Pomalá plocha

Zpráva

#16 Příspěvek od **Márty84** » 19 lis 2014 11:28

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"Adobe ARM"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

Regnull::
[HKEY_USERS\S-1-5-21-776561741-1844823847-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Driver::
SkypeUpdate

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

Juraj1973 · #17 Příspěvek od **Juraj1973** » 19 lis 2014 13:17

trochu si zanadával a chcel odo mňa niečo potvrdiť tak som že yes
ComboFix 14-11-17.01 - Owner 19.11.2014 12:33:51.8.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.3070.2328 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SKYPEUPDATE
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Files Created from 2014-10-19 to 2014-11-19 )))))))))))))))))))))))))))))))
.
.
2014-11-19 09:08 . 2014-11-19 09:07 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-11-19 09:07 . 2014-11-19 09:07 43152 ----a-w- c:\windows\avastSS.scr
2014-11-19 07:48 . 2014-11-19 07:48 -------- d-----w- c:\windows\system32\wbem\Repository
2014-11-19 07:47 . 2014-11-19 07:47 -------- d-----w- c:\documents and settings\Administrator.UNI-MONT.001\Application Data\Zeon
2014-11-19 07:46 . 2014-11-19 07:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SSScanAppDataDir
2014-11-19 07:46 . 2014-11-19 07:46 -------- d-----w- c:\program files\ScanSoft
2014-11-19 07:46 . 2014-11-19 07:46 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Scansoft
2014-11-18 07:59 . 2007-06-08 09:18 38440 ----a-w- c:\windows\system32\ZnMacroUIRes.enu
2014-11-18 07:59 . 2007-01-12 14:14 266240 ----a-w- c:\windows\system32\ZnMacroUI.dll
2014-11-03 12:26 . 2010-08-30 07:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-11-03 12:24 . 2014-11-03 13:17 -------- d-----w- C:\AdwCleaner
2014-11-03 06:59 . 2014-11-03 07:14 -------- d-----w- C:\FRST
2014-10-30 10:52 . 2014-10-30 10:52 -------- d-----w- c:\documents and settings\Owner\Application Data\com.wd.WDMyCloud
2014-10-30 10:52 . 2014-10-30 10:52 -------- d-----w- c:\program files\Dropbox
2014-10-30 10:51 . 2014-10-30 10:51 -------- d-----w- c:\documents and settings\Owner\Application Data\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-19 09:08 . 2013-03-11 06:38 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-19 09:08 . 2013-01-22 11:43 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-11-19 09:07 . 2014-07-16 05:42 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-19 09:07 . 2013-03-11 06:38 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-19 09:07 . 2013-03-11 06:38 70384 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-11-19 09:07 . 2013-01-22 11:43 422760 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-19 09:07 . 2013-01-22 11:43 55240 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-11-19 09:07 . 2013-01-22 11:43 787800 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-11-07 06:57 . 2012-06-22 07:03 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-07 06:57 . 2011-05-18 05:09 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-19 09:07 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cobian Backup 11"="c:\program files\Cobian Backup 11\Cobian.exe" [2012-12-05 720896]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-11-19 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-11-19 5225064]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-08-11 13:43 7630848 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-04-04 09:44 16120832 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\3Com\\ControlCenter\\Instupdt.exe"=
"c:\\Program Files\\xerox\\nwwia\\XrxFTPLt.exe"=
"c:\\Documents and Settings\\Owner\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Sony\\Media Go\\MediaGo.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\DroidCam\\DroidCamApp.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer_Service.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Cobian Backup 11\\cbRemoteManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20400:TCP"= 20400:TCP:KrosPort20400
"20401:TCP"= 20401:TCP:KrosPort20401
"20402:TCP"= 20402:TCP:KrosPort20402
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [11.3.2013 7:38 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [11.3.2013 7:38 206248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [22.1.2013 12:43 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [22.1.2013 12:43 422760]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [7.3.2007 8:31 51072]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [16.7.2014 6:42 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [11.3.2013 7:38 70384]
R2 cbVSCService11;Cobian Backup 11 Stínová kopie - Requester;c:\program files\Cobian Backup 11\cbVSCService11.exe [16.10.2014 12:52 67584]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [23.6.2010 14:25 90112]
R2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [7.1.2014 13:47 4799760]
R3 DroidCam;DroidCam Virtual Audio;c:\windows\system32\drivers\droidcam.sys [20.8.2013 13:50 21376]
R3 DUSBTAWAN;DrayTek ISDN NDISWAN;c:\windows\system32\drivers\musbwn2k.sys [31.1.2001 10:43 23930]
R3 FakeWDMmdm;DWDMCOMM;c:\windows\system32\drivers\dusbcomm.sys [6.2.2001 10:59 151428]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [1.7.2013 14:40 83864]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [6.6.2011 6:35 13224]
S3 mDTA128;DrayTek ISDN USB TA;c:\windows\system32\drivers\musbta2k.sys [7.3.2001 10:21 98313]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [2.10.2008 10:52 47360]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [6.6.2011 6:14 155344]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [1.7.2013 14:40 181912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-31 06:58 1089352 ----a-w- c:\program files\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 06:57]
.
2014-11-19 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-19 09:07]
.
2014-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-01 10:49]
.
2014-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-01 10:49]
.
2013-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1844823847-839522115-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2013-06-25 12:02]
.
2013-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1844823847-839522115-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2013-06-25 12:02]
.
2014-11-19 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-07-07 01:59]
.
2014-09-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-07-07 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with ScanSoft PDF Converter 4.1 - c:\program files\Nuance\PDF Converter 4\cnvres_eng.dll /100
TCP: DhcpNameServer = 192.168.1.1
DPF: {248F1F2D-E854-40AD-BB42-2E69EBC1CD8B} - hxxps://zona.t-com.sk/VianKampan2007/STWebDialer.cab
DPF: {CE40C3F1-3DF5-4461-A521-810923235628} - hxxp://www.joj.sk/fileadmin/joj_player/JOJ_Explorer_Player.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\nylp1ezj.default-1389594932031\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-11-19 13:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-776561741-1844823847-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2456)
c:\windows\system32\msi.dll
c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.22.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2014-11-19 13:11:06 - machine was rebooted
ComboFix-quarantined-files.txt 2014-11-19 12:11
ComboFix2.txt 2014-11-19 08:47
ComboFix3.txt 2009-03-05 15:55
ComboFix4.txt 2008-04-10 09:35
ComboFix5.txt 2014-11-19 11:32
.
Pre-Run: 35 670 093 824 bytes free
Post-Run: 28 adresárov, 35 675 287 552 voľných bajtov
.
- - End Of File - - 24859EFF1EA98DC935924F59C937352F
8F558EB6672622401DA993E1E865C861

#18 Příspěvek od **Márty84** » 19 lis 2014 19:23

Dejte log podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100

Juraj1973 · #19 Příspěvek od **Juraj1973** » 20 lis 2014 09:13

uff dúfam ze je to ten správny

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-11-2014
Ran by Owner (administrator) on UNI-MONT on 20-11-2014 09:07:01
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner & Administrator)
Platform: Systém Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Angličtina (USA)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files\Cobian Backup 11\cbVSCService11.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
() C:\WINDOWS\system32\PSIService.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\WINDOWS\system32\fxssvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Luis Cobian, CobianSoft) C:\Program Files\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files\Cobian Backup 11\cbInterface.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Documents and Settings\Owner\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\ping.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-19] (AVAST Software)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKU\S-1-5-21-776561741-1844823847-839522115-1003\...\Run: [Cobian Backup 11] => C:\Program Files\Cobian Backup 11\Cobian.exe [720896 2012-12-05] (Luis Cobian, CobianSoft)
HKU\S-1-5-21-776561741-1844823847-839522115-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-11-19] (Google Inc.)
HKU\S-1-5-21-776561741-1844823847-839522115-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-776561741-1844823847-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
HKU\S-1-5-21-776561741-1844823847-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "C:\Documents and Settings\All Users\Application Data\ICQ\ICQNewTab\newTab.html" <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-776561741-1844823847-839522115-1003 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-776561741-1844823847-839522115-1003 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-776561741-1844823847-839522115-1003 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
Toolbar: HKU\S-1-5-21-776561741-1844823847-839522115-1003 -> No Name - {F2CF5485-4E02-4F68-819C-B92DE9277049} - No File
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {248F1F2D-E854-40AD-BB42-2E69EBC1CD8B} https://zona.t-com.sk/VianKampan2007/STWebDialer.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CE40C3F1-3DF5-4461-A521-810923235628} http://www.joj.sk/fileadmin/joj_player/ ... Player.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/sh ... wflash.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nylp1ezj.default-1389594932031
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 -> C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 -> c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-776561741-1844823847-839522115-1003: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-776561741-1844823847-839522115-1003: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-776561741-1844823847-839522115-1003: @talk.google.com/O3DPlugin -> C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKU\S-1-5-21-776561741-1844823847-839522115-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-776561741-1844823847-839522115-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll (Dassault Systèmes SolidWorks Corp.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Owner\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Owner\Application Data\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Owner\Application Data\mozilla\plugins\npo1d.dll (Google)
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-11-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-09-27]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-01-22]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U25) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (EModel scriptable Plugin) - C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll (Dassault Systèmes SolidWorks Corp.)
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Media Go Detector) - c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-24]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-05-15]
CHR Extension: (Peňaženka Google) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-12]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-19] (AVAST Software)
R2 cbVSCService11; C:\Program Files\Cobian Backup 11\cbVSCService11.exe [67584 2012-12-05] (CobianSoft, Luis Cobian) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153584 2012-09-27] (Sun Microsystems, Inc.)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [53248 2005-07-24] (Hewlett-Packard Company) [File not signed]
R2 OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] () [File not signed]
R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [174656 2006-11-02] () [File not signed]
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2010-02-11] (SolidWorks) [File not signed]
S3 Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [155344 2011-06-29] (Avanquest Software) [File not signed]
R2 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1174152 2007-02-06] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS [51072 2012-09-17] (Identcode Ltd.) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-19] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-19] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-19] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-19] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-19] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [422760 2014-11-19] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-19] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-19] ()
S3 CnxTrLan; C:\WINDOWS\System32\DRIVERS\CnxTrLan.sys [23296 2003-04-27] (Conexant) [File not signed]
S3 CnxTrUsb; C:\WINDOWS\System32\DRIVERS\CnxTrUsb.sys [50560 2003-04-27] (Conexant) [File not signed]
R2 DgiVecp; C:\WINDOWS\System32\Drivers\DgiVecp.sys [40448 2003-07-29] (DeviceGuys, Inc.) [File not signed]
R3 DroidCam; C:\WINDOWS\System32\drivers\droidcam.sys [21376 2013-08-20] (Dev47Apps)
R3 DUSBTAWAN; C:\WINDOWS\System32\DRIVERS\musbwn2k.sys [23930 2009-03-03] () [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [383800 2007-02-06] (Symantec Corporation)
R3 FakeWDMmdm; C:\WINDOWS\System32\DRIVERS\dusbcomm.sys [151428 2009-03-03] () [File not signed]
R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
R0 JGOGO; C:\WINDOWS\System32\DRIVERS\JGOGO.sys [6912 2006-02-07] (JMicron )
R0 JRAID; C:\WINDOWS\System32\DRIVERS\jraid.sys [42368 2006-04-02] (JMicron Technology Corp.)
S3 mDTA128; C:\WINDOWS\System32\DRIVERS\musbta2k.sys [98313 2009-03-03] () [File not signed]
S3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2008-10-02] (VSO Software) [File not signed]
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 se45bus; C:\WINDOWS\System32\DRIVERS\se45bus.sys [61536 2006-07-25] (MCCI)
S3 se45mdfl; C:\WINDOWS\System32\DRIVERS\se45mdfl.sys [9360 2006-07-25] (MCCI)
S3 se45mdm; C:\WINDOWS\System32\DRIVERS\se45mdm.sys [97088 2006-07-25] (MCCI)
S3 se45mgmt; C:\WINDOWS\System32\DRIVERS\se45mgmt.sys [88624 2006-07-25] (MCCI)
S3 se45nd5; C:\WINDOWS\System32\DRIVERS\se45nd5.sys [18704 2006-07-25] (MCCI)
S3 se45obex; C:\WINDOWS\System32\DRIVERS\se45obex.sys [86432 2006-07-25] (MCCI)
S3 se45unic; C:\WINDOWS\System32\DRIVERS\se45unic.sys [90800 2006-07-25] (MCCI)
R2 symlcbrd; C:\WINDOWS\system32\drivers\symlcbrd.sys [10344 2007-02-06] (Symantec Corporation)
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [244608 2006-03-15] (Marvell)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 IntelIde; No ImagePath
S3 PCASp50; System32\Drivers\PCASp50.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-20 09:07 - 2014-11-20 09:07 - 00022252 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt
2014-11-20 09:06 - 2014-11-20 09:06 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Owner\Desktop\FRSTLauncher.exe
2014-11-20 09:06 - 2014-11-20 09:06 - 00029696 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\MSGBOX.EXE
2014-11-20 09:06 - 2014-11-20 09:06 - 00015327 _____ () C:\Documents and Settings\Owner\Desktop\LM.bat
2014-11-19 13:11 - 2014-11-20 09:07 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\temp
2014-11-19 13:11 - 2014-11-19 13:11 - 00015034 _____ () C:\ComboFix.txt
2014-11-19 13:11 - 2014-11-19 13:11 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-11-19 13:11 - 2014-11-19 13:11 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-11-19 13:11 - 2014-11-19 13:11 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
2014-11-19 13:11 - 2014-11-19 13:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-11-19 13:11 - 2014-11-19 13:11 - 00000000 ____D () C:\Documents and Settings\Administrator.UNI-MONT\Local Settings\temp
2014-11-19 13:11 - 2014-11-19 13:11 - 00000000 ____D () C:\Documents and Settings\Administrator.UNI-MONT.001\Local Settings\temp
2014-11-19 13:11 - 2014-11-19 13:11 - 00000000 ____D () C:\Documents and Settings\Administrator.UNI-MONT.000\Local Settings\temp
2014-11-19 11:41 - 2014-11-19 11:41 - 00014629 _____ () C:\Documents and Settings\Owner\My Documents\Evidencia_PZM nas.xlsx
2014-11-19 10:57 - 2014-11-19 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google
2014-11-19 10:08 - 2014-11-19 10:08 - 00001731 _____ () C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2014-11-19 10:08 - 2014-11-19 10:07 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-11-19 10:07 - 2014-11-19 10:07 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-11-19 09:30 - 2014-11-19 09:30 - 00000000 _RSHD () C:\cmdcons
2014-11-19 09:30 - 2007-02-06 11:52 - 00000211 _____ () C:\Boot.bak
2014-11-19 09:30 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-11-19 09:26 - 2014-11-19 09:26 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\ComboFix
2014-11-19 09:24 - 2014-11-19 09:24 - 05594750 _____ () C:\Documents and Settings\Owner\Desktop\ComboFix.zip
2014-11-19 09:13 - 2014-11-19 09:26 - 05598319 ____R (Swearware) C:\Documents and Settings\Owner\Desktop\ComboFix.exe
2014-11-19 08:47 - 2014-11-19 08:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ScanSoft PDF Professional 4
2014-11-19 08:47 - 2014-11-19 08:47 - 00000000 ____D () C:\Documents and Settings\Administrator.UNI-MONT.001\Application Data\Zeon
2014-11-19 08:46 - 2014-11-19 08:46 - 00000000 ____D () C:\Program Files\ScanSoft
2014-11-19 08:46 - 2014-11-19 08:46 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Scansoft
2014-11-19 08:46 - 2014-11-19 08:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2014-11-18 08:59 - 2007-06-08 10:18 - 00038440 _____ (Nuance Communications, Inc.) C:\WINDOWS\system32\ZnMacroUIRes.enu
2014-11-18 08:59 - 2007-01-12 15:14 - 00266240 _____ (Zeon Corporation) C:\WINDOWS\system32\ZnMacroUI.dll
2014-11-11 08:45 - 2014-11-12 12:54 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\prihlasovanie skoleni + vstupy
2014-11-11 07:51 - 2014-11-11 07:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-04 07:31 - 2014-11-04 07:36 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-03 13:26 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-11-03 13:24 - 2014-11-03 14:17 - 00000000 ____D () C:\AdwCleaner
2014-11-03 13:24 - 2014-11-03 13:24 - 01375089 _____ () C:\Documents and Settings\Owner\Desktop\adwcleaner_3.311.exe
2014-11-03 09:34 - 2014-11-03 09:46 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Archiv xerox
2014-11-03 07:59 - 2014-11-20 09:07 - 00000000 ____D () C:\FRST
2014-11-03 07:54 - 2014-11-20 08:57 - 01108992 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2014-10-30 13:36 - 2014-10-30 13:36 - 00000380 _____ () C:\Documents and Settings\Owner\My Documents\Odkaz na xerox.lnk
2014-10-30 12:20 - 2014-11-13 11:08 - 00000288 _____ () C:\Documents and Settings\Owner\My Documents\Desktop.lnk
2014-10-30 11:52 - 2014-10-30 11:52 - 00000000 ____D () C:\Program Files\Dropbox
2014-10-30 11:52 - 2014-10-30 11:52 - 00000000 ____D () C:\Documents and Settings\Owner\Start Menu\Programs\Dropbox
2014-10-30 11:52 - 2014-10-30 11:52 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\DropboxMaster
2014-10-30 11:52 - 2014-10-30 11:52 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\com.wd.WDMyCloud
2014-10-30 11:52 - 2014-10-30 11:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Western Digital
2014-10-30 11:51 - 2014-10-30 11:51 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Dropbox
2014-10-30 11:49 - 2014-10-30 11:49 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Zoznamy ludia
2014-10-27 10:15 - 2014-10-27 10:15 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\com.wd.WDMyCloud.sav
2014-10-23 14:25 - 2014-10-23 14:25 - 00000000 ____D () C:\WINDOWS\pss

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-20 09:06 - 2010-12-08 16:19 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Preberanie
2014-11-20 09:03 - 2014-07-08 06:26 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-11-20 09:03 - 2013-01-22 12:43 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-11-20 09:03 - 2011-06-01 12:31 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-20 09:03 - 2007-02-06 12:01 - 00000278 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-11-20 09:03 - 2007-02-06 11:56 - 01612199 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-20 09:00 - 2011-06-01 12:31 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-20 08:58 - 2007-04-13 09:50 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Skype
2014-11-20 08:38 - 2007-02-09 12:24 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Fax
2014-11-20 08:17 - 2007-02-06 12:49 - 00001327 _____ () C:\WINDOWS\wiadebug.log
2014-11-20 08:08 - 2013-10-29 13:58 - 00002283 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2014-11-20 07:45 - 2007-02-06 12:49 - 00000052 _____ () C:\WINDOWS\wiaservc.log
2014-11-20 07:44 - 2007-02-06 12:01 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-19 16:51 - 2007-02-06 12:01 - 00032444 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-19 14:17 - 2007-02-06 12:02 - 00069544 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-11-19 13:26 - 2014-01-09 12:06 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Vyuctovania 2014
2014-11-19 13:11 - 2007-12-11 16:46 - 00000000 ____D () C:\qoobox
2014-11-19 13:02 - 2006-02-28 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-11-19 12:42 - 2007-10-30 07:52 - 00000000 ____D () C:\WINDOWS\erdnt
2014-11-19 10:58 - 2011-06-01 12:30 - 00000000 ____D () C:\Program Files\Google
2014-11-19 10:08 - 2013-03-11 07:38 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-11-19 10:08 - 2013-01-22 12:43 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-11-19 10:07 - 2014-07-16 06:42 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-11-19 10:07 - 2013-03-11 07:38 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2014-11-19 10:07 - 2013-03-11 07:38 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-11-19 10:07 - 2013-01-22 12:43 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-11-19 10:07 - 2013-01-22 12:43 - 00422760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-11-19 10:07 - 2013-01-22 12:43 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-11-19 09:30 - 2007-02-06 12:44 - 00000327 __RSH () C:\boot.ini
2014-11-19 08:52 - 2014-01-14 14:47 - 00437844 _____ () C:\WINDOWS\setupapi.log
2014-11-19 08:50 - 2007-02-06 12:45 - 00271784 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-19 08:50 - 2006-02-28 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-19 08:48 - 2013-05-13 06:52 - 00000000 ____D () C:\Documents and Settings\Administrator.UNI-MONT.001
2014-11-19 08:48 - 2007-02-06 12:01 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-11-19 08:48 - 2007-02-06 12:01 - 00000000 ____D () C:\Documents and Settings\Owner
2014-11-19 08:48 - 2007-02-06 12:00 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-11-19 08:48 - 2007-02-06 11:54 - 00000000 ____D () C:\WINDOWS\Registration
2014-11-19 08:47 - 2010-01-11 16:05 - 00000000 ____D () C:\Program Files\Nuance
2014-11-19 08:47 - 2010-01-11 16:05 - 00000000 ____D () C:\Program Files\Common Files\ScanSoft Shared
2014-11-19 08:47 - 2010-01-11 16:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ScanSoft
2014-11-19 08:47 - 2009-11-05 11:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Software995
2014-11-19 08:47 - 2007-10-15 09:43 - 00000000 ____D () C:\Program Files\SopCast
2014-11-19 08:47 - 2007-02-09 11:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Canon
2014-11-19 08:47 - 2007-02-06 11:53 - 00000000 ____D () C:\Program Files\Messenger
2014-11-19 08:46 - 2010-01-11 16:14 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\ScanSoft
2014-11-18 09:27 - 2009-11-05 11:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\pdf995
2014-11-18 09:25 - 2009-02-11 14:51 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Ja sukromne
2014-11-18 08:40 - 2007-02-09 11:43 - 00000000 ____D () C:\Program Files\Canon
2014-11-18 08:40 - 2007-02-06 13:18 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-11-14 13:08 - 2007-03-07 07:46 - 00000000 ____D () C:\ALFA
2014-11-14 07:31 - 2010-03-23 13:23 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\xerox
2014-11-13 07:44 - 2012-05-24 06:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-12 13:05 - 2013-01-24 14:20 - 00476160 _____ () C:\Documents and Settings\Owner\Desktop\ZOZNAM PRACOVNÍKOV 10 2013.xls
2014-11-11 12:54 - 2013-08-20 13:53 - 00000032 _____ () C:\Documents and Settings\All Users\Application Data\droidcam-settings
2014-11-11 08:37 - 2013-07-02 07:27 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\prihlasovanie skoleni + vstupy
2014-11-07 08:07 - 2014-08-14 12:16 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
2014-11-07 07:57 - 2012-06-22 08:03 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-07 07:57 - 2012-06-22 08:03 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-07 07:57 - 2011-05-18 06:09 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-06 16:07 - 2007-02-12 14:17 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Protokoly
2014-11-06 13:01 - 2013-10-17 12:38 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\priepustky
2014-11-04 16:45 - 2010-04-14 14:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979683$
2014-11-04 16:44 - 2014-01-09 12:04 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Vykazy 2014
2014-11-04 13:30 - 2009-11-05 11:17 - 00000060 _____ () C:\WINDOWS\wpd99.drv
2014-11-04 07:36 - 2009-12-14 15:40 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-11-04 07:36 - 2009-12-14 15:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-11-03 09:47 - 2007-03-07 14:48 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Zakazky
2014-10-31 07:58 - 2011-09-19 08:55 - 00001825 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-10-30 13:35 - 2009-11-10 09:48 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\vlc
2014-10-30 12:49 - 2014-07-07 08:21 - 01165109 _____ () C:\WINDOWS\FaxSetup.log
2014-10-30 12:49 - 2014-07-07 08:21 - 00569737 _____ () C:\WINDOWS\ocgen.log
2014-10-30 12:49 - 2014-07-07 08:21 - 00447991 _____ () C:\WINDOWS\tsoc.log
2014-10-30 12:49 - 2014-07-07 08:21 - 00204552 _____ () C:\WINDOWS\comsetup.log
2014-10-30 12:49 - 2014-07-07 08:21 - 00182451 _____ () C:\WINDOWS\iis6.log
2014-10-30 12:49 - 2014-07-07 08:21 - 00124863 _____ () C:\WINDOWS\ntdtcsetup.log
2014-10-30 12:49 - 2014-07-07 08:21 - 00058674 _____ () C:\WINDOWS\msgsocm.log
2014-10-30 12:49 - 2014-07-07 08:21 - 00034169 _____ () C:\WINDOWS\ocmsn.log
2014-10-30 12:49 - 2014-07-07 08:21 - 00004625 _____ () C:\WINDOWS\imsins.BAK
2014-10-30 12:49 - 2014-07-07 08:21 - 00001943 _____ () C:\WINDOWS\imsins.log
2014-10-30 12:49 - 2007-02-06 12:47 - 00567818 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-30 09:35 - 2010-04-13 08:21 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\skype
2014-10-30 09:13 - 2007-10-26 07:23 - 00326144 ___SH () C:\Documents and Settings\Owner\My Documents\Thumbs.db
2014-10-30 09:07 - 2011-04-11 07:45 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Dokumentacia UNI-MONT
2014-10-21 10:30 - 2007-02-12 14:20 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Pošta
2014-10-21 08:05 - 2007-02-06 12:37 - 00000000 ____D () C:\WINDOWS\repair

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

#20 Příspěvek od **Márty84** » 20 lis 2014 09:47

No nejel jste podle navodu, neni to ten pravy orechovy, ale co uz, aspon neco

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:

HKU\S-1-5-21-776561741-1844823847-839522115-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-11-19] (Google Inc.)

URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "C:\Documents and Settings\All Users\Application Data\ICQ\ICQNewTab\newTab.html" <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-776561741-1844823847-839522115-1003 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
Toolbar: HKU\S-1-5-21-776561741-1844823847-839522115-1003 -> No Name - {F2CF5485-4E02-4F68-819C-B92DE9277049} - No File

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

Juraj1973 · #21 Příspěvek od **Juraj1973** » 20 lis 2014 10:35

fix skončil bez log-u

Juraj1973 · #22 Příspěvek od **Juraj1973** » 20 lis 2014 10:37

na ploche som mal tento subor - ledaže by to bol on

fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-11-2014
Ran by Owner at 2014-11-20 10:20:09 Run:1
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:

HKU\S-1-5-21-776561741-1844823847-839522115-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-11-19] (Google Inc.)

URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "C:\Documents and Settings\All Users\Application Data\ICQ\ICQNewTab\newTab.html" <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-776561741-1844823847-839522115-1003 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
Toolbar: HKU\S-1-5-21-776561741-1844823847-839522115-1003 -> No Name - {F2CF5485-4E02-4F68-819C-B92DE9277049} - No File

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-776561741-1844823847-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\swg => value deleted successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key deleted successfully.
"HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}" => Key deleted successfully.
"HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => Key deleted successfully.
HKU\S-1-5-21-776561741-1844823847-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} => value deleted successfully.
"HKCR\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" => Key not found.
HKU\S-1-5-21-776561741-1844823847-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F2CF5485-4E02-4F68-819C-B92DE9277049} => value deleted successfully.
"HKCR\CLSID\{F2CF5485-4E02-4F68-819C-B92DE9277049}" => Key not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 714.4 MB temporary data.

The system needed a reboot.

#23 Příspěvek od **Márty84** » 20 lis 2014 10:39

Ano, to je on.

Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=130786

Juraj1973 · #24 Příspěvek od **Juraj1973** » 20 lis 2014 10:44

Logfile of random's system information tool 1.10 (written by random/random)
Run by Owner at 2014-11-20 10:43:36
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 35 GB (23%) free of 153 GB
Total RAM: 3070 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:43:53, on 20.11.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Cobian Backup 11\Cobian.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cobian Backup 11\cbInterface.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cobian Backup 11\cbVSCService11.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [Cobian Backup 11] "C:\Program Files\Cobian Backup 11\Cobian.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.1 - res://C:\Program Files\Nuance\PDF Converter 4\cnvres_eng.dll /100
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {248F1F2D-E854-40AD-BB42-2E69EBC1CD8B} (ST WebDialer Control) - https://zona.t-com.sk/VianKampan2007/STWebDialer.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3329369578
O16 - DPF: {CE40C3F1-3DF5-4461-A521-810923235628} (JOJ_Explorer_Player Control) - http://www.joj.sk/fileadmin/joj_player/ ... Player.cab
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 11 Stínová kopie - Requester (cbVSCService11) - CobianSoft, Luis Cobian - C:\Program Files\Cobian Backup 11\cbVSCService11.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

--
End of file - 8119 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\avast! Emergency Update.job - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1844823847-839522115-1003Core.job - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1844823847-839522115-1003UA.job - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job - C:\WINDOWS\system32\xp_eos.exe -c
C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job - C:\WINDOWS\system32\xp_eos.exe

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nylp1ezj.default-1389594932031

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.189 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35]
"Description"=
"Path"=C:\WINDOWS\system32\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nokia.com/EnablerPlugin]
"Description"=Nokia Suite Enabler Plugin
"Path"=C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0]
"Description"=
"Path"=c:\Program Files\Sony\Media Go\npmediago.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\plugins\
npEModelPlugin.dll
npLegitCheckPlugin.dll
NPOFFICE.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-09-27 329712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-09-27 59376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-09-27 79856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7}]
ChromeFrame BHO - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02 2215240]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-11-19 5225064]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Cobian Backup 11"=C:\Program Files\Cobian Backup 11\Cobian.exe [2012-12-05 720896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2006-04-04 16120832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"HonorAutoRunSetting"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\Program Files\3Com\ControlCenter\Instupdt.exe"="C:\Program Files\3Com\ControlCenter\Instupdt.exe:*:Disabled:Instant Update Configuration EXE"
"C:\Program Files\xerox\nwwia\XrxFTPLt.exe"="C:\Program Files\xerox\nwwia\XrxFTPLt.exe:*:Enabled:XrxFTPLt"
"C:\Documents and Settings\Owner\temp\TeamViewer\Version5\TeamViewer.exe"="C:\Documents and Settings\Owner\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer"
"C:\Program Files\Sony\Media Go\MediaGo.exe"="C:\Program Files\Sony\Media Go\MediaGo.exe:*:Enabled:Media Go"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe"="C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine"
"C:\Program Files\Sony Ericsson\Update Service\Update Service.exe"="C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe"="C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface"
"C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\DroidCam\DroidCamApp.exe"="C:\Program Files\DroidCam\DroidCamApp.exe:*:Enabled:DroidCam Client"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"C:\Program Files\Google\Chrome\Application\chrome.exe"="C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\TeamViewer\Version9\TeamViewer.exe"="C:\Program Files\TeamViewer\Version9\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\Cobian Backup 11\cbRemoteManager.exe"="C:\Program Files\Cobian Backup 11\cbRemoteManager.exe:*:Enabled:Cobian Backup 11, Gravity, Remote Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"msacm.siren"=sirenacm.dll
"VIDC.WMV3"=wmv9vcm.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2014-11-20 10:43:36 ----D---- C:\rsit
2014-11-20 10:43:36 ----D---- C:\Program Files\trend micro
2014-11-20 07:48:01 ----SHD---- C:\RECYCLER
2014-11-19 13:11:09 ----A---- C:\ComboFix.txt
2014-11-19 10:57:34 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2014-11-19 10:08:03 ----A---- C:\WINDOWS\system32\aswBoot.exe
2014-11-19 10:07:59 ----A---- C:\WINDOWS\avastSS.scr
2014-11-19 09:30:18 ----A---- C:\Boot.bak
2014-11-19 09:30:14 ----RASHD---- C:\cmdcons
2014-11-19 08:46:51 ----D---- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2014-11-19 08:46:49 ----D---- C:\Program Files\ScanSoft
2014-11-18 16:23:35 ----ASH---- C:\pagefile.sys
2014-11-18 08:59:01 ----A---- C:\WINDOWS\system32\ZnMacroUI.dll
2014-11-11 07:51:57 ----D---- C:\Program Files\Mozilla Firefox
2014-11-03 13:26:31 ----A---- C:\WINDOWS\system32\sqlite3.dll
2014-11-03 13:24:36 ----D---- C:\AdwCleaner
2014-11-03 07:59:33 ----D---- C:\FRST
2014-10-30 11:52:26 ----D---- C:\Documents and Settings\Owner\Application Data\com.wd.WDMyCloud
2014-10-30 11:52:03 ----D---- C:\Program Files\Dropbox
2014-10-30 11:52:03 ----D---- C:\Documents and Settings\Owner\Application Data\DropboxMaster
2014-10-30 11:51:09 ----D---- C:\Documents and Settings\Owner\Application Data\Dropbox
2014-10-27 10:15:47 ----D---- C:\Documents and Settings\Owner\Application Data\com.wd.WDMyCloud.sav
2014-10-23 14:25:40 ----D---- C:\WINDOWS\pss

======List of files/folders modified in the last 1 month======

2014-11-20 10:43:36 ----D---- C:\Program Files
2014-11-20 10:26:42 ----D---- C:\WINDOWS\temp
2014-11-20 10:25:01 ----A---- C:\WINDOWS\ModemLog_DrayTek ISDN MLPPP.txt
2014-11-20 10:24:32 ----A---- C:\WINDOWS\ModemLog_DrayTek ISDN PPP.txt
2014-11-20 10:24:31 ----A---- C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt
2014-11-20 10:22:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-11-20 10:22:15 ----D---- C:\WINDOWS\system32\CatRoot2
2014-11-20 10:21:04 ----D---- C:\WINDOWS\system32\drivers\etc
2014-11-20 09:08:08 ----D---- C:\WINDOWS
2014-11-20 08:58:59 ----D---- C:\Documents and Settings\Owner\Application Data\Skype
2014-11-19 13:11:14 ----D---- C:\qoobox
2014-11-19 13:11:13 ----D---- C:\WINDOWS\system32\drivers
2014-11-19 13:02:01 ----A---- C:\WINDOWS\system.ini
2014-11-19 12:58:38 ----D---- C:\WINDOWS\system32\config
2014-11-19 12:42:51 ----D---- C:\WINDOWS\erdnt
2014-11-19 12:40:02 ----D---- C:\WINDOWS\system32
2014-11-19 12:40:01 ----D---- C:\WINDOWS\AppPatch
2014-11-19 12:39:57 ----D---- C:\Program Files\Common Files
2014-11-19 10:58:36 ----D---- C:\Program Files\Google
2014-11-19 10:58:25 ----SHD---- C:\WINDOWS\Installer
2014-11-19 10:58:25 ----D---- C:\Config.Msi
2014-11-19 10:08:30 ----SD---- C:\WINDOWS\Tasks
2014-11-19 09:30:19 ----RASH---- C:\boot.ini
2014-11-19 08:48:29 ----D---- C:\WINDOWS\system32\wbem
2014-11-19 08:48:29 ----D---- C:\WINDOWS\Registration
2014-11-19 08:47:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-11-19 08:47:42 ----D---- C:\Program Files\SopCast
2014-11-19 08:47:35 ----D---- C:\Program Files\Messenger
2014-11-19 08:47:32 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2014-11-19 08:47:25 ----D---- C:\Documents and Settings\All Users\Application Data\ScanSoft
2014-11-19 08:47:19 ----D---- C:\Program Files\Nuance
2014-11-19 08:46:50 ----D---- C:\Documents and Settings\Owner\Application Data\ScanSoft
2014-11-18 09:27:07 ----D---- C:\Documents and Settings\All Users\Application Data\pdf995
2014-11-18 08:40:26 ----HD---- C:\Program Files\InstallShield Installation Information
2014-11-18 08:40:26 ----D---- C:\Program Files\Canon
2014-11-18 07:46:47 ----SD---- C:\WINDOWS\Downloaded Program Files
2014-11-14 13:08:43 ----D---- C:\ALFA
2014-11-13 11:07:59 ----A---- C:\WINDOWS\ModemLog_SAMSUNG Mobile USB Modem.txt
2014-11-13 07:44:01 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-11-07 07:57:31 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-04 16:45:46 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2014-11-04 07:36:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-10-30 13:35:00 ----D---- C:\Documents and Settings\Owner\Application Data\vlc
2014-10-30 12:49:32 ----A---- C:\WINDOWS\imsins.BAK
2014-10-30 12:49:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-21 12:35:57 ----SHD---- C:\System Volume Information
2014-10-21 08:05:17 ----D---- C:\WINDOWS\repair

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2014-11-19 49944]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2014-11-19 206248]
R0 JGOGO;JMicron Hot-Plug Driver; C:\WINDOWS\system32\DRIVERS\JGOGO.sys [2006-02-07 6912]
R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2006-04-02 42368]
R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-15 76544]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2014-11-19 55240]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-11-19 787800]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-11-19 422760]
R1 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2014-11-19 57928]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]
R2 Angelnt;Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS [2012-09-17 51072]
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2014-11-19 24184]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2014-11-19 70384]
R2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2003-07-29 40448]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 DroidCam;DroidCam Virtual Audio; C:\WINDOWS\system32\drivers\droidcam.sys [2013-08-20 21376]
R3 DUSBTAWAN;DrayTek ISDN NDISWAN; C:\WINDOWS\system32\DRIVERS\musbwn2k.sys [2009-03-03 23930]
R3 FakeWDMmdm;DWDMCOMM; C:\WINDOWS\system32\DRIVERS\dusbcomm.sys [2009-03-03 151428]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-04-06 4258816]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2013-02-08 12648960]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-03-15 244608]
S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CnxTrLan;Conexant USB Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\CnxTrLan.sys [2003-04-27 23296]
S3 CnxTrUsb;Conexant USB Network Interface Device Driver; C:\WINDOWS\system32\DRIVERS\CnxTrUsb.sys [2003-04-27 50560]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2013-05-02 83864]
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2011-06-06 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2011-06-06 25512]
S3 mDTA128;DrayTek ISDN USB TA; C:\WINDOWS\system32\DRIVERS\musbta2k.sys [2009-03-03 98313]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2013-01-23 18560]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2013-01-23 23168]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2012-10-17 19072]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-10-02 47360]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-02-28 5888]
S3 se45bus;Sony Ericsson Device 069 driver (WDM); C:\WINDOWS\system32\DRIVERS\se45bus.sys [2006-07-25 61536]
S3 se45mdfl;Sony Ericsson Device 069 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se45mdfl.sys [2006-07-25 9360]
S3 se45mdm;Sony Ericsson Device 069 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se45mdm.sys [2006-07-25 97088]
S3 se45mgmt;Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se45mgmt.sys [2006-07-25 88624]
S3 se45nd5;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (NDIS); C:\WINDOWS\system32\DRIVERS\se45nd5.sys [2006-07-25 18704]
S3 se45obex;Sony Ericsson Device 069 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se45obex.sys [2006-07-25 86432]
S3 se45unic;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (WDM); C:\WINDOWS\system32\DRIVERS\se45unic.sys [2006-07-25 90800]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2013-05-02 181912]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2013-01-23 8192]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2013-08-29 26240]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2013-01-23 8192]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-19 50344]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 cbVSCService11;Cobian Backup 11 Stínová kopie - Requester; C:\Program Files\Cobian Backup 11\cbVSCService11.exe [2012-12-05 67584]
R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-09-27 153584]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-07-24 53248]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-02-06 1174152]
R2 TeamViewer9;TeamViewer 9; C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe [2014-09-12 4799760]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20 107912]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-07 267440]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-01-17 1045256]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20 107912]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-11-19 194032]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-11-11 114288]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2013-04-18 737616]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2010-02-11 79360]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#25 Příspěvek od **Márty84** » 20 lis 2014 11:01

Pouzivate neco od Symantec? Nebo je to pozustatek z minule doby?

R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-02-06 1174152]

Dame si posledni sken a budem mazat.

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe , ulozte na plochu a spustte.
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

Juraj1973 · #26 Příspěvek od **Juraj1973** » 20 lis 2014 12:15

ten symantec je nejaký pozostatok

OTL prvá časť

TL logfile created on: 20.11.2014 11:12:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000041B | Country: Slovensko | Language: SKY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 60,61% Memory free
3,59 Gb Paging File | 2,53 Gb Available in Paging File | 70,51% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 34,03 Gb Free Space | 22,83% Space Free | Partition Type: NTFS
Drive D: | 667,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: UNI-MONT | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.11.20 11:09:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2014.11.19 10:07:51 | 005,225,064 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014.11.19 10:07:50 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014.11.11 07:52:22 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014.09.12 19:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2012.12.05 22:08:54 | 004,407,808 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Program Files\Cobian Backup 11\cbInterface.exe
PRC - [2012.12.05 22:08:44 | 000,720,896 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Program Files\Cobian Backup 11\Cobian.exe
PRC - [2012.12.05 21:11:40 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) -- C:\Program Files\Cobian Backup 11\cbVSCService11.exe
PRC - [2009.04.30 10:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2008.04.14 04:42:30 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008.04.14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.02.06 14:08:08 | 001,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe

========== Modules (No Company Name) ==========

MOD - [2014.11.20 09:04:30 | 002,903,040 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14112000\algo.dll
MOD - [2014.11.19 10:07:56 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014.11.11 07:52:19 | 003,649,648 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014.11.07 07:57:31 | 016,832,176 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll
MOD - [2014.07.08 08:00:02 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8cd995f00848816e3ec49dc326e3d49b\System.ServiceProcess.ni.dll
MOD - [2014.07.08 06:35:27 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\159b4a6888004de346d499841ec088a7\System.Core.ni.dll
MOD - [2014.07.08 06:27:13 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014.07.07 17:00:26 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2013.01.02 07:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009.11.05 11:24:04 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2009.04.30 10:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
MOD - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2006.10.22 05:22:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014.11.19 10:07:50 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014.11.11 07:52:20 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.11.07 07:57:32 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.09.12 19:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013.04.18 10:06:42 | 000,737,616 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.12.05 21:11:40 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 11\cbVSCService11.exe -- (cbVSCService11)
SRV - [2011.06.29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.01.17 14:01:42 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.02.11 08:20:32 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009.04.30 10:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2007.02.06 14:08:08 | 001,174,152 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Start_Pending] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2014.11.19 10:08:00 | 000,206,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014.11.19 10:08:00 | 000,057,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014.11.19 10:07:59 | 000,422,760 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)
DRV - [2014.11.19 10:07:59 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmonflt.sys -- (aswMonFlt)
DRV - [2014.11.19 10:07:59 | 000,055,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2014.11.19 10:07:59 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014.11.19 10:07:59 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2014.11.19 10:07:41 | 000,787,800 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013.08.20 13:50:15 | 000,021,376 | ---- | M] (Dev47Apps) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\droidcam.sys -- (DroidCam)
DRV - [2013.05.02 05:23:50 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013.05.02 05:23:50 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013.01.23 09:31:50 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2013.01.23 09:31:50 | 000,018,560 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2013.01.23 09:31:50 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2013.01.23 09:31:50 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2012.10.17 13:53:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.09.17 12:35:03 | 000,051,072 | ---- | M] (Identcode Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ANGELNT.SYS -- (Angelnt)
DRV - [2011.06.06 06:35:20 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011.06.06 06:35:20 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2009.03.03 14:47:34 | 000,151,428 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dusbcomm.sys -- (FakeWDMmdm)
DRV - [2009.03.03 14:47:34 | 000,098,313 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\musbta2k.sys -- (mDTA128)
DRV - [2009.03.03 14:47:34 | 000,023,930 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\musbwn2k.sys -- (DUSBTAWAN)
DRV - [2007.02.06 13:44:03 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2007.02.06 10:00:00 | 000,383,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2006.07.25 13:03:42 | 000,086,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45obex.sys -- (se45obex)
DRV - [2006.07.25 13:02:52 | 000,088,624 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45mgmt.sys -- (se45mgmt)
DRV - [2006.07.25 13:02:02 | 000,097,088 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45mdm.sys -- (se45mdm)
DRV - [2006.07.25 13:01:58 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45mdfl.sys -- (se45mdfl)
DRV - [2006.07.25 13:01:08 | 000,061,536 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45bus.sys -- (se45bus)
DRV - [2006.07.25 13:00:36 | 000,018,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45nd5.sys -- (se45nd5)
DRV - [2006.07.25 13:00:30 | 000,090,800 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45unic.sys -- (se45unic)
DRV - [2006.04.06 07:20:44 | 004,258,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2006.04.02 06:18:54 | 000,042,368 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2006.03.15 08:51:00 | 000,244,608 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006.02.07 12:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO)
DRV - [2004.06.29 09:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003.07.29 08:57:20 | 000,040,448 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2003.04.27 19:49:00 | 000,050,560 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CnxTrUsb.sys -- (CnxTrUsb)
DRV - [2003.04.27 19:48:48 | 000,023,296 | R--- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CnxTrLan.sys -- (CnxTrLan)
DRV - [2001.08.17 14:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-776561741-1844823847-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
IE - HKU\S-1-5-21-776561741-1844823847-839522115-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-776561741-1844823847-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-776561741-1844823847-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-776561741-1844823847-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-776561741-1844823847-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014.11.19 10:08:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014.11.11 07:52:06 | 000,000,000 | ---D | M]

[2012.01.19 08:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2014.11.20 09:47:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nylp1ezj.default-1389594932031\extensions
[2014.11.20 09:47:16 | 000,979,699 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nylp1ezj.default-1389594932031\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014.11.11 07:51:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014.11.11 07:52:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014.11.11 07:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014.11.11 07:52:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010.10.01 15:30:44 | 000,258,560 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: PredvolenĂ˝ profil (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2014.11.20 10:21:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
O3 - HKU\S-1-5-21-776561741-1844823847-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-776561741-1844823847-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\S-1-5-21-776561741-1844823847-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKU\S-1-5-21-776561741-1844823847-839522115-1003..\Run: [Cobian Backup 11] C:\Program Files\Cobian Backup 11\Cobian.exe (Luis Cobian, CobianSoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-776561741-1844823847-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-776561741-1844823847-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-776561741-1844823847-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-776561741-1844823847-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-776561741-1844823847-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.1 - C:\Program Files\Nuance\PDF Converter 4\cnvres_eng.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {248F1F2D-E854-40AD-BB42-2E69EBC1CD8B} https://zona.t-com.sk/VianKampan2007/STWebDialer.cab (ST WebDialer Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 3329369578 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CE40C3F1-3DF5-4461-A521-810923235628} http://www.joj.sk/fileadmin/joj_player/ ... Player.cab (JOJ_Explorer_Player Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/sh ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89586165-B9D7-4D5F-9512-2EDE662E3C1B}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.01.17 11:22:35 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2007.12.11 07:42:33 | 000,537,888 | R--- | M] (Nuance Communications, Inc.) - D:\AUTORUN.exe -- [ CDFS ]
O32 - AutoRun File - [2008.07.14 12:12:49 | 000,376,824 | R--- | M] () - D:\AUTORUN.ini -- [ CDFS ]
O32 - AutoRun File - [2006.10.31 12:10:11 | 000,000,049 | R--- | M] () - D:\AutoRun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - msh263.drv File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014.11.20 11:09:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2014.11.20 10:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014.11.20 10:43:36 | 000,000,000 | ---D | C] -- C:\rsit
[2014.11.20 09:06:25 | 000,112,640 | ---- | C] (forum.viry.cz) -- C:\Documents and Settings\Owner\Desktop\FRSTLauncher.exe
[2014.11.20 07:48:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014.11.19 10:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2014.11.19 10:08:03 | 000,291,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014.11.19 10:07:59 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014.11.19 09:30:14 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014.11.19 09:26:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ComboFix
[2014.11.19 09:13:02 | 005,598,319 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2014.11.19 08:47:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ScanSoft PDF Professional 4
[2014.11.19 08:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2014.11.19 08:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSoft
[2014.11.19 08:46:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Scansoft
[2014.11.18 08:59:01 | 000,266,240 | ---- | C] (Zeon Corporation) -- C:\WINDOWS\System32\ZnMacroUI.dll
[2014.11.18 08:59:01 | 000,038,440 | ---- | C] (Nuance Communications, Inc.) -- C:\WINDOWS\System32\ZnMacroUIRes.enu
[2014.11.11 08:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\prihlasovanie skoleni + vstupy
[2014.11.11 07:51:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014.11.03 13:26:31 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\System32\sqlite3.dll
[2014.11.03 13:24:36 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.11.03 09:34:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Archiv xerox
[2014.11.03 07:59:33 | 000,000,000 | ---D | C] -- C:\FRST
[2014.11.03 07:54:18 | 001,108,992 | ---- | C] (Farbar) -- C:\Documents and Settings\Owner\Desktop\FRST.exe
[2014.10.30 11:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Western Digital
[2014.10.30 11:52:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\com.wd.WDMyCloud
[2014.10.30 11:52:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DropboxMaster
[2014.10.30 11:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2014.10.30 11:52:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Dropbox
[2014.10.30 11:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Dropbox
[2014.10.30 11:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Zoznamy ludia
[2014.10.27 10:15:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\com.wd.WDMyCloud.sav
[2014.10.23 14:25:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2008.10.02 10:52:36 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\Owner\Desktop\CA27O1AR.
File not found -- C:\Documents and Settings\Owner\Desktop\CA11ZJMK.
[2014.11.20 11:15:59 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.11.20 11:09:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2014.11.20 11:00:00 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014.11.20 10:42:07 | 001,107,968 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RSIT.exe
[2014.11.20 10:24:25 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014.11.20 10:24:05 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014.11.20 10:24:01 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014.11.20 10:23:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014.11.20 10:21:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014.11.20 09:06:44 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\MSGBOX.EXE
[2014.11.20 09:06:44 | 000,015,327 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\LM.bat
[2014.11.20 09:06:29 | 000,112,640 | ---- | M] (forum.viry.cz) -- C:\Documents and Settings\Owner\Desktop\FRSTLauncher.exe
[2014.11.20 08:57:55 | 001,108,992 | ---- | M] (Farbar) -- C:\Documents and Settings\Owner\Desktop\FRST.exe
[2014.11.20 08:15:32 | 002,053,281 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Sken_20141112.pdf
[2014.11.20 08:08:22 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2014.11.19 10:25:09 | 000,046,010 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\CCF19112014_00001.pdf
[2014.11.19 10:08:35 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
[2014.11.19 10:08:00 | 000,206,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014.11.19 10:08:00 | 000,057,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014.11.19 10:07:59 | 000,422,760 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2014.11.19 10:07:59 | 000,291,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014.11.19 10:07:59 | 000,070,384 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmonflt.sys
[2014.11.19 10:07:59 | 000,055,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014.11.19 10:07:59 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014.11.19 10:07:59 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014.11.19 10:07:59 | 000,024,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014.11.19 10:07:41 | 000,787,800 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014.11.19 09:30:19 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2014.11.19 09:26:10 | 005,598,319 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2014.11.19 09:24:31 | 005,594,750 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.zip
[2014.11.19 08:50:31 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014.11.19 08:50:18 | 000,271,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014.11.18 08:59:32 | 000,014,659 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ponuka_2014_508 (1).pdf
[2014.11.18 08:37:03 | 000,014,659 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ponuka_2014_508.pdf
[2014.11.14 08:20:21 | 003,228,095 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\20141113_123401.jpg
[2014.11.14 08:20:21 | 003,003,543 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\20141113_123430.jpg
[2014.11.13 11:08:36 | 000,000,288 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Desktop.lnk
[2014.11.13 09:21:10 | 000,042,310 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\41875501.jpg
[2014.11.13 09:21:02 | 000,003,276 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\4187pojazd.jpg
[2014.11.12 15:48:24 | 000,311,652 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\20141112_154824.jpg
[2014.11.12 15:48:09 | 000,304,789 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\20141112_154809.jpg
[2014.11.11 14:16:13 | 000,002,625 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks eDrawings 2011.lnk
[2014.11.11 12:54:46 | 000,000,032 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\droidcam-settings
[2014.11.07 07:57:32 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014.11.07 07:57:31 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014.11.07 07:57:31 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014.11.04 13:30:51 | 000,000,060 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2014.11.04 07:36:53 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014.11.04 07:19:52 | 000,025,463 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Správa programu Defragmentácia disku.pdf
[2014.11.03 13:24:06 | 001,375,089 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner_3.311.exe
[2014.10.31 07:58:36 | 000,001,825 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014.10.30 13:36:17 | 000,000,380 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Odkaz na xerox.lnk
[2014.10.30 12:49:32 | 000,004,625 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014.10.30 12:49:28 | 000,478,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014.10.30 12:49:28 | 000,078,472 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\Documents and Settings\Owner\Desktop\CA27O1AR.
File not found -- C:\Documents and Settings\Owner\Desktop\CA11ZJMK.
[2014.11.20 11:15:59 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.11.20 10:42:01 | 001,107,968 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RSIT.exe
[2014.11.20 09:06:44 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\MSGBOX.EXE
[2014.11.20 09:06:44 | 000,015,327 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\LM.bat
[2014.11.20 08:15:33 | 002,053,281 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Sken_20141112.pdf
[2014.11.19 10:25:09 | 000,046,010 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\CCF19112014_00001.pdf
[2014.11.19 10:08:35 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
[2014.11.19 09:30:18 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2014.11.19 09:30:15 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2014.11.19 09:24:31 | 005,594,750 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.zip
[2014.11.18 08:59:33 | 000,014,659 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ponuka_2014_508 (1).pdf
[2014.11.18 08:35:56 | 000,014,659 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ponuka_2014_508.pdf
[2014.11.14 08:20:21 | 003,228,095 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\20141113_123401.jpg
[2014.11.14 08:20:21 | 003,003,543 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\20141113_123430.jpg
[2014.11.13 11:08:33 | 000,311,652 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\20141112_154824.jpg
[2014.11.13 11:08:33 | 000,304,789 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\20141112_154809.jpg
[2014.11.13 09:21:02 | 000,003,276 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\4187pojazd.jpg
[2014.11.13 09:20:22 | 000,042,310 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\41875501.jpg
[2014.11.04 07:31:40 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014.11.04 07:19:52 | 000,025,463 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Správa programu Defragmentácia disku.pdf
[2014.11.03 13:24:02 | 001,375,089 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner_3.311.exe
[2014.10.30 13:36:17 | 000,000,380 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Odkaz na xerox.lnk
[2014.10.30 12:20:37 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Desktop.lnk
[2014.10.16 13:10:44 | 000,265,006 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2014.07.16 06:42:57 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014.07.07 16:19:11 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2014.07.07 16:19:11 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2014.07.07 16:19:11 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2014.07.07 12:27:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013.08.20 13:53:20 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\droidcam-settings
[2013.05.22 19:43:52 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2013.05.22 19:43:48 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2013.05.22 19:43:48 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2013.05.22 19:43:48 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2013.05.22 19:43:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2013.05.13 07:01:43 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.05.13 07:01:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.03.11 07:38:50 | 000,206,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013.03.11 07:38:50 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013.02.08 04:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011.09.19 06:09:41 | 013,631,488 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.bak
[2011.03.28 09:41:29 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\inst.exe
[2008.10.02 10:58:31 | 000,009,391 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\profile.ini
[2008.10.02 10:52:36 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2008.10.02 10:52:36 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2008.07.29 11:53:17 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\NMM-MetaData.db
[2008.07.09 09:26:16 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007.12.14 14:55:05 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Owner\intlname.ols
[2007.04.13 14:12:16 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009.08.26 13:04:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2014.02.25 04:30:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014.11.19 08:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.UNI-MONT.001\Application Data\Zeon
[2011.02.18 08:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011.02.18 08:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk Navisworks Freedom 2011
[2011.01.17 14:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk Navisworks Manage 2011
[2011.06.06 06:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2014.01.15 07:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010.06.23 10:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008.10.02 10:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Configs
[2008.07.09 09:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2011.09.19 07:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET(2)
[2011.02.17 13:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2012.11.05 07:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\firebird
[2013.04.10 09:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2008.07.29 11:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2012.11.05 07:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KROS
[2011.07.13 10:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011.01.17 14:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Navisworks 2011
[2013.07.01 13:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2013.03.22 07:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2009.06.01 16:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2014.11.18 09:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2013.07.01 14:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2014.11.19 08:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011.08.30 13:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softland
[2014.11.19 08:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2008.10.02 12:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2014.10.16 11:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010.01.11 16:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2014.07.07 10:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Xerox
[2012.02.28 07:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2011.02.18 08:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Autodesk
[2011.02.18 08:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Autodesk Navisworks Freedom 2011
[2011.02.18 07:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Autodesk Navisworks Manage 2011
[2014.01.16 07:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVAST Software
[2012.03.06 07:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\avidemux
[2009.03.06 13:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2014.10.30 11:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.wd.WDMyCloud
[2014.10.27 10:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.wd.WDMyCloud.sav
[2014.10.30 11:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dropbox
[2014.10.30 11:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DropboxMaster
[2010.02.11 08:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EDrawings
[2011.09.19 07:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ESET
[2011.02.24 15:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileOpen
[2012.03.06 09:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2013.02.26 17:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICQ
[2008.09.08 15:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICQ Toolbar
[2009.08.12 12:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2009.05.28 08:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImTOO Software Studio
[2007.02.09 11:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2009.08.26 13:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\KaDonk
[2013.07.01 14:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nokia
[2013.07.01 14:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nokia Suite
[2013.07.01 14:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Suite
[2009.11.05 11:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\pdf995
[2013.08.08 06:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Samsung
[2014.11.19 08:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScanSoft
[2011.08.30 13:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Softland
[2010.06.23 10:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
[2014.01.07 13:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TeamViewer
[2011.03.28 09:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2012.02.28 07:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Wise Registry Cleaner
[2010.01.14 08:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Xerox
[2010.01.11 16:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Zeon

========== Purity Check ==========

Juraj1973 · #27 Příspěvek od **Juraj1973** » 20 lis 2014 12:16

otl 2. časť

========== Custom Scans ==========

< >
[2007.02.06 11:55:17 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2007.02.06 12:01:16 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2011.06.01 12:31:01 | 000,000,920 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2011.06.01 12:31:03 | 000,000,924 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2012.06.22 08:03:29 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2013.01.22 12:43:22 | 000,000,364 | -H-- | C] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2013.06.25 15:36:09 | 000,000,964 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1844823847-839522115-1003Core.job
[2013.06.25 15:36:13 | 000,001,016 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1844823847-839522115-1003UA.job
[2014.07.08 06:26:47 | 000,000,216 | ---- | C] () -- C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014.07.08 06:26:52 | 000,000,222 | ---- | C] () -- C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job

< >

< MD5 for: AGP440.SYS >
[2008.04.14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\718b5ef2f371da54c412\i386\sp3.cab:AGP440.sys
[2006.02.28 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\erdnt\cache\agp440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008.04.14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\718b5ef2f371da54c412\i386\sp3.cab:atapi.sys
[2006.02.28 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006.02.28 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 04:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\718b5ef2f371da54c412\i386\autochk.exe
[2008.04.14 04:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008.04.14 04:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 01:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\autochk.exe
[2008.04.14 04:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2006.02.28 13:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: CDROM.SYS >
[2008.04.14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\718b5ef2f371da54c412\i386\sp3.cab:cdrom.sys
[2006.02.28 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 23:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\cdrom.sys
[2008.04.13 23:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2006.02.28 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2006.02.28 13:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 04:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\erdnt\cache\cryptsvc.dll
[2008.04.14 04:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 01:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\cryptsvc.dll
[2008.04.14 04:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 04:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2008.04.14 04:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2008.04.14 04:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006.02.28 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008.04.14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[2007.06.13 12:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2006.02.28 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: HAL.DLL >
[2008.04.14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\718b5ef2f371da54c412\i386\sp3.cab:hal.dll
[2006.02.28 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 23:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 23:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 19:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\hal.dll
[2006.02.28 13:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2008.04.14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\718b5ef2f371da54c412\i386\sp3.cab:Changer.sys
[2006.02.28 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.04.14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 23:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[2008.04.13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\718b5ef2f371da54c412\i386\sp3.cab:isapnp.sys
[2008.04.14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2008.04.13 23:06:42 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.13 19:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\isapnp.sys
[2008.04.13 23:06:42 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2001.08.17 13:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2006.02.28 13:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\isapnp.sys

< MD5 for: LSASS.EXE >
[2006.02.28 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 04:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\erdnt\cache\lsass.exe
[2008.04.14 04:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 01:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[2008.04.14 04:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\erdnt\cache\ndis.sys
[2008.04.13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
[2008.04.13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2006.02.28 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 04:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2008.04.14 04:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2008.04.14 04:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009.02.06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2006.02.28 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006.02.28 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 04:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\erdnt\cache\scecli.dll
[2008.04.14 04:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[2008.04.14 04:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2008.04.14 04:42:40 | 000,470,016 | ---- | M] (Microsoft Corporation) MD5=3C3393C92A73A3006C7B706DAC54A812 -- C:\718b5ef2f371da54c412\i386\system32\smss.exe
[2008.04.14 04:42:38 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 01:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\smss.exe
[2008.04.14 04:42:38 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\smss.exe
[2006.02.28 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004.08.04 00:56:58 | 000,152,576 | ---- | M] (Microsoft Corporation) MD5=DA5CF1C368B33D75602FD6B3A7F5E0C6 -- C:\cmdcons\SYSTEM32\SMSS.EXE

< MD5 for: SVCHOST.EXE >
[2008.04.14 04:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008.04.14 04:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[2008.04.14 04:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006.02.28 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: TCPIP.SYS >
[2006.04.20 12:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2006.04.20 12:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\SoftwareDistributionOld\Download\556eb98436b65a8c1ffae674c83d197f\sp2gdr\tcpip.sys
[2008.06.20 11:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2007.10.30 17:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008.06.20 11:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007.10.30 18:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.04.13 23:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 23:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.04.13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\erdnt\cache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006.02.28 13:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 13:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[2006.04.20 13:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\SoftwareDistributionOld\Download\556eb98436b65a8c1ffae674c83d197f\sp2qfe\tcpip.sys

< MD5 for: USERINIT.EXE >
[2006.02.28 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008.04.14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008.04.14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[2008.04.14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006.02.28 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008.04.14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[2008.04.14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 04:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\erdnt\cache\ws2_32.dll
[2008.04.14 04:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 01:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
[2008.04.14 04:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2006.02.28 13:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[20 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[3 C:\WINDOWS\msagent\*.tmp files -> C:\WINDOWS\msagent\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[13 C:\WINDOWS\system32\dllcache\*.tmp files -> C:\WINDOWS\system32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\system32\DRVSTORE\*.tmp files -> C:\WINDOWS\system32\DRVSTORE\*.tmp -> ]
[7 C:\WINDOWS\system32\FxsTmp\*.tmp files -> C:\WINDOWS\system32\FxsTmp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2013.02.12 13:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010.06.23 09:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010.06.23 09:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011.02.18 08:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011.02.18 08:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk Navisworks Freedom 2011
[2011.01.17 14:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk Navisworks Manage 2011
[2011.06.06 06:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2014.01.15 07:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010.06.23 10:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008.10.02 10:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Configs
[2007.11.23 10:28:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel
[2007.02.07 13:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008.07.09 09:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2011.09.19 07:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET(2)
[2011.02.17 13:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2012.11.05 07:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\firebird
[2012.01.10 08:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2014.11.19 10:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2013.04.10 09:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2008.07.29 11:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010.01.11 16:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2012.11.05 07:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KROS
[2009.12.14 15:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.02.06 10:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010.06.14 14:20:28 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2012.05.24 06:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2011.07.13 10:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011.01.17 14:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Navisworks 2011
[2013.07.01 13:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2013.03.22 07:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2007.02.14 15:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2009.06.01 16:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2014.11.18 09:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2013.07.01 14:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2014.11.19 08:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2014.10.14 06:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011.06.28 06:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011.08.30 13:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softland
[2010.06.23 09:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2011.06.06 06:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
[2011.09.19 08:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2014.11.19 08:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2011.06.06 06:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2007.04.12 10:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2008.10.02 12:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2014.10.16 11:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2007.02.06 14:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010.01.11 16:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2012.12.03 08:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_11.0.00\12354\AcrobatUpdater.exe
[2012.12.03 08:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_11.0.00\12354\AdobeARM.exe
[2012.12.03 08:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_11.0.00\12354\AdobeARMHelper.exe
[2012.12.03 08:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_11.0.00\12354\ReaderUpdater.exe
[2013.04.04 22:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_11.0.02\26660\AcrobatUpdater.exe
[2013.04.04 22:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_11.0.02\26660\AdobeARM.exe
[2013.04.04 22:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_11.0.02\26660\AdobeARMHelper.exe
[2013.04.04 22:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_11.0.02\26660\ReaderUpdater.exe
[2013.11.21 17:57:26 | 000,342,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_11.0.05\28975\AcrobatUpdater.exe
[2013.11.21 17:57:26 | 000,959,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_11.0.05\28975\AdobeARM.exe
[2013.11.21 17:57:26 | 000,342,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_11.0.05\28975\AdobeARMHelper.exe
[2013.11.21 17:57:26 | 000,342,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_11.0.05\28975\ReaderUpdater.exe
[2012.01.04 10:27:35 | 030,910,360 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.4\ARM\AdbeRdr950_sk_SK.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.4\ARM\5565\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.4\ARM\5565\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.4\ARM\5565\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.4\ARM\5565\ReaderUpdater.exe
[2012.09.24 04:46:27 | 000,364,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1029-7B44-AB0000000001}\setup.exe
[2008.07.29 11:18:31 | 036,100,944 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{2B8BEBBF-73A0-497D-9900-8474D022AB3F}\Nokia_PC_Suite_rel_7_0_7_0_cze_web.exe
[2008.07.29 11:18:45 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{2B8BEBBF-73A0-497D-9900-8474D022AB3F}\Installer\CommonCustomActions\UninstCCD.exe
[2008.07.29 11:18:45 | 000,010,240 | ---- | M] (Nokia) -- C:\Documents and Settings\All Users\Application Data\Installations\{2B8BEBBF-73A0-497D-9900-8474D022AB3F}\Installer\CommonCustomActions\UninstPCS.exe
[2008.07.29 11:18:45 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{2B8BEBBF-73A0-497D-9900-8474D022AB3F}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
[2008.05.23 07:56:42 | 032,741,656 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Nokia_PC_Suite_rel_6_86_9_3_slk_web.exe
[2008.05.23 07:59:20 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Installer\CommonCustomActions\UninstCCD.exe
[2008.05.23 07:59:20 | 000,010,240 | ---- | M] (Nokia) -- C:\Documents and Settings\All Users\Application Data\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Installer\CommonCustomActions\UninstPCS.exe
[2008.05.23 07:59:20 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
[2014.11.04 07:37:57 | 019,828,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2013.07.01 13:13:39 | 106,311,632 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{0C808377-8C23-44ED-9016-05F42E6D4900}\Installer.exe
[2013.07.01 13:14:25 | 000,125,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{0C808377-8C23-44ED-9016-05F42E6D4900}\Installer\InstallerService.exe
[2013.07.01 13:14:26 | 000,053,096 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{0C808377-8C23-44ED-9016-05F42E6D4900}\Installer\InstallerServiceExec.exe
[2013.07.01 13:14:27 | 000,053,608 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{0C808377-8C23-44ED-9016-05F42E6D4900}\Installer\IsPinned.exe
[2013.07.01 13:15:35 | 000,046,144 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{0C808377-8C23-44ED-9016-05F42E6D4900}\Installer\CommonCustomActions\pcswpc.exe
[2013.07.01 13:15:36 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{0C808377-8C23-44ED-9016-05F42E6D4900}\Installer\CommonCustomActions\RepairMplatform.exe
[2013.07.01 13:15:36 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{0C808377-8C23-44ED-9016-05F42E6D4900}\Installer\CommonCustomActions\Run_XML6_SP1.exe
[2013.07.01 13:15:37 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{0C808377-8C23-44ED-9016-05F42E6D4900}\Installer\CommonCustomActions\WMF11Runx86.exe
[2013.07.01 13:15:43 | 012,212,040 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{0C808377-8C23-44ED-9016-05F42E6D4900}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
[2011.06.06 06:36:20 | 000,154,744 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson\Update Engine\configuration\org.eclipse.osgi\bundles\82\1\.cp\lib\win32\DeviceRemover.exe
[2011.06.06 06:34:49 | 000,158,840 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson\Update Engine\configuration\org.eclipse.osgi\bundles\84\1\.cp\lib\win32\DriverInstaller.exe

< %APPDATA%\*. >
[2010.03.17 11:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AccurateRip
[2013.02.12 11:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2007.02.09 12:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AdobeUM
[2008.07.09 08:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ahead
[2010.08.16 09:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
[2007.04.18 09:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ArcSoft
[2012.02.28 07:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2011.02.18 08:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Autodesk
[2011.02.18 08:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Autodesk Navisworks Freedom 2011
[2011.02.18 07:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Autodesk Navisworks Manage 2011
[2014.01.16 07:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVAST Software
[2012.03.06 07:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\avidemux
[2009.03.06 13:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2014.10.30 11:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.wd.WDMyCloud
[2014.10.27 10:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.wd.WDMyCloud.sav
[2007.11.23 11:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Corel
[2007.02.07 13:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CyberLink
[2009.11.23 12:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Download Manager
[2014.10.30 11:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dropbox
[2014.10.30 11:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DropboxMaster
[2013.10.02 09:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\dvdcss
[2010.02.11 08:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EDrawings
[2011.09.19 07:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ESET
[2011.02.24 15:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileOpen
[2011.06.01 12:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Google
[2012.03.06 09:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2007.11.21 10:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Help
[2013.02.26 17:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICQ
[2008.09.08 15:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICQ Toolbar
[2007.02.06 12:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Identities
[2009.08.12 12:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2009.05.28 08:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImTOO Software Studio
[2008.01.18 11:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InstallShield
[2007.02.09 11:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2009.08.26 13:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\KaDonk
[2007.05.10 07:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lavasoft
[2007.02.09 13:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2009.12.14 15:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009.10.28 09:14:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Owner\Application Data\Microsoft
[2013.07.01 06:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2013.07.01 14:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nokia
[2013.07.01 14:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nokia Suite
[2013.07.01 14:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Suite
[2009.11.05 11:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\pdf995
[2013.08.08 06:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Samsung
[2014.11.19 08:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScanSoft
[2014.11.20 08:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skype
[2011.07.07 06:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\skypePM
[2011.08.30 13:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Softland
[2010.06.23 10:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
[2009.04.21 13:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sun
[2007.04.13 08:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Symantec
[2014.01.07 13:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TeamViewer
[2009.05.11 09:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\U3
[2014.10.30 13:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\vlc
[2011.03.28 09:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2012.02.28 07:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Wise Registry Cleaner
[2010.01.14 08:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Xerox
[2010.01.11 16:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Zeon

< %APPDATA%\*.exe /s >
[2011.03.28 09:41:29 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\inst.exe
[2007.02.09 12:26:10 | 021,277,080 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe
[2014.03.19 13:17:02 | 032,667,896 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
[2014.03.19 13:18:14 | 000,244,648 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxUninstaller.exe
[2014.03.19 13:17:06 | 000,143,616 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxUpdateHelper.exe
[2010.11.11 11:47:48 | 002,790,864 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2010.06.23 09:55:04 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
[2009.08.26 13:12:34 | 000,143,546 | R--- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{590D814A-91AC-4B21-9F2B-251392CE1672}\_20F48C7FD916CFBD9B23A8.exe
[2009.08.26 13:12:34 | 000,143,546 | R--- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{590D814A-91AC-4B21-9F2B-251392CE1672}\_6FEFF9B68218417F98F549.exe
[2009.08.26 13:12:34 | 000,143,546 | R--- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{590D814A-91AC-4B21-9F2B-251392CE1672}\_F90CFE4194E321AD0B4BEA.exe
[2006.05.24 12:36:46 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\U3\temp\cleanup.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007.02.06 12:44:53 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2007.02.06 12:44:53 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2007.02.06 12:44:52 | 000,909,312 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >
[2014.11.19 10:07:59 | 000,024,184 | ---- | M] () -- C:\WINDOWS\system32\drivers\aswHwid.sys
[2014.11.19 10:07:59 | 000,070,384 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswmonflt.sys
[2014.11.19 10:07:59 | 000,055,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2014.11.19 10:07:59 | 000,049,944 | ---- | M] () -- C:\WINDOWS\system32\drivers\aswRvrt.sys
[2014.11.19 10:07:41 | 000,787,800 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswSnx.sys
[2014.11.19 10:07:59 | 000,422,760 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswsp.sys
[2014.11.19 10:08:00 | 000,057,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2014.11.19 10:08:00 | 000,206,248 | ---- | M] () -- C:\WINDOWS\system32\drivers\aswVmm.sys

< %systemroot%\system32\*.* /3 >
[2014.11.19 10:07:59 | 000,291,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\aswBoot.exe
[2014.11.19 08:50:18 | 000,271,784 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2014.11.19 08:50:31 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Cobian Backup 11" = "C:\Program Files\Cobian Backup 11\Cobian.exe" -- [2012.12.05 22:08:44 | 000,720,896 | ---- | M] (Luis Cobian, CobianSoft)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.11.20 11:15:59 | 000,000,512 | ---- | M] () MD5=05DE7C7906E15C3FCA722FA8EE4E64D2 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2009.05.28 14:39:30 | 000,014,382 | ---- | M] () -- \Documents and Settings\Owner\My Documents\ImTOO Software Studio\3GP Video Converter\crack.js
[2010.11.03 10:10:58 | 000,888,398 | ---- | M] () -- \Documents and Settings\Owner\My Documents\Ja sukromne\MS Office 2003 CZ Professional\Cracks.zip
[2008.07.20 23:27:29 | 000,045,524 | ---- | M] () -- \Documents and Settings\Owner\My Documents\Ja sukromne\stiahnute subory a programz\DVD_X_Studios_CloneDVD_4[1].2.5.0_CZ\DVD X Studios CloneDVD 4.2.5.0 CZ\CRACK.rar
[2009.01.18 00:14:10 | 004,000,981 | ---- | M] () -- \Documents and Settings\Owner\My Documents\Pošta\Preberanie\Castle Strike\Castle Strike\crack.rar

< *keygen* /s >

< *AntiWPA* /s >

< *loader* /s >
[2008.04.14 04:41:54 | 000,017,419 | ---- | M] () -- \718b5ef2f371da54c412\i386\dmloader.dl_
[2008.04.13 23:01:44 | 000,114,925 | ---- | M] () -- \718b5ef2f371da54c412\i386\osloader.ex_
[2008.04.13 23:01:46 | 000,132,513 | ---- | M] () -- \718b5ef2f371da54c412\i386\osloader.nt_
[2013.04.12 10:56:12 | 000,945,776 | ---- | M] () -- \ALFA\Downloader.exe
[2014.11.14 09:29:08 | 000,000,051 | ---- | M] () -- \ALFA\DownloaderVys.dat
[2010.03.16 18:05:56 | 000,012,886 | ---- | M] () -- \Autodesk\Navisworks Manage 2011\x86\NAVMAN\Autodesk\Navisworks Manage 2011\api\nwcreate\examples\loader\loader.cpp
[2010.03.16 18:05:56 | 000,004,687 | ---- | M] () -- \Autodesk\Navisworks Manage 2011\x86\NAVMAN\Autodesk\Navisworks Manage 2011\api\nwcreate\examples\loader\loader.dsp
[2010.03.16 18:05:56 | 000,000,614 | ---- | M] () -- \Autodesk\Navisworks Manage 2011\x86\NAVMAN\Autodesk\Navisworks Manage 2011\api\nwcreate\examples\loader\loader.dsw
[2010.03.16 18:05:56 | 000,004,822 | ---- | M] () -- \Autodesk\Navisworks Manage 2011\x86\NAVMAN\Autodesk\Navisworks Manage 2011\api\nwcreate\examples\loader\loader.mak
[2010.03.16 18:05:56 | 000,000,215 | ---- | M] () -- \Autodesk\Navisworks Manage 2011\x86\NAVMAN\Autodesk\Navisworks Manage 2011\api\nwcreate\examples\loader\loader.reg
[2010.03.16 18:05:56 | 000,000,360 | ---- | M] () -- \Autodesk\Navisworks Manage 2011\x86\NAVMAN\Autodesk\Navisworks Manage 2011\api\nwcreate\examples\loader\loader.txt
[2010.03.16 18:43:31 | 000,022,367 | ---- | M] () -- \Autodesk\Navisworks Manage 2011\x86\NAVMAN\Autodesk\Navisworks Manage 2011\api\nwcreate\include\nwcreate\LiNwcLoader.h
[2013.01.14 13:44:00 | 000,306,992 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Adobe\AIH.e422d61a5691b850a2a2a2f6de0310ee176c9320\downloader.bundle
[2012.12.10 08:23:00 | 000,511,944 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Adobe\AIH.e422d61a5691b850a2a2a2f6de0310ee176c9320\downloader.dll
[2012.12.04 17:00:50 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Skype\Apps(2)\login(2)\images(2)\loader.gif
[2012.12.04 17:00:50 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Skype\Apps(2)\login(2)\images(2)\loader.png
[2012.12.04 17:00:50 | 000,009,772 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Skype\Apps(2)\login(2)\images(2)\retina(2)\loader@2x.png
[2014.08.13 12:14:30 | 000,009,418 | ---- | M] () -- \Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_3332_24611\CRX_INSTALL\img\gifloader.gif
[2014.07.24 14:53:16 | 000,072,638 | ---- | M] () -- \Documents and Settings\Owner\Local Settings\Application Data\Skype\Apps\login(2)\images(2)\loader.gif
[2014.07.24 14:53:16 | 000,003,032 | ---- | M] () -- \Documents and Settings\Owner\Local Settings\Application Data\Skype\Apps\login(2)\images(2)\loader.png
[2014.07.24 14:53:16 | 000,006,012 | ---- | M] () -- \Documents and Settings\Owner\Local Settings\Application Data\Skype\Apps\login(2)\images(2)\normal(2)\loader_15fps.gif
[2014.07.24 14:53:16 | 000,021,956 | ---- | M] () -- \Documents and Settings\Owner\Local Settings\Application Data\Skype\Apps\login(2)\images(2)\normal(2)\loader_30fps.gif
[2014.07.24 14:53:16 | 000,009,772 | ---- | M] () -- \Documents and Settings\Owner\Local Settings\Application Data\Skype\Apps\login(2)\images(2)\retina(2)\loader@2x.png
[2014.07.24 14:53:16 | 000,072,638 | ---- | M] () -- \Documents and Settings\Owner\Local Settings\Application Data\Skype\Apps\login\images\loader.gif
[2014.07.24 14:53:16 | 000,003,032 | ---- | M] () -- \Documents and Settings\Owner\Local Settings\Application Data\Skype\Apps\login\images\loader.png
[2014.07.24 14:53:16 | 000,006,012 | ---- | M] () -- \Documents and Settings\Owner\Local Settings\Application Data\Skype\Apps\login\images\normal\loader_15fps.gif
[2014.07.24 14:53:16 | 000,021,956 | ---- | M] () -- \Documents and Settings\Owner\Local Settings\Application Data\Skype\Apps\login\images\normal\loader_30fps.gif
[2014.07.24 14:53:16 | 000,009,772 | ---- | M] () -- \Documents and Settings\Owner\Local Settings\Application Data\Skype\Apps\login\images\retina\loader@2x.png
[2010.03.16 18:05:56 | 000,012,886 | ---- | M] () -- \Program Files\Autodesk\Navisworks Manage 2011\api\nwcreate\examples\loader\loader.cpp
[2010.03.16 18:05:56 | 000,004,687 | ---- | M] () -- \Program Files\Autodesk\Navisworks Manage 2011\api\nwcreate\examples\loader\loader.dsp
[2010.03.16 18:05:56 | 000,000,614 | ---- | M] () -- \Program Files\Autodesk\Navisworks Manage 2011\api\nwcreate\examples\loader\loader.dsw
[2010.03.16 18:05:56 | 000,004,822 | ---- | M] () -- \Program Files\Autodesk\Navisworks Manage 2011\api\nwcreate\examples\loader\loader.mak
[2010.03.16 18:05:56 | 000,000,215 | ---- | M] () -- \Program Files\Autodesk\Navisworks Manage 2011\api\nwcreate\examples\loader\loader.reg
[2010.03.16 18:05:56 | 000,000,360 | ---- | M] () -- \Program Files\Autodesk\Navisworks Manage 2011\api\nwcreate\examples\loader\loader.txt
[2010.03.16 18:43:31 | 000,022,367 | ---- | M] () -- \Program Files\Autodesk\Navisworks Manage 2011\api\nwcreate\include\nwcreate\LiNwcLoader.h
[2014.11.19 10:07:50 | 000,072,480 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader32.exe
[2008.07.06 22:54:22 | 000,003,285 | ---- | M] () -- \Program Files\Avidemux 2.4\etc\gtk-2.0\gdk-pixbuf.loaders
[2008.07.06 22:43:44 | 000,032,048 | ---- | M] () -- \Program Files\Avidemux 2.4\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-ani.dll
[2008.07.06 22:43:36 | 000,029,956 | ---- | M] () -- \Program Files\Avidemux 2.4\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-bmp.dll
[2008.07.06 22:43:40 | 000,044,133 | ---- | M] () -- \Program Files\Avidemux 2.4\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-gif.dll
[2008.07.06 22:43:42 | 000,029,310 | ---- | M] () -- \Program Files\Avidemux 2.4\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-ico.dll
[2008.07.06 22:43:46 | 000,036,182 | ---- | M] () -- \Program Files\Avidemux 2.4\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-jpeg.dll
[2008.07.06 22:43:58 | 000,024,147 | ---- | M] () -- \Program Files\Avidemux 2.4\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-pcx.dll
[2008.07.06 22:43:34 | 000,039,168 | ---- | M] () -- \Program Files\Avidemux 2.4\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-png.dll
[2008.07.06 22:43:48 | 000,026,504 | ---- | M] () -- \Program Files\Avidemux 2.4\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-pnm.dll
[2008.07.06 22:43:50 | 000,021,330 | ---- | M] () -- \Program Files\Avidemux 2.4\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-ras.dll
[2008.07.06 22:43:56 | 000,026,834 | ---- | M] () -- \Program Files\Avidemux 2.4\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-tga.dll
[2008.07.06 22:43:52 | 000,052,104 | ---- | M] () -- \Program Files\Avidemux 2.4\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-tiff.dll
[2008.07.06 22:43:38 | 000,020,871 | ---- | M] () -- \Program Files\Avidemux 2.4\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-wbmp.dll
[2008.07.06 22:43:54 | 000,026,315 | ---- | M] () -- \Program Files\Avidemux 2.4\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-xbm.dll
[2008.07.06 22:43:52 | 000,045,060 | ---- | M] () -- \Program Files\Avidemux 2.4\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-xpm.dll
[2012.09.25 03:39:16 | 000,112,128 | ---- | M] () -- \Program Files\Common Files\Nokia\Tss\ProductApiLoader\ta_productapiloader.dll
[2011.08.05 08:41:08 | 000,005,795 | ---- | M] () -- \Program Files\ICQ7.5\imApp\theme\IMAGES\XtraPreloader\loader.jpg
[2011.08.05 08:41:09 | 000,004,180 | ---- | M] () -- \Program Files\ICQ7.5\imApp\theme\IMAGES\XtraPreloader\zlango-preloader.png
[2011.08.05 08:41:08 | 000,005,520 | ---- | M] () -- \Program Files\ICQ7.5\imApp\theme\MUICoreLib\xtraLoader.swf
[2011.08.05 09:30:18 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.5\Xtraz\icq\content\icq_profile\preloader.html
[2011.08.08 06:09:50 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.5\Xtraz\icq\content\profile_forms\preloader.html
[2011.08.08 06:09:51 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.5\Xtraz\icq\content\profile_lightboxs\preloader.html
[2008.06.11 08:24:58 | 000,003,072 | ---- | M] () -- \Program Files\Nokia\Nokia PC Suite 7\Lang\MapLoader_cze.nlr
[2008.07.14 12:41:28 | 000,114,688 | ---- | M] () -- \Program Files\Nuance\PaperPort\PPOUploader.exe
[2013.05.23 14:13:44 | 000,069,120 | ---- | M] () -- \Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.dll
[2011.04.26 16:44:06 | 000,001,702 | ---- | M] () -- \Program Files\Sony Ericsson\Update Engine\licenses\loaderbinarylegal.txt
[2011.04.26 16:44:18 | 000,001,702 | ---- | M] () -- \Program Files\Sony Ericsson\Update Service\licenses\loaderbinarylegal.txt
[2006.12.04 17:06:06 | 000,044,032 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2006.02.28 13:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2008.10.10 15:43:42 | 000,000,335 | ---- | M] () -- \WINDOWS\Downloaded Program Files\PhotoUploader5.inf
[2008.04.14 04:41:54 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.13 23:01:44 | 000,230,400 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.13 23:01:46 | 000,278,016 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 01:11:52 | 000,035,840 | ---- | M] () -- \WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\dmloader.dll
[2008.04.13 19:31:43 | 000,230,400 | ---- | M] () -- \WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\osloader.exe
[2008.04.13 19:31:44 | 000,278,016 | ---- | M] () -- \WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\osloader.ntd
[2008.04.14 04:41:54 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[1 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2008.04.13 23:10:22 | 000,014,381 | ---- | M] () -- \718b5ef2f371da54c412\i386\grserial.sy_
[2008.04.13 23:45:46 | 000,030,075 | ---- | M] () -- \718b5ef2f371da54c412\i386\serial.sy_
[2007.06.27 17:29:04 | 000,131,072 | ---- | M] () -- \718b5ef2f371da54c412\i386\system.runtime.serialization.formatters.soap.dll
[2005.07.26 22:48:38 | 000,138,752 | ---- | M] () -- \AlfaIns\COMMON\BUSINESS OBJECTS\3.0\BIN\SAXMLSERIALIZE.DLL
[2005.07.26 22:36:42 | 000,212,992 | ---- | M] () -- \AlfaIns\COMMON\BUSINESS OBJECTS\3.0\BIN\SAXSERIALIZE.DLL
[2008.01.04 10:26:00 | 000,133,201 | ---- | M] () -- \AlfaIns1\PROGRAM FILES\COMMON FILES\CRYSTAL DECISIONS\2.0\BIN\SAXMLSERIALIZE.DLL
[2008.01.04 10:26:00 | 000,056,915 | ---- | M] () -- \AlfaIns1\PROGRAM FILES\COMMON FILES\CRYSTAL DECISIONS\2.0\BIN\SAXMLSERIALIZE_RES_EN.DLL
[2008.07.31 07:41:44 | 000,002,502 | ---- | M] () -- \Autodesk\Navisworks Manage 2011\x86\NAVMAN\Autodesk\Navisworks Manage 2011\Common Files Folder\Autodesk Shared\AdLM\R1\cs-CZ\Webdepot\RTSerialNumberHelp.html
[2008.07.31 07:41:44 | 000,002,502 | ---- | M] () -- \Autodesk\Navisworks Manage 2011\x86\NAVMAN\Autodesk\Navisworks Manage 2011\Common Files Folder\Autodesk Shared\AdLM\R1\de-DE\Webdepot\RTSerialNumberHelp.html
[2009.07.06 14:31:46 | 000,002,502 | ---- | M] () -- \Autodesk\Navisworks Manage 2011\x86\NAVMAN\Autodesk\Navisworks Manage 2011\Common Files Folder\Autodesk Shared\AdLM\R1\en-US\Webdepot\RTSerialNumberHelp.html
[2008.07.31 07:41:44 | 000,002,502 | ---- | M] () -- \Autodesk\Navisworks Manage 2011\x86\NAVMAN\Autodesk\Navisworks Manage 2011\Common Files Folder\Autodesk Shared\AdLM\R1\es-ES\Webdepot\RTSerialNumberHelp.html
[2008.08.06 01:22:56 | 000,002,502 | ---- | M] () -- \Autodesk\Navisworks Manage 2011\x86\NAVMAN\Autodesk\Navisworks Manage 2011\Common Files Folder\Autodesk Shared\AdLM\R1\fr-FR\Webdepot\RTSerialNumberHelp.html
[2008.07.31 07:41:44 | 000,002,502 | ---- | M] () -- \Autodesk\Navisworks Manage 2011\x86\NAVMAN\Autodesk\Navisworks Manage 2011\Common Files Folder\Autodesk Shared\AdLM\R1\hu-HU\Webdepot\RTSerialNumberHelp.html
[2008.07.31 07:41:44 | 000,002,502 | ---- | M] () -- \Autodesk\Navisworks Manage 2011\x86\NAVMAN\Autodesk\Navisworks Manage 2011\Common Files Folder\Autodesk Shared\AdLM\R1\it-IT\Webdepot\RTSerialNumberHelp.html
[2008.05.08 09:14:18 | 000,002,502 | ---- | M] () -- \Autodesk\Navisworks Manage 2011\x86\NAVMAN\Autodesk\Navisworks Manage 2011\Common Files Folder\Autodesk Shared\AdLM\R1\ja-JP\Webdepot\RTSerialNumberHelp.html
[2008.07.31 07:41:44 | 000,002,502 | ---- | M] () -- \Autodesk\Navisworks Manage 2011\x86\NAVMAN\Autodesk\Navisworks Manage 2011\Common Files Folder\Autodesk Shared\AdLM\R1\ko-KR\Webdepot\RTSerialNumberHelp.html
[2008.07.31 07:41:44 | 000,002,502 | ---- | M] () -- \Autodesk\Navisworks Manage 2011\x86\NAVMAN\Autodesk\Navisworks Manage 2011\Common Files Folder\Autodesk Shared\AdLM\R1\pl-PL\Webdepot\RTSerialNumberHelp.html
[2008.07.31 07:41:46 | 000,002,502 | ---- | M] () -- \Autodesk\Navisworks Manage 2011\x86\NAVMAN\Autodesk\Navisworks Manage 2011\Common Files Folder\Autodesk Shared\AdLM\R1\pt-BR\Webdepot\RTSerialNumberHelp.html
[2008.07.31 07:41:44 | 000,002,502 | ---- | M] () -- \Autodesk\Navisworks Manage 2011\x86\NAVMAN\Autodesk\Navisworks Manage 2011\Common Files Folder\Autodesk Shared\AdLM\R1\ru-RU\Webdepot\RTSerialNumberHelp.html
[2008.07.31 07:41:44 | 000,002,502 | ---- | M] () -- \Autodesk\Navisworks Manage 2011\x86\NAVMAN\Autodesk\Navisworks Manage 2011\Common Files Folder\Autodesk Shared\AdLM\R1\zh-CN\Webdepot\RTSerialNumberHelp.html
[2008.07.31 07:41:44 | 000,002,502 | ---- | M] () -- \Autodesk\Navisworks Manage 2011\x86\NAVMAN\Autodesk\Navisworks Manage 2011\Common Files Folder\Autodesk Shared\AdLM\R1\zh-TW\Webdepot\RTSerialNumberHelp.html
[2004.08.03 23:15:54 | 000,030,067 | ---- | M] () -- \cmdcons\SERIAL.SY_
[2011.06.06 06:36:17 | 000,057,344 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Sony Ericsson\Update Engine\configuration\org.eclipse.osgi\bundles\7\1\.cp\lib\serialio.dll
[2004.12.18 14:17:00 | 000,000,037 | ---- | M] () -- \Documents and Settings\Owner\My Documents\Ja sukromne\MS Office 2003 CZ Professional\Serial SP1.txt
[2008.04.20 17:22:12 | 000,000,231 | ---- | M] () -- \Documents and Settings\Owner\My Documents\Ja sukromne\stiahnute subory a programz\DVD_X_Studios_CloneDVD_4[1].2.5.0_CZ\DVD X Studios CloneDVD 4.2.5.0 CZ\CD\Clone\CRACK\SERIAL.txt
[2008.04.20 17:22:10 | 000,000,231 | ---- | M] () -- \Documents and Settings\Owner\My Documents\Ja sukromne\stiahnute subory a programz\DVD_X_Studios_CloneDVD_4[1].2.5.0_CZ\DVD X Studios CloneDVD 4.2.5.0 CZ\Clone\CRACK\SERIAL.txt
[2008.07.31 07:41:44 | 000,002,502 | ---- | M] () -- \Program Files\Common Files\Autodesk Shared\AdLM\R1\cs-CZ\Webdepot\RTSerialNumberHelp.html
[2008.07.31 07:41:44 | 000,002,502 | ---- | M] () -- \Program Files\Common Files\Autodesk Shared\AdLM\R1\de-DE\Webdepot\RTSerialNumberHelp.html
[2009.07.06 14:31:46 | 000,002,502 | ---- | M] () -- \Program Files\Common Files\Autodesk Shared\AdLM\R1\en-US\Webdepot\RTSerialNumberHelp.html
[2008.07.31 07:41:44 | 000,002,502 | ---- | M] () -- \Program Files\Common Files\Autodesk Shared\AdLM\R1\es-ES\Webdepot\RTSerialNumberHelp.html
[2008.08.06 01:22:56 | 000,002,502 | ---- | M] () -- \Program Files\Common Files\Autodesk Shared\AdLM\R1\fr-FR\Webdepot\RTSerialNumberHelp.html
[2008.07.31 07:41:44 | 000,002,502 | ---- | M] () -- \Program Files\Common Files\Autodesk Shared\AdLM\R1\hu-HU\Webdepot\RTSerialNumberHelp.html
[2008.07.31 07:41:44 | 000,002,502 | ---- | M] () -- \Program Files\Common Files\Autodesk Shared\AdLM\R1\it-IT\Webdepot\RTSerialNumberHelp.html
[2008.05.08 09:14:18 | 000,002,502 | ---- | M] () -- \Program Files\Common Files\Autodesk Shared\AdLM\R1\ja-JP\Webdepot\RTSerialNumberHelp.html
[2008.07.31 07:41:44 | 000,002,502 | ---- | M] () -- \Program Files\Common Files\Autodesk Shared\AdLM\R1\ko-KR\Webdepot\RTSerialNumberHelp.html
[2008.07.31 07:41:44 | 000,002,502 | ---- | M] () -- \Program Files\Common Files\Autodesk Shared\AdLM\R1\pl-PL\Webdepot\RTSerialNumberHelp.html
[2008.07.31 07:41:46 | 000,002,502 | ---- | M] () -- \Program Files\Common Files\Autodesk Shared\AdLM\R1\pt-BR\Webdepot\RTSerialNumberHelp.html
[2008.07.31 07:41:44 | 000,002,502 | ---- | M] () -- \Program Files\Common Files\Autodesk Shared\AdLM\R1\ru-RU\Webdepot\RTSerialNumberHelp.html
[2008.07.31 07:41:44 | 000,002,502 | ---- | M] () -- \Program Files\Common Files\Autodesk Shared\AdLM\R1\zh-CN\Webdepot\RTSerialNumberHelp.html
[2008.07.31 07:41:44 | 000,002,502 | ---- | M] () -- \Program Files\Common Files\Autodesk Shared\AdLM\R1\zh-TW\Webdepot\RTSerialNumberHelp.html
[2005.07.26 22:48:38 | 000,138,752 | ---- | M] () -- \Program Files\Common Files\business objects\3.0\bin\saxmlserialize.dll
[2005.07.26 22:36:42 | 000,212,992 | ---- | M] () -- \Program Files\Common Files\business objects\3.0\bin\saxserialize.dll
[2014.05.13 22:17:02 | 000,434,368 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.30514.0\System.Runtime.Serialization.dll
[2014.07.28 06:57:33 | 001,164,288 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.30514.0\System.Runtime.Serialization.ni.dll
[2012.09.26 23:12:26 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2011.04.26 16:42:48 | 000,026,761 | ---- | M] () -- \Program Files\Sony Ericsson\Update Engine\plugins\com.serialio.win32.x86_2.10.2.0.jar
[2011.04.26 16:42:48 | 000,049,506 | ---- | M] () -- \Program Files\Sony Ericsson\Update Engine\plugins\com.serialio_2.11.5.6.jar
[2011.04.26 16:44:32 | 000,002,235 | ---- | M] () -- \Program Files\Sony Ericsson\Update Engine\plugins\com.sonyericsson.cs.serialcommunication_2.11.5.6.jar
[2011.04.26 16:42:20 | 000,026,761 | ---- | M] () -- \Program Files\Sony Ericsson\Update Service\plugins\com.serialio.win32.x86_2.10.2.0.jar
[2011.06.23 09:07:26 | 000,049,507 | ---- | M] () -- \Program Files\Sony Ericsson\Update Service\plugins\com.serialio_2.11.6.14.jar
[2011.06.23 09:08:02 | 000,002,237 | ---- | M] () -- \Program Files\Sony Ericsson\Update Service\plugins\com.sonyericsson.cs.serialcommunication_2.11.6.14.jar
[2011.06.06 07:32:42 | 000,057,344 | ---- | M] () -- \Program Files\Sony Ericsson\Update Service\usconfiguration\org.eclipse.osgi\bundles\9\1\.cp\lib\serialio.dll
[2006.02.28 13:00:00 | 000,064,896 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\serial.sys
[2014.07.07 16:59:11 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2014.07.07 16:53:13 | 000,970,752 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.07.08 08:00:04 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\6c29ee2bedfe88dcd66993f1af135ad8\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.07.08 08:01:13 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9860da66bf0219612908e7412b0a6e2e\System.Runtime.Serialization.ni.dll
[2014.10.16 11:11:44 | 000,310,272 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d0ff3383438d688a0118d0fa19ed1dc4\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.10.16 11:11:07 | 002,625,024 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\e9f8a45b1063d6c6a62718c88a5623d1\System.Runtime.Serialization.ni.dll
[2014.10.16 10:55:15 | 000,122,264 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2014.10.16 10:55:10 | 001,026,936 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2008.07.25 10:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2012.09.26 23:12:26 | 000,970,752 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2010.03.18 12:16:28 | 001,026,936 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2010.03.18 12:16:28 | 000,122,264 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2003.08.01 12:54:06 | 000,005,632 | ---- | M] () -- \WINDOWS\mui\FALLBACK\041b\serialui.dll.mui
[2008.04.13 23:10:22 | 000,028,288 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\grserial.sys
[2008.04.13 23:45:46 | 000,064,512 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\serial.sys
[2008.04.13 19:40:21 | 000,028,288 | ---- | M] () -- \WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\grserial.sys
[2008.04.13 20:15:45 | 000,064,512 | ---- | M] () -- \WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\serial.sys
[2006.02.28 13:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2006.02.28 13:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[1 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2006.02.28 13:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dllcache\dpserial.dll
[2006.02.28 13:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\dllcache\serialui.dll
[13 \WINDOWS\system32\dllcache\*.tmp files -> \WINDOWS\system32\dllcache\*.tmp -> ]
[2008.04.13 23:45:46 | 000,064,512 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys

< *w7lxe* /s >

< End of report >

Juraj1973 · #28 Příspěvek od **Juraj1973** » 20 lis 2014 12:17

extras

OTL Extras logfile created on: 20.11.2014 11:12:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000041B | Country: Slovensko | Language: SKY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 60,61% Memory free
3,59 Gb Paging File | 2,53 Gb Available in Paging File | 70,51% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 34,03 Gb Free Space | 22,83% Space Free | Partition Type: NTFS
Drive D: | 667,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: UNI-MONT | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-776561741-1844823847-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"20400:TCP" = 20400:TCP:*:Enabled:KrosPort20400
"20401:TCP" = 20401:TCP:*:Enabled:KrosPort20401
"20402:TCP" = 20402:TCP:*:Enabled:KrosPort20402

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ7.5\ICQ.exe" = C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\3Com\ControlCenter\Instupdt.exe" = C:\Program Files\3Com\ControlCenter\Instupdt.exe:*:Disabled:Instant Update Configuration EXE -- (3Com)
"C:\Program Files\xerox\nwwia\XrxFTPLt.exe" = C:\Program Files\xerox\nwwia\XrxFTPLt.exe:*:Enabled:XrxFTPLt -- ()
"C:\Documents and Settings\Owner\temp\TeamViewer\Version5\TeamViewer.exe" = C:\Documents and Settings\Owner\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer -- (TeamViewer GmbH)
"C:\Program Files\Sony\Media Go\MediaGo.exe" = C:\Program Files\Sony\Media Go\MediaGo.exe:*:Enabled:Media Go -- (Sony Creative Software Inc.)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe" = C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine -- ()
"C:\Program Files\Sony Ericsson\Update Service\Update Service.exe" = C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"C:\Program Files\ICQ7.5\ICQ.exe" = C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
"C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface -- (Akamai Technologies, Inc.)
"C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\DroidCam\DroidCamApp.exe" = C:\Program Files\DroidCam\DroidCamApp.exe:*:Enabled:DroidCam Client -- ()
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Google\Chrome\Application\chrome.exe" = C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\TeamViewer\Version9\TeamViewer.exe" = C:\Program Files\TeamViewer\Version9\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Cobian Backup 11\cbRemoteManager.exe" = C:\Program Files\Cobian Backup 11\cbRemoteManager.exe:*:Enabled:Cobian Backup 11, Gravity, Remote Manager -- (Luis Cobian, CobianSoft)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{059D6814-73F9-480B-B0B2-D6428F1C1F99}" = SolidWorks eDrawings 2010
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0B0D4B37-1D9A-4FB0-A232-61932F92CD21}" = Autodesk Navisworks Manage 2011 (32 bit) 2011 DWG File Reader
"{0C808377-8C23-44ED-9016-05F42E6D4900}" = Nokia Suite
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D9AD604-560C-0000-AAA8-C0043D41F03A}" = Autodesk Navisworks Manage 2011 (32 bit) 2010 DWG File Reader
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{12665B01-3F3A-4433-B179-9D8E352D7547}" = Try Corel Snapfire muvee autoProducer add on
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.21
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{272A0EBC-7824-4850-A69F-7D9B0D73A999}" = ScanSoft PDF Professional 4
"{292E0400-E811-4A08-82D8-1B5C8EF2CEB1}" = ScanSoft PaperPort 11
"{29373274-977E-413C-A4DE-DC0F8E80C429}" = Nokia Connectivity Cable Driver
"{2B8BEBBF-73A0-497D-9900-8474D022AB3F}" = Nokia PC Suite
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.012.00
"{30499511-7C2F-40F7-8BF7-262A87070B40}" = Autodesk Navisworks Manage 2011 (32 bit) 2008 DWG File Reader
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35738946-FE22-0000-8916-2CE9119C21D5}" = Autodesk Navisworks Freedom 2011
"{35738946-FE22-0409-8916-2CE9119C21D5}" = Autodesk Navisworks Freedom 2011 English Language Pack
"{36A52BCF-AC3D-32F1-AD5F-A09769EB8887}" = Google Talk Plugin
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JRAID
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CEBAF73-715A-4AC0-BB14-C9AC6B7D453F}" = Autodesk Navisworks Manage 2011 (32 bit) 2009 DWG File Reader
"{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = MetaTrader - FXOpen 4.00
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{590D814A-91AC-4B21-9F2B-251392CE1672}" = LiveProject
"{6249836D-0AFF-459C-A067-4703AD59F972}" = Windows Live Messenger
"{64D5E9DE-7890-4FB0-8865-8B24BE1773F7}" = LightScribe 1.4.42.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}" = PC Connectivity Solution
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}" = Ad-Aware SE Personal
"{7EC9E7A1-A576-43C8-9CBB-31BD5625EBCA}" = LiveUpdate
"{7FEC54BD-4EFD-45D9-BD30-9079B4AF0C1D}" = Image Retriever 8
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{8543EFA3-2C95-48EB-ABB3-25CB69DAD47F}" = ScanSoft OmniPage 15
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3B5851-5A51-4FF6-A3C8-3422EE2D0109}" = Autodesk Navisworks 2011 2004-6 DWG File Reader Runtimes
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91CA041B-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{92421D86-0034-4004-8BC8-07312EB4995C}" = ALFA 20.30.00
"{9709ACB8-430D-4136-A610-F218E4A33CC5}" = Autodesk Navisworks Manage 2011 (32 bit) 2004 DWG File Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D210D79-AEC5-453B-960C-4DD2C73931E1}" = Bonjour Print Services
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.08) - Czech
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD7D1D0E-B328-4955-87A1-BD5AF49E53CD}" = Autodesk Navisworks Manage 2011 (32 bit) 2005 DWG File Reader
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{C037F379-977E-0000-8901-BE4EA1969492}" = Autodesk Navisworks Manage 2011
"{C037F379-977E-0409-8901-BE4EA1969492}" = Autodesk Navisworks Manage 2011 English Language Pack
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = Canon CanoScan Toolbox 4.9
"{CCDF5D46-65AF-4B67-A205-1B0B4F2F0B65}" = eDrawings for Pro/ENGINEER
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
"{DC466A2E-14A5-454A-B5A4-26CF184E3A86}" = SolidWorks eDrawings 2011
"{DDBE4C11-8D5E-44A2-A342-AF12145E9118}" = Autodesk Navisworks Manage 2011 (32 bit) 2006 DWG File Reader
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E031338C-839D-4EDD-9537-99B653C39D81}" = Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E40F6EE7-A781-4B01-A12A-B777E5BE69CD}" = Autodesk Navisworks Manage 2011 (32 bit) 2007 DWG File Reader
"{EAFA85AA-CCF3-0000-8D4F-4557F945C865}" = Autodesk Navisworks 2011 32 bit Exporter Plug-ins
"{EAFA85AA-CCF3-0409-8D4F-4557F945C865}" = Autodesk Navisworks 2011 32 bit Exporter Plug-ins English Language Pack
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.217
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F21C4C7B-E803-4BEF-8861-C2C63A133ABB}" = WD My Cloud
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"7-Zip" = 7-Zip 4.65
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"Autodesk Express Viewer" = Autodesk Express Viewer
"Autodesk Navisworks 2011 32 bit Exporter Plug-ins" = Autodesk Navisworks 2011 32 bit Exporter Plug-ins
"Autodesk Navisworks Freedom 2011" = Autodesk Navisworks Freedom 2011
"Autodesk Navisworks Manage 2011" = Autodesk Navisworks Manage 2011
"avast" = Avast Free Antivirus
"Avidemux 2.4" = Avidemux 2.4
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
"CCleaner" = CCleaner
"Clownfish" = Clownfish for Skype
"CobBackup11" = Cobian Backup 11 Gravity
"Conexant USB Network" = Conexant USB Network Adapter
"Connections" = 3Com ISDN Connections
"ControlCenter" = ControlCenter
"DrayTek ISDN Tools_is1" = DrayTek ISDN Tools
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
"Elcomm" = Elcomm
"FBackup 4_is1" = FBackup 4
"Google Chrome" = Google Chrome
"Google Chrome Frame" = Google Chrome Frame
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ImgBurn" = ImgBurn
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LTC Project Manager_is1" = LTC Project Manager - Professional Edition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verzia 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 33.1 (x86 sk)" = Mozilla Firefox 33.1 (x86 sk)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"Nokia Suite" = Nokia Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PC Messenger" = PC Messenger
"Pdf995" = Pdf995
"Recuva" = Recuva
"Samsung ML-2250 Series" = Samsung ML-2250 Series
"SopCast" = SopCast 3.8.2
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"ST6UNST #1" = Konfigurácia USB ISDN TA
"TeamViewer 9" = TeamViewer 9
"Update Engine" = Sony Ericsson Update Engine
"Update Service" = Sony Ericsson Update Service
"VLC media player" = VLC media player 1.0.3
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 6.21
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-776561741-1844823847-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 18.11.2014 3:49:51 | Computer Name = UNI-MONT | Source = MsiInstaller | ID = 11706
Description = Product: ScanSoft PaperPort 11 -- Error 1706.No valid source could
be found for product ScanSoft PaperPort 11. The Windows Installer cannot continue.

Error - 18.11.2014 3:50:24 | Computer Name = UNI-MONT | Source = MsiInstaller | ID = 11706
Description = Product: ScanSoft PaperPort 11 -- Error 1706.No valid source could
be found for product ScanSoft PaperPort 11. The Windows Installer cannot continue.

Error - 18.11.2014 3:50:44 | Computer Name = UNI-MONT | Source = MsiInstaller | ID = 11706
Description = Product: ScanSoft PaperPort 11 -- Error 1706.No valid source could
be found for product ScanSoft PaperPort 11. The Windows Installer cannot continue.

Error - 18.11.2014 3:51:13 | Computer Name = UNI-MONT | Source = MsiInstaller | ID = 11706
Description = Produkt: ALFA -- Chyba 1706.Pre produkt ALFA nebolo možné nájsť žiadny
platný zdroj. Inštalátor Windows nemôže pokračovať.

Error - 18.11.2014 3:51:31 | Computer Name = UNI-MONT | Source = MsiInstaller | ID = 11706
Description = Produkt: ALFA -- Chyba 1706.Pre produkt ALFA nebolo možné nájsť žiadny
platný zdroj. Inštalátor Windows nemôže pokračovať.

Error - 18.11.2014 3:55:00 | Computer Name = UNI-MONT | Source = MsiInstaller | ID = 11706
Description = Product: ScanSoft PDF Professional 4 -- Error 1706.No valid source
could be found for product ScanSoft PDF Professional 4. The Windows Installer
cannot continue.

Error - 19.11.2014 4:37:49 | Computer Name = UNI-MONT | Source = crypt32 | ID = 131080
Description = Pri automatickej aktualizácii zlyhalo načítanie poradového čísla zoznamu
základných certifikátov nezávislých vydavateľov z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
s chybou: Nepodarilo sa nadviazať spojenie so serverom

Error - 19.11.2014 4:37:54 | Computer Name = UNI-MONT | Source = crypt32 | ID = 131080
Description = Pri automatickej aktualizácii zlyhalo načítanie poradového čísla zoznamu
základných certifikátov nezávislých vydavateľov z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
s chybou: Nepodarilo sa nadviazať spojenie so serverom

Error - 19.11.2014 7:40:53 | Computer Name = UNI-MONT | Source = crypt32 | ID = 131080
Description = Pri automatickej aktualizácii zlyhalo načítanie poradového čísla zoznamu
základných certifikátov nezávislých vydavateľov z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
s chybou: Nepodarilo sa nadviazať spojenie so serverom

Error - 19.11.2014 7:40:56 | Computer Name = UNI-MONT | Source = crypt32 | ID = 131080
Description = Pri automatickej aktualizácii zlyhalo načítanie poradového čísla zoznamu
základných certifikátov nezávislých vydavateľov z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
s chybou: Nepodarilo sa nadviazať spojenie so serverom

[ System Events ]
Error - 20.11.2014 5:20:09 | Computer Name = UNI-MONT | Source = Service Control Manager | ID = 7034
Description = Služba LightScribeService Direct Disc Labeling Service sa neočakávane
ukončila. Služba sa týmto spôsobom ukončila už 1 krát.

Error - 20.11.2014 5:20:09 | Computer Name = UNI-MONT | Source = Service Control Manager | ID = 7034
Description = Služba ProtexisLicensing sa neočakávane ukončila. Služba sa týmto
spôsobom ukončila už 1 krát.

Error - 20.11.2014 5:20:09 | Computer Name = UNI-MONT | Source = Service Control Manager | ID = 7034
Description = Služba Symantec Core LC sa neočakávane ukončila. Služba sa týmto spôsobom
ukončila už 1 krát.

Error - 20.11.2014 5:20:09 | Computer Name = UNI-MONT | Source = Service Control Manager | ID = 7034
Description = Služba Fax sa neočakávane ukončila. Služba sa týmto spôsobom ukončila
už 1 krát.

Error - 20.11.2014 5:20:09 | Computer Name = UNI-MONT | Source = Service Control Manager | ID = 7034
Description = Služba Cobian Backup 11 Stínová kopie - Requester sa neočakávane ukončila.
Služba sa týmto spôsobom ukončila už 1 krát.

Error - 20.11.2014 5:20:09 | Computer Name = UNI-MONT | Source = Service Control Manager | ID = 7034
Description = Služba Bonjour Service sa neočakávane ukončila. Služba sa týmto spôsobom
ukončila už 1 krát.

Error - 20.11.2014 5:20:09 | Computer Name = UNI-MONT | Source = Service Control Manager | ID = 7034
Description = Služba Sony Ericsson OMSI download service sa neočakávane ukončila.
Služba sa týmto spôsobom ukončila už 1 krát.

Error - 20.11.2014 5:20:09 | Computer Name = UNI-MONT | Source = Service Control Manager | ID = 7034
Description = Služba Print Spooler sa neočakávane ukončila. Služba sa týmto spôsobom
ukončila už 1 krát.

Error - 20.11.2014 5:20:09 | Computer Name = UNI-MONT | Source = Service Control Manager | ID = 7034
Description = Služba Java Quick Starter sa neočakávane ukončila. Služba sa týmto
spôsobom ukončila už 1 krát.

Error - 20.11.2014 5:20:09 | Computer Name = UNI-MONT | Source = Service Control Manager | ID = 7031
Description = Služba TeamViewer 9 sa neočakávane ukončila. Služba sa týmto spôsobom
ukončila už 1 krát. O 2000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať
službu.

< End of report >

Juraj1973 · #29 Příspěvek od **Juraj1973** » 20 lis 2014 12:25

Juraj1973 píše:
[ Application Events ]
Error - 18.11.2014 3:49:51 | Computer Name = UNI-MONT | Source = MsiInstaller | ID = 11706
Description = Product: ScanSoft PaperPort 11 -- Error 1706.No valid source could
be found for product ScanSoft PaperPort 11. The Windows Installer cannot continue.

Error - 18.11.2014 3:50:24 | Computer Name = UNI-MONT | Source = MsiInstaller | ID = 11706
Description = Product: ScanSoft PaperPort 11 -- Error 1706.No valid source could
be found for product ScanSoft PaperPort 11. The Windows Installer cannot continue.

Error - 18.11.2014 3:50:44 | Computer Name = UNI-MONT | Source = MsiInstaller | ID = 11706
Description = Product: ScanSoft PaperPort 11 -- Error 1706.No valid source could
be found for product ScanSoft PaperPort 11. The Windows Installer cannot continue.

Error - 18.11.2014 3:51:13 | Computer Name = UNI-MONT | Source = MsiInstaller | ID = 11706
Description = Produkt: ALFA -- Chyba 1706.Pre produkt ALFA nebolo možné nájsť žiadny
platný zdroj. Inštalátor Windows nemôže pokračovať.

Error - 18.11.2014 3:51:31 | Computer Name = UNI-MONT | Source = MsiInstaller | ID = 11706
Description = Produkt: ALFA -- Chyba 1706.Pre produkt ALFA nebolo možné nájsť žiadny
platný zdroj. Inštalátor Windows nemôže pokračovať.

len tak mimo .. toto mi padlo do oka .. s týmito programami som začínal mať prvé problémy ored tým ako mi to celeé spadlo tie časy (3:51) sú ale úplne mimo v takom čase malo byť PC vypnuté alebo čo to vlastne malo byť ..

#30 Příspěvek od **Márty84** » 20 lis 2014 19:52

Juraj1973 píše:tie časy (3:51) sú ale úplne mimo v takom čase malo byť PC vypnuté

A kdyby to bylo 15:51?

Napiste mi velikost adresare plochy (C:\Documents and Settings\Owner\Desktop)

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne

Znovu spustte OTL
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]

:services
eeCtrl
symlcbrd
JavaQuickStarterService
Symantec Core LC
gupdate
AdobeFlashPlayerUpdateSvc
gupdatem
gusvc

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1844823847-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1844823847-839522115-1003UA.job
C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
C:\Program Files\Malwarebytes' Anti-Malware

:otl
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-21-776561741-1844823847-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-776561741-1844823847-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
O3 - HKU\S-1-5-21-776561741-1844823847-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-776561741-1844823847-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\S-1-5-21-776561741-1844823847-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
[13 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2011.09.19 07:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET(2)
[2011.09.19 07:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ESET
[2008.09.08 15:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICQ Toolbar
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[20 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[3 C:\WINDOWS\msagent\*.tmp files -> C:\WINDOWS\msagent\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[13 C:\WINDOWS\system32\dllcache\*.tmp files -> C:\WINDOWS\system32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\system32\DRVSTORE\*.tmp files -> C:\WINDOWS\system32\DRVSTORE\*.tmp -> ]
[7 C:\WINDOWS\system32\FxsTmp\*.tmp files -> C:\WINDOWS\system32\FxsTmp\*.tmp -> ]
[2011.09.19 08:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

VIRY.CZ

Pomalá plocha

Re: Pomalá plocha

Re: Pomalá plocha

Re: Pomalá plocha

Re: Pomalá plocha

Re: Pomalá plocha

Re: Pomalá plocha

Re: Pomalá plocha

Re: Pomalá plocha

Re: Pomalá plocha

Re: Pomalá plocha

Re: Pomalá plocha

Re: Pomalá plocha

Re: Pomalá plocha

Re: Pomalá plocha

Re: Pomalá plocha