10:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.14 08:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1250615672-1310049006-2949046049-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1250615672-1310049006-2949046049-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=102866&l=dis&gct=hp
IE - HKU\S-1-5-21-1250615672-1310049006-2949046049-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1250615672-1310049006-2949046049-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 03 7A AF E8 AB 9F CB 01 [binary data]
IE - HKU\S-1-5-21-1250615672-1310049006-2949046049-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1250615672-1310049006-2949046049-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1250615672-1310049006-2949046049-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1250615672-1310049006-2949046049-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2

[2011.01.10 11:32:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\c\AppData\Roaming\mozilla\Extensions
[2011.01.10 11:32:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\c\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.01.10 11:44:28 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

O1 HOSTS File: ([2011.01.13 10:28:19 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-1250615672-1310049006-2949046049-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1250615672-1310049006-2949046049-1001..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-1250615672-1310049006-2949046049-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1250615672-1310049006-2949046049-1001..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1250615672-1310049006-2949046049-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1250615672-1310049006-2949046049-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1250615672-1310049006-2949046049-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.xvid - C:\Windows\System32\xvid.dll ()

flip. · #14 Příspěvek od **flip.** » 17 led 2011 00:45

========== Files/Folders - Created Within 30 Days ==========

[2011.01.16 14:38:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\c\Desktop\OTL.exe
[2011.01.15 10:48:46 | 000,000,000 | -HSD | C] -- C:\Users\c\AppData\Roaming\.#
[2011.01.14 21:42:19 | 000,000,000 | ---D | C] -- C:\Users\c\Desktop\chrysler
[2011.01.13 10:33:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.01.13 09:57:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.01.13 09:53:54 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\Malwarebytes
[2011.01.13 09:53:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.01.13 09:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.13 09:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.13 09:53:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.01.13 09:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.01.11 12:55:29 | 000,000,000 | ---D | C] -- C:\Users\c\Desktop\IDs
[2011.01.11 12:34:41 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.11 12:34:37 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.01.11 12:34:37 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.01.11 12:34:37 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.01.11 12:34:37 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.01.11 12:34:36 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011.01.11 12:34:36 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011.01.11 12:34:36 | 000,801,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011.01.11 12:34:36 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.01.11 12:34:36 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.01.11 12:34:36 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.01.11 12:34:36 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.01.11 12:34:36 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.01.11 12:34:36 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.01.11 12:34:36 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.01.11 12:34:35 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.01.10 15:00:51 | 000,203,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\richtx32.ocx
[2011.01.10 15:00:51 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.ocx
[2011.01.10 15:00:50 | 000,124,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswinsck.ocx
[2011.01.10 11:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TomTom
[2011.01.10 11:33:43 | 000,000,000 | ---D | C] -- C:\Users\c\Documents\TomTom
[2011.01.10 11:33:27 | 000,000,000 | ---D | C] -- C:\Users\c\Desktop\tomtom
[2011.01.10 11:32:40 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\TomTom
[2011.01.10 11:32:40 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Local\TomTom
[2011.01.10 11:32:40 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\Mozilla
[2011.01.10 11:32:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
[2011.01.10 11:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2011.01.10 11:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
[2011.01.10 09:32:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.01.10 09:32:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.01.10 09:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.01.10 09:17:29 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011.01.10 09:17:25 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.01.10 09:08:37 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Local\Sunbelt Software
[2011.01.10 09:08:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\{589802B2-1BF3-4609-9ADE-CF6E6608D06D}
[2011.01.10 09:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011.01.10 09:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011.01.10 09:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011.01.04 15:57:31 | 000,000,000 | ---D | C] -- C:\Users\c\Desktop\stuff
[2011.01.03 16:50:04 | 000,000,000 | ---D | C] -- C:\Users\c\Desktop\Others
[2011.01.02 17:29:27 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\Apple Computer
[2011.01.02 17:29:27 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Local\Apple Computer
[2011.01.02 17:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.01.02 17:29:13 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011.01.02 17:29:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011.01.02 17:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.01.02 17:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.01.02 17:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.01.02 17:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.01.02 17:28:02 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011.01.02 17:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.01.02 17:27:54 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Local\Apple
[2011.01.02 17:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011.01.02 17:27:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.01.02 17:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011.01.02 17:27:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011.01.02 14:39:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011.01.02 06:50:44 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Local\PackageAware
[2010.12.29 21:57:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2010.12.29 21:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010.12.29 18:52:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2010.12.29 18:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010.12.29 18:20:08 | 000,000,000 | ---D | C] -- C:\Users\c\Desktop\Pictures
[2010.12.25 08:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2010.12.22 09:17:57 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Local\Adobe
[2010.12.22 09:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010.12.22 09:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010.12.22 09:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.12.20 08:07:34 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\COWON
[2010.12.20 08:05:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COWON Media Center - jetAudio
[2010.12.20 08:05:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\COWON
[2010.12.20 08:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\JetAudio
[2010.12.20 02:34:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2010.12.19 20:21:46 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.12.19 20:21:46 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.12.19 20:21:46 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.12.19 20:17:39 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.12.19 20:16:55 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2010.12.19 19:28:18 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.12.19 19:26:08 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010.12.19 19:25:05 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010.12.19 19:24:03 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010.12.19 19:23:48 | 000,000,000 | ---D | C] -- C:\Boot
[2010.12.19 19:11:38 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.12.19 19:11:38 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.12.19 19:11:37 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010.12.19 19:11:37 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.12.19 19:11:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.19 19:11:31 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010.12.19 19:11:31 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010.12.19 19:11:31 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010.12.19 19:11:31 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.12.19 19:11:31 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.12.19 19:11:28 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.19 19:11:27 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.12.19 19:11:27 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.19 19:11:27 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.19 19:11:27 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.12.19 19:11:27 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.19 19:11:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.12.19 19:11:27 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.12.19 19:11:27 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.12.19 19:11:27 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.12.19 19:11:27 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.12.19 19:11:26 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.19 19:11:25 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.19 19:11:25 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.19 19:11:25 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2010.12.19 19:11:23 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.12.19 19:11:23 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010.12.19 19:11:19 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.12.19 19:11:15 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010.12.19 19:11:15 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010.12.19 19:11:15 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010.12.19 19:11:13 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.12.19 19:11:11 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.12.19 19:11:11 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.12.19 19:11:02 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.12.19 19:11:01 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.12.19 19:11:01 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2010.12.19 19:10:59 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.12.19 19:10:59 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.19 19:10:59 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.19 19:10:59 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.19 19:10:58 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.12.19 19:10:58 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.12.19 19:10:57 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2010.12.19 19:10:56 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.12.19 19:10:55 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.12.19 19:10:49 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.12.19 19:10:49 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.19 19:10:48 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010.12.19 19:10:48 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010.12.19 19:10:48 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010.12.19 19:10:48 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010.12.19 19:10:48 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010.12.19 19:10:48 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010.12.19 19:10:48 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010.12.19 19:10:48 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010.12.19 19:10:47 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.12.19 19:10:47 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
[2010.12.19 19:07:17 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.19 12:07:10 | 000,000,000 | ---D | C] -- C:\Users\c\Desktop\R
[2010.12.19 11:41:27 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\skypePM
[2010.12.19 11:40:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010.12.19 11:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ-Banner-Remover
[2010.12.19 11:26:14 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2010.12.19 11:24:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.2
[2010.12.19 11:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2010.12.19 11:24:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.12.19 11:24:19 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010.12.19 11:24:19 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\Skype
[2010.12.19 11:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.12.19 11:23:36 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\ICQ
[2010.12.19 11:23:34 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Local\AOL
[2010.12.19 11:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.2
[2010.12.19 11:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2010.12.19 11:21:42 | 000,032,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
[2010.12.19 11:21:11 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010.12.19 11:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2010.12.19 11:21:10 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010.12.19 11:21:08 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010.12.19 11:21:01 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010.12.19 11:20:52 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010.12.19 11:20:42 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010.12.19 11:20:42 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010.12.19 11:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010.12.19 11:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2010.12.19 11:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.12.19 11:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010.12.19 11:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010.12.19 11:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010.12.19 11:19:59 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.12.19 11:19:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.12.19 11:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010.12.19 11:18:11 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Local\Microsoft Help
[2010.12.19 11:18:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010.12.19 11:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010.12.19 11:17:23 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010.12.19 11:15:11 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010.12.19 11:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2010.12.19 11:14:58 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010.12.19 11:13:39 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\DAEMON Tools Lite
[2010.12.19 11:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010.12.19 11:13:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2010.12.19 11:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MoRUN.net
[2010.12.19 11:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\MoRUN.net
[2010.12.19 11:12:15 | 000,016,400 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys
[2010.12.19 11:11:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2010.12.19 11:11:53 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\ESTsoft
[2010.12.19 11:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2010.12.19 11:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010.12.19 11:11:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2010.12.19 11:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2010.12.19 11:11:03 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\Logitech
[2010.12.19 11:11:02 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\Logishrd
[2010.12.19 11:10:56 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
[2010.12.19 11:10:55 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.12.19 11:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio
[2010.12.19 11:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2010.12.19 11:10:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid CZ
[2010.12.19 11:10:32 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid CZ
[2010.12.19 11:10:18 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BetVoyager Online Casino
[2010.12.19 11:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BetVoyager Online Casino
[2010.12.19 11:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\BetVoyager Online Casino
[2010.12.19 11:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\ESTsoft
[2010.12.19 11:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESTsoft
[2010.12.19 11:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESTsoft
[2010.12.19 11:05:49 | 000,000,000 | ---D | C] -- C:\Program Files\DellTPad
[2010.12.19 11:05:43 | 001,419,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01005.dll
[2010.12.19 11:05:43 | 000,155,136 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\System32\drivers\Apfiltr.sys
[2010.12.19 11:05:43 | 000,100,418 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\System32\Vxdif.dll
[2010.12.19 11:04:05 | 000,090,112 | ---- | C] (Sony Corporation) -- C:\Windows\System32\snymsico.dll
[2010.12.19 11:04:05 | 000,043,520 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys
[2010.12.19 11:04:05 | 000,032,256 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys
[2010.12.19 11:03:13 | 004,947,968 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stacgui.cpl
[2010.12.19 11:03:13 | 001,601,536 | ---- | C] (SigmaTel, Inc.) -- C:\Windows\System32\stlang.dll
[2010.12.19 11:03:13 | 000,643,072 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\aestecap.dll
[2010.12.19 11:03:13 | 000,131,072 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\aestacap.dll
[2010.12.19 11:03:13 | 000,102,400 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
[2010.12.19 11:03:13 | 000,073,728 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
[2010.12.19 11:03:13 | 000,053,248 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\aestaren.dll
[2010.12.19 11:02:48 | 000,595,968 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapo.dll
[2010.12.19 11:02:48 | 000,492,544 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\ctapo32.dll
[2010.12.19 11:02:48 | 000,330,240 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys
[2010.12.19 11:02:48 | 000,328,704 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stcplx.dll
[2010.12.19 11:02:48 | 000,299,520 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
[2010.12.19 11:02:48 | 000,146,944 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\staco.dll
[2010.12.19 11:02:48 | 000,045,568 | ---- | C] (Creative Technology Ltd) -- C:\Windows\System32\ctppld.dll
[2010.12.19 11:02:48 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010.12.19 11:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\SigmaTel
[2010.12.19 11:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010.12.19 11:02:39 | 000,000,000 | ---D | C] -- C:\dell
[2010.12.19 11:01:36 | 000,000,000 | ---D | C] -- C:\Users\c\Desktop\Apps
[2010.12.19 10:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2010.12.19 10:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010.12.19 10:57:18 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010.12.19 10:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010.12.19 10:56:48 | 014,899,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010.12.19 10:56:48 | 013,019,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010.12.19 10:56:48 | 010,084,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010.12.19 10:56:48 | 010,023,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2010.12.19 10:56:48 | 005,473,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2010.12.19 10:56:48 | 004,837,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010.12.19 10:56:48 | 002,912,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010.12.19 10:56:48 | 002,666,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010.12.19 10:56:48 | 001,719,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2010.12.19 10:56:48 | 000,888,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco322050.dll
[2010.12.19 10:56:48 | 000,813,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco322030.dll
[2010.12.19 10:56:48 | 000,319,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll
[2010.12.19 10:56:48 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010.12.19 10:56:48 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010.12.19 10:53:08 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.12.19 10:52:04 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2010.12.19 10:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010.12.19 10:50:32 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010.12.19 10:45:11 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\Macromedia
[2010.12.19 10:45:11 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\Adobe
[2010.12.19 10:43:05 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Local\Google
[2010.12.19 10:42:52 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Local\Apps
[2010.12.19 10:42:51 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Local\Deployment
[2010.12.19 10:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam
[2010.12.19 10:36:51 | 000,000,000 | R--D | C] -- C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2010.12.19 10:36:51 | 000,000,000 | R--D | C] -- C:\Users\c\Searches
[2010.12.19 10:36:51 | 000,000,000 | R--D | C] -- C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2010.12.19 10:36:51 | 000,000,000 | -H-D | C] -- C:\Users\c\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010.12.19 10:36:39 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\Identities
[2010.12.19 10:36:38 | 000,000,000 | R--D | C] -- C:\Users\c\Contacts
[2010.12.19 10:36:31 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Local\VirtualStore
[2010.12.19 10:36:29 | 000,000,000 | --SD | C] -- C:\Users\c\AppData\Roaming\Microsoft
[2010.12.19 10:36:29 | 000,000,000 | R--D | C] -- C:\Users\c\Videos
[2010.12.19 10:36:29 | 000,000,000 | R--D | C] -- C:\Users\c\Saved Games
[2010.12.19 10:36:29 | 000,000,000 | R--D | C] -- C:\Users\c\Pictures
[2010.12.19 10:36:29 | 000,000,000 | R--D | C] -- C:\Users\c\Music
[2010.12.19 10:36:29 | 000,000,000 | R--D | C] -- C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2010.12.19 10:36:29 | 000,000,000 | R--D | C] -- C:\Users\c\Links
[2010.12.19 10:36:29 | 000,000,000 | R--D | C] -- C:\Users\c\Favorites
[2010.12.19 10:36:29 | 000,000,000 | R--D | C] -- C:\Users\c\Downloads
[2010.12.19 10:36:29 | 000,000,000 | R--D | C] -- C:\Users\c\Documents
[2010.12.19 10:36:29 | 000,000,000 | R--D | C] -- C:\Users\c\Desktop
[2010.12.19 10:36:29 | 000,000,000 | R--D | C] -- C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\AppData\Local\Temporary Internet Files
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\Templates
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\Start Menu
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\SendTo
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\Recent
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\PrintHood
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\NetHood
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\Documents\My Videos
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\Documents\My Pictures
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\Documents\My Music
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\My Documents
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\Local Settings
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\AppData\Local\History
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\Cookies
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\Application Data
[2010.12.19 10:36:29 | 000,000,000 | -HSD | C] -- C:\Users\c\AppData\Local\Application Data
[2010.12.19 10:36:29 | 000,000,000 | -H-D | C] -- C:\Users\c\AppData
[2010.12.19 10:36:29 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Local\Temp
[2010.12.19 10:36:29 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Local\Microsoft
[2010.12.19 10:36:29 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\Media Center Programs
[2010.12.19 10:36:15 | 000,000,000 | ---D | C] -- C:\Recovery

flip. · #15 Příspěvek od **flip.** » 17 led 2011 00:46

========== Files - Modified Within 30 Days ==========

[2011.01.16 14:41:25 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.01.16 14:40:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.16 14:40:30 | 2414,379,008 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.16 14:39:42 | 000,009,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.16 14:39:42 | 000,009,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.16 14:36:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\c\Desktop\OTL.exe
[2011.01.16 13:48:00 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1250615672-1310049006-2949046049-1001UA.job
[2011.01.16 12:23:19 | 000,124,303 | ---- | M] () -- C:\Users\c\Desktop\error.jpg
[2011.01.14 16:44:12 | 000,028,021 | ---- | M] () -- C:\Users\c\Desktop\script error.JPG
[2011.01.13 19:48:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1250615672-1310049006-2949046049-1001Core.job
[2011.01.13 10:28:19 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.01.13 09:53:26 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.11 23:14:29 | 001,165,733 | ---- | M] () -- C:\Users\c\Desktop\how to tom-tom.docx
[2011.01.11 23:14:29 | 000,000,162 | -H-- | M] () -- C:\Users\c\Desktop\~$w to tom-tom.docx
[2011.01.11 13:05:52 | 002,187,683 | ---- | M] () -- C:\Users\c\Desktop\photographs.zip
[2011.01.11 13:05:45 | 000,330,012 | ---- | M] () -- C:\Users\c\Desktop\state id back with address.JPG
[2011.01.11 13:05:01 | 000,920,048 | ---- | M] () -- C:\Users\c\Desktop\state id front.JPG
[2011.01.11 13:04:44 | 000,899,916 | ---- | M] () -- C:\Users\c\Desktop\passport.JPG
[2011.01.11 12:50:02 | 000,062,465 | ---- | M] () -- C:\Users\c\Desktop\insurance statement valid from 29-09-2010 to 28-09-2011.jpg
[2011.01.10 23:27:38 | 004,510,208 | ---- | M] () -- C:\Users\c\Desktop\sixlines.xls
[2011.01.10 15:00:51 | 000,203,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\richtx32.ocx
[2011.01.10 15:00:51 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.ocx
[2011.01.10 15:00:50 | 000,124,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mswinsck.ocx
[2011.01.10 11:37:33 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.01.10 11:37:33 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.01.10 09:17:25 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.01.10 09:08:01 | 000,001,124 | ---- | M] () -- C:\Users\c\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011.01.10 09:08:01 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.01.09 13:48:12 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys
[2011.01.02 18:23:38 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.29 11:57:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.12.25 05:06:47 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.20 08:05:38 | 000,001,807 | ---- | M] () -- C:\Users\c\Application Data\Microsoft\Internet Explorer\Quick Launch\COWON Media Center - jetAudio.lnk
[2010.12.19 19:23:51 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010.12.19 11:41:30 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2010.12.19 11:20:52 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010.12.19 11:15:11 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010.12.19 11:05:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2010.12.19 10:38:15 | 000,001,411 | ---- | M] () -- C:\Users\c\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010.12.19 10:29:31 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf

========== Files Created - No Company Name ==========

[2011.01.16 13:07:15 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.01.16 12:23:19 | 000,124,303 | ---- | C] () -- C:\Users\c\Desktop\error.jpg
[2011.01.14 16:44:12 | 000,028,021 | ---- | C] () -- C:\Users\c\Desktop\script error.JPG
[2011.01.13 09:53:26 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.11 23:14:29 | 000,000,162 | -H-- | C] () -- C:\Users\c\Desktop\~$w to tom-tom.docx
[2011.01.11 23:14:28 | 001,165,733 | ---- | C] () -- C:\Users\c\Desktop\how to tom-tom.docx
[2011.01.11 13:05:51 | 002,187,683 | ---- | C] () -- C:\Users\c\Desktop\photographs.zip
[2011.01.11 12:56:40 | 000,920,048 | ---- | C] () -- C:\Users\c\Desktop\state id front.JPG
[2011.01.11 12:56:40 | 000,899,916 | ---- | C] () -- C:\Users\c\Desktop\passport.JPG
[2011.01.11 12:56:40 | 000,330,012 | ---- | C] () -- C:\Users\c\Desktop\state id back with address.JPG
[2011.01.11 12:50:12 | 000,062,465 | ---- | C] () -- C:\Users\c\Desktop\insurance statement valid from 29-09-2010 to 28-09-2011.jpg
[2011.01.10 09:29:07 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011.01.10 09:08:01 | 000,001,124 | ---- | C] () -- C:\Users\c\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011.01.10 09:08:01 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.12.29 11:57:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.12.25 09:04:13 | 004,510,208 | ---- | C] () -- C:\Users\c\Desktop\sixlines.xls
[2010.12.25 08:45:38 | 000,000,362 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010.12.25 05:06:47 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.12.20 08:05:38 | 000,001,807 | ---- | C] () -- C:\Users\c\Application Data\Microsoft\Internet Explorer\Quick Launch\COWON Media Center - jetAudio.lnk
[2010.12.20 04:04:10 | 000,000,049 | ---- | C] () -- C:\Users\c\Desktop\danceradio192.mp3.m3u
[2010.12.19 19:25:05 | 2414,379,008 | -HS- | C] () -- C:\hiberfil.sys
[2010.12.19 19:23:51 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2010.12.19 19:23:49 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2010.12.19 11:41:30 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.12.19 11:05:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2010.12.19 10:56:48 | 000,004,962 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2010.12.19 10:43:07 | 000,000,946 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1250615672-1310049006-2949046049-1001UA.job
[2010.12.19 10:43:06 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1250615672-1310049006-2949046049-1001Core.job
[2010.12.19 10:38:15 | 000,001,411 | ---- | C] () -- C:\Users\c\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010.12.19 10:36:29 | 000,000,290 | ---- | C] () -- C:\Users\c\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010.12.19 10:36:29 | 000,000,272 | ---- | C] () -- C:\Users\c\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2009.07.13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2005.05.06 10:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2003.07.16 04:09:32 | 000,202,752 | ---- | C] () -- C:\Windows\System32\xvid.dll

========== LOP Check ==========

[2011.01.15 12:23:32 | 000,000,000 | -HSD | M] -- C:\Users\c\AppData\Roaming\.#
[2010.12.20 08:07:34 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\COWON
[2011.01.05 07:04:35 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\DAEMON Tools Lite
[2011.01.16 14:39:35 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\ICQ
[2011.01.10 11:32:40 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\TomTom
[2011.01.16 14:41:25 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009.07.13 20:53:46 | 000,017,174 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Google Update" = "C:\Users\c\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2010.12.19 10:43:05 | 000,136,176 | ---- | M] (Google Inc.)
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun -- [2010.04.01 01:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd)
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2011.01.03 06:44:14 | 015,028,104 | R--- | M] (Skype Technologies S.A.)
"ICQ" = "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4 -- [2011.01.05 00:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.)
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -- [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.)
"TomTomHOME.exe" = "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -- [2010.08.24 01:38:16 | 000,247,144 | ---- | M] (TomTom)

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.01.15 12:23:32 | 000,000,000 | -HSD | M] -- C:\Users\c\AppData\Roaming\.#
[2010.12.22 09:17:57 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\Adobe
[2011.01.04 16:51:03 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\Apple Computer
[2010.12.20 08:07:34 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\COWON
[2011.01.05 07:04:35 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\DAEMON Tools Lite
[2010.12.19 11:11:53 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\ESTsoft
[2011.01.16 14:39:35 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\ICQ
[2010.12.19 10:36:39 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\Identities
[2010.12.19 11:11:06 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\Logishrd
[2010.12.19 11:13:30 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\Logitech
[2010.12.19 10:45:11 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\Macromedia
[2011.01.13 09:53:54 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\Malwarebytes
[2009.07.13 23:48:45 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\Media Center Programs
[2010.12.23 13:52:12 | 000,000,000 | --SD | M] -- C:\Users\c\AppData\Roaming\Microsoft
[2011.01.10 11:32:40 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\Mozilla
[2011.01.16 14:34:17 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\Skype
[2011.01.16 12:02:11 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\skypePM
[2011.01.10 11:32:40 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\TomTom

< %APPDATA%\*.exe /s >

< MD5 for: AGP440.SYS >
[2009.07.13 17:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009.07.13 17:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.13 17:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.13 17:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.13 17:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009.07.13 17:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.13 17:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.13 17:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CDROM.SYS >
[2009.07.13 15:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009.07.13 15:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009.07.13 15:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009.07.13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009.07.13 17:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\ERDNT\cache\cryptsvc.dll
[2009.07.13 17:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\System32\cryptsvc.dll
[2009.07.13 17:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2009.07.13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.10.30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009.08.02 21:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.02 21:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.30 22:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.13 17:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009.07.13 17:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: IASTORV.SYS >
[2009.07.13 17:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.13 17:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.13 17:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.13 17:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009.07.13 17:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\isapnp.sys
[2009.07.13 17:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.07.13 17:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\ERDNT\cache\lsass.exe
[2009.07.13 17:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\System32\lsass.exe
[2009.07.13 17:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009.07.13 17:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009.07.13 17:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.13 17:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\ERDNT\cache\ndis.sys
[2009.07.13 17:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009.07.13 17:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.07.13 17:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.07.13 17:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.13 17:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009.07.13 17:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\drivers\nvraid.sys
[2009.07.13 17:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.13 17:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009.07.13 17:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.13 17:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.13 17:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.13 17:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.07.13 17:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.13 17:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.13 17:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\System32\smss.exe
[2009.07.13 17:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009.07.13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2009.07.13 17:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010.06.13 22:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2010.06.13 22:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\ERDNT\cache\tcpip.sys
[2010.06.13 22:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\System32\drivers\tcpip.sys
[2010.06.13 22:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.07.13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009.07.13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.10.27 22:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.10.27 22:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.27 22:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.27 21:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.13 17:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009.07.13 17:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\ERDNT\cache\ws2_32.dll
[2009.07.13 17:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
[2009.07.13 17:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2011.01.16 14:39:42 | 000,009,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.16 14:39:42 | 000,009,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

< End of report >

ucinil jsem podle instrukci, IP zadnou neznam

VIRY.CZ

bidne zabezpeceny net+ haze to hlasku o skriptu - jsem v USA

bidne zabezpeceny net+ haze to hlasku o skriptu - jsem v USA

Re: problem - haze to hlasku o skriptu - jsem v USA

Re: problem - haze to hlasku o skriptu - jsem v USA

Re: problem - haze to hlasku o skriptu - jsem v USA

Re: problem - haze to hlasku o skriptu - jsem v USA

Re: problem - haze to hlasku o skriptu - jsem v USA

Re: problem - haze to hlasku o skriptu - jsem v USA

Re: problem - haze to hlasku o skriptu - jsem v USA

Re: problem - haze to hlasku o skriptu - jsem v USA

Re: problem - haze to hlasku o skriptu - jsem v USA

Re: problem - haze to hlasku o skriptu - jsem v USA

Re: problem - haze to hlasku o skriptu - jsem v USA

Re: problem - haze to hlasku o skriptu - jsem v USA

Re: problem - haze to hlasku o skriptu - jsem v USA

Re: problem - haze to hlasku o skriptu - jsem v USA