VIRY.CZ

ComboFix 11-07-19.02 - Verca 19.07.2011 16:52:10.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1250.420.1029.18.1013.404 [GMT 2:00]
Spuštěný z: c:\users\Verca\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\s.bat
c:\windows\sysdriver32_.exe
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
-------\Service_srvbtcclient
-------\Service_srvbtcclient
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-19 do 2011-07-19 )))))))))))))))))))))))))))))))
.
.
2011-07-19 15:03 . 2011-07-19 15:05 -------- d-----w- c:\users\Verca\AppData\Local\temp
2011-07-19 15:03 . 2011-07-19 15:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-18 19:38 . 2011-07-18 19:38 -------- d-----w- c:\windows\rpcminer
2011-07-18 19:38 . 2011-07-18 19:38 -------- d-----w- c:\windows\ufa
2011-07-18 19:38 . 2011-07-18 19:38 -------- d-----w- c:\windows\phoenix
2011-07-18 19:38 . 2011-07-18 19:39 246272 ----a-w- c:\windows\unrar.exe
2011-07-18 19:32 . 2011-07-18 19:32 110592 ----a-w- c:\windows\l1rezerv.exe
2011-07-18 19:32 . 2011-07-18 19:31 114176 ----a-w- c:\windows\systemup.exe
2011-07-18 19:30 . 2011-07-18 19:29 232960 ----a-w- c:\windows\sysdriver32.exe
2011-07-18 19:29 . 2011-07-18 19:29 -------- d-----w- c:\windows\av_ico
2011-07-18 19:28 . 2011-07-18 19:28 -------- d--h--w- c:\windows\update.tray-14-0
2011-07-18 19:28 . 2011-07-18 19:28 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-07-18 19:15 . 2011-07-18 19:15 1150976 ----a-w- c:\windows\services32.exe
2011-07-18 01:52 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F625922F-BD6B-40A1-8745-E74CFEB50701}\mpengine.dll
2011-07-13 21:45 . 2011-07-19 14:39 -------- d-----w- c:\users\Verca\AppData\Roaming\skypePM
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 15:55 . 2011-03-30 19:24 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wxpdrv"="c:\windows\services32.exe" [2011-07-18 1150976]
"tray_ico0"="c:\windows\update.tray-14-0\svchost.exe" [2011-07-18 1150976]
"systemup"="c:\windows\systemup.exe" [2011-07-18 114176]
"sysdriver32.exe"="c:\windows\sysdriver32.exe" [2011-07-18 232960]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-25 1594664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-05-18 9210400]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-05-18 1407520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-26 150552]
"l1rezerv.exe"="c:\windows\l1rezerv.exe" [2011-07-18 110592]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-26 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-26 173592]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-10-23 4114288]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-10-23 5064560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R1 MpKsl07dc30ca;MpKsl07dc30ca;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2492F215-05D8-4F20-9B2E-2495FCC62DCF}\MpKsl07dc30ca.sys [x]
R1 MpKsl10db4f34;MpKsl10db4f34;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7193C014-69C6-413F-8AE5-317A3DB8AB4C}\MpKsl10db4f34.sys [x]
R1 MpKsl12fa8cdb;MpKsl12fa8cdb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12F3B358-1654-49B4-AE40-122BE49B0D14}\MpKsl12fa8cdb.sys [x]
R1 MpKsl4f3b5414;MpKsl4f3b5414;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{97C50BFA-AD95-40A1-AEA8-566642C75592}\MpKsl4f3b5414.sys [x]
R1 MpKsl50962797;MpKsl50962797;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F43F15E-9FDA-4D15-BD7B-366727839371}\MpKsl50962797.sys [x]
R1 MpKsl5e9af7ce;MpKsl5e9af7ce;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6FF6FF77-806D-44AE-B36B-442F6A8E805A}\MpKsl5e9af7ce.sys [x]
R1 MpKsl69ea3cbe;MpKsl69ea3cbe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12F3B358-1654-49B4-AE40-122BE49B0D14}\MpKsl69ea3cbe.sys [x]
R1 MpKsl77937ed4;MpKsl77937ed4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCA1CB86-3C5A-4737-9792-657330EB48C2}\MpKsl77937ed4.sys [x]
R1 MpKsl7e950b58;MpKsl7e950b58;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DC1E5FEC-AE3F-4364-A98E-638B3329646F}\MpKsl7e950b58.sys [x]
R1 MpKsl84299830;MpKsl84299830;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{500759A8-8568-4734-A6B8-4CC151606F4F}\MpKsl84299830.sys [x]
R1 MpKsl8c7bd594;MpKsl8c7bd594;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2492F215-05D8-4F20-9B2E-2495FCC62DCF}\MpKsl8c7bd594.sys [x]
R1 MpKsl8e01eb4f;MpKsl8e01eb4f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{192DCA2F-D25F-42EF-94CC-9AB0C1A8262C}\MpKsl8e01eb4f.sys [x]
R1 MpKsl93aa603a;MpKsl93aa603a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7193C014-69C6-413F-8AE5-317A3DB8AB4C}\MpKsl93aa603a.sys [x]
R1 MpKsla13337fb;MpKsla13337fb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1BADE80C-5605-439F-A218-109C789A4999}\MpKsla13337fb.sys [x]
R1 MpKslacef811d;MpKslacef811d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7193C014-69C6-413F-8AE5-317A3DB8AB4C}\MpKslacef811d.sys [x]
R1 MpKslb5367677;MpKslb5367677;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBA70791-AA51-43D6-9DE4-7D62DB23A855}\MpKslb5367677.sys [x]
R1 MpKslb88c8e82;MpKslb88c8e82;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E40512C9-FF73-42F3-AA7D-3B0CCAEFF5C8}\MpKslb88c8e82.sys [x]
R1 MpKsld7da30c8;MpKsld7da30c8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C5A3C5D3-1AF6-4560-8B21-E64585A71AF8}\MpKsld7da30c8.sys [x]
R1 MpKslec217711;MpKslec217711;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E5BCCB0-B39C-47A2-B4D9-66A5AF4613A8}\MpKslec217711.sys [x]
R1 MpKslf114191e;MpKslf114191e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{49C5510C-4589-4268-9FDB-1BB7D7360D62}\MpKslf114191e.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-30 175104]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-05 218176]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\qstart.sys\config\DVMExportService.exe [2009-12-29 331776]
S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2010-03-09 8192]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-20 189440]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.60.89 88.146.180.2
FF - ProfilePath - c:\users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Seznam liĹˇtiÄŤka: {ea614400-e918-4741-9a97-7a972ff7c30b} - %profile%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-VeriFaceManager - c:\program files\Lenovo\VeriFace\PManage.exe
HKLM-Run-sysdriver32_.exe - c:\windows\sysdriver32_.exe
HKLM-Run-MSC - c:\program files\Microsoft Security Client\msseces.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-Microsoft Security Client - c:\program files\Microsoft Security Client\Setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\KMService.exe
c:\windows\system32\conhost.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2011-07-19 17:11:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-19 15:11
.
Před spuštěním: Volných bajtů: 65 321 062 400
Po spuštění: Volných bajtů: 64 978 849 792
.
- - End Of File - - 92372A2C4DD6106C6FDA0DCA95172C68

Zdravím

Kdo Vám poradil použít comboFix? Vy s ním umíte pracovat?

Já dělam dost s počitačema ale s takhle zákeřnejma virama moc zkušeností nemam tak jsem si tady čet na forum návody jak ho dostat z počítače. Našel jsem si podobnej případ a udělal jsem to přesně podle toho. Ted tam asi budu muset dát ještě nějakej script ne ?? v počítači nefungujou žádný programy.

ComboFix se nedoporučuje používat bez dozoru zkušené osoby a většinou kontroly logu z jiného detekčního programu, případně spuštění CF s příslušným parametrem. Rádce ví, jak případné legitimní smazané soubory obnovit, zná příkazy, dokáže se orientovat v logu atp. Nejde jen o problém restartování PC v případě, když vir smaže knihovnu hal.dll, ale o nespočet dalších věcí, které často nelze ani předpovídat.

Obrázek

Pokud nemáte, přesuňte Combofix na plochu

Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

KillAll::

Driver::
MpKsl07dc30ca
MpKsl10db4f34
MpKsl12fa8cdb
MpKsl4f3b5414
MpKsl50962797
MpKsl5e9af7ce
MpKsl69ea3cbe
MpKsl77937ed4
MpKsl7e950b58
MpKsl84299830
MpKsl8c7bd594
MpKsl8e01eb4f
MpKsl93aa603a
MpKsla13337fb
MpKslacef811d
MpKslb5367677
MpKslb88c8e82
MpKsld7da30c8
MpKslec217711
MpKslf114191e
KMService
NisSrv
NisDrv

File::
c:\windows\unrar.exe
c:\windows\l1rezerv.exe
c:\windows\systemup.exe
c:\windows\sysdriver32.exe
c:\windows\services32.exe
c:\windows\system32\srvany.exe
c:\windows\system32\DRIVERS\NisDrvWFP.sys
c:\windows\KMService.exe

Folder::
c:\users\Verca\AppData\Local\temp
c:\users\Default\AppData\Local\temp
c:\windows\rpcminer
c:\windows\ufa
c:\windows\phoenix
c:\windows\av_ico
c:\windows\update.tray-14-0
c:\windows\update.tray-14-0-lnk
c:\program files\Microsoft Security Client
c:\programdata\Microsoft\Microsoft Antimalware

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wxpdrv"=-
"tray_ico0"=-
"systemup"=-
"sysdriver32.exe"=-
"l1rezerv.exe"=-

Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Vše proběhlo OK. Budu pokračovat zítra ted musim do práce na noční tady je log :

ComboFix 11-07-19.02 - Verca 19.07.2011 19:35:20.2.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1250.420.1029.18.1013.350 [GMT 2:00]
Spuštěný z: c:\users\Verca\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Verca\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\KMService.exe"
"c:\windows\l1rezerv.exe"
"c:\windows\services32.exe"
"c:\windows\sysdriver32.exe"
"c:\windows\system32\DRIVERS\NisDrvWFP.sys"
"c:\windows\system32\srvany.exe"
"c:\windows\systemup.exe"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Microsoft Antimalware
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B862AB34-E9E4-4E9C-B489-BC1A1E963533}\gapaengine.dll
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B862AB34-E9E4-4E9C-B489-BC1A1E963533}\nisbase.vdm
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B862AB34-E9E4-4E9C-B489-BC1A1E963533}\nisfull.vdm
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F625922F-BD6B-40A1-8745-E74CFEB50701}\mpasbase.vdm
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F625922F-BD6B-40A1-8745-E74CFEB50701}\mpasdlta.vdm
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F625922F-BD6B-40A1-8745-E74CFEB50701}\mpavbase.vdm
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F625922F-BD6B-40A1-8745-E74CFEB50701}\mpavdlta.vdm
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F625922F-BD6B-40A1-8745-E74CFEB50701}\mpengine.dll
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpasbase.vdm
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpasdlta.vdm
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpavbase.vdm
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpavdlta.vdm
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\nisbase.vdm
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\nisfull.vdm
c:\programdata\Microsoft\Microsoft Antimalware\Network Inspection System\Support\NisLog.txt
c:\programdata\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-0.bin
c:\programdata\Microsoft\Microsoft Antimalware\Scans\History\Results\Quick\{5BF12F85-4A8A-4C76-B4A2-AAFFBA153AD1}
c:\programdata\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{05FAF955-897E-43AA-98E1-903F51B07D9E}
c:\programdata\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{E7C1CF5B-703C-4C7A-93EC-8C0E50EEDD4F}
c:\programdata\Microsoft\Microsoft Antimalware\Scans\History\Service\Detections.log
c:\programdata\Microsoft\Microsoft Antimalware\Scans\History\Service\History.Log
c:\programdata\Microsoft\Microsoft Antimalware\Scans\History\Service\Unknown.Log
c:\programdata\Microsoft\Microsoft Antimalware\Scans\mpcache-449B46BD1EB018F6FF8A7E9CBBD2DBF846B56687.bin
c:\programdata\Microsoft\Microsoft Antimalware\Scans\mpcache-449B46BD1EB018F6FF8A7E9CBBD2DBF846B56687.bin.67
c:\programdata\Microsoft\Microsoft Antimalware\Scans\mpcache-449B46BD1EB018F6FF8A7E9CBBD2DBF846B56687.bin.87
c:\programdata\Microsoft\Microsoft Antimalware\Scans\MpDiag.bin
c:\programdata\Microsoft\Microsoft Antimalware\Support\MpCacheStats.log
c:\programdata\Microsoft\Microsoft Antimalware\Support\MPDetection-05012011-023034.log
c:\programdata\Microsoft\Microsoft Antimalware\Support\MPDetection-05312011-085409.log
c:\programdata\Microsoft\Microsoft Antimalware\Support\MPDetection-06302011-134558.log
c:\programdata\Microsoft\Microsoft Antimalware\Support\MPLog-03092010-053547.log
c:\programdata\Microsoft\Microsoft Antimalware\Support\MpWppTracing-07022011-154305-00000003-ffffffff.bin
c:\programdata\Microsoft\Microsoft Antimalware\Support\MpWppTracing-07052011-235047-00000003-ffffffff.bin
c:\programdata\Microsoft\Microsoft Antimalware\Support\MpWppTracing-07102011-223954-00000003-ffffffff.bin
c:\programdata\Microsoft\Microsoft Antimalware\Support\MpWppTracing-07142011-145459-00000003-ffffffff.bin
c:\programdata\Microsoft\Microsoft Antimalware\Support\MpWppTracing-07152011-000033-00000003-ffffffff.bin
c:\programdata\Microsoft\Microsoft Antimalware\Support\MpWppTracing-07152011-115412-00000003-ffffffff.bin
c:\programdata\Microsoft\Microsoft Antimalware\Support\MpWppTracing-07152011-214003-00000003-ffffffff.bin
c:\programdata\Microsoft\Microsoft Antimalware\Support\MpWppTracing-07172011-004303-00000003-ffffffff.bin
c:\programdata\Microsoft\Microsoft Antimalware\Support\MpWppTracing-07172011-204743-00000003-ffffffff.bin
c:\programdata\Microsoft\Microsoft Antimalware\Support\MpWppTracing-07182011-034110-00000003-ffffffff.bin
c:\programdata\Microsoft\Microsoft Antimalware\Support\MpWppTracing-07182011-210227-00000003-ffffffff.bin
c:\programdata\Microsoft\Microsoft Antimalware\Support\MpWppTracing-07182011-212706-00000003-ffffffff.bin
c:\programdata\Microsoft\Microsoft Antimalware\Support\MpWppTracing-07182011-212914-00000003-ffffffff.bin
c:\programdata\Microsoft\Microsoft Antimalware\Support\MpWppTracing-07182011-213504-00000003-ffffffff.bin
c:\users\Default\AppData\Local\temp
c:\users\Verca\AppData\Local\temp
c:\users\Verca\AppData\Local\temp\catchme.dll
c:\users\Verca\AppData\Local\temp\FXSAPIDebugLogFile.txt
c:\windows\av_ico
c:\windows\av_ico\ico_Essentials_start.ico
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\rpcminer
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\update.tray-14-0-lnk
c:\windows\update.tray-14-0-lnk\svchost.exe
c:\windows\update.tray-14-0
c:\windows\update.tray-14-0\svchost.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MPKSL07DC30CA
-------\Legacy_MPKSL10DB4F34
-------\Legacy_MPKSL12FA8CDB
-------\Legacy_MPKSL4F3B5414
-------\Legacy_MPKSL50962797
-------\Legacy_MPKSL5E9AF7CE
-------\Legacy_MPKSL69EA3CBE
-------\Legacy_MPKSL77937ED4
-------\Legacy_MPKSL7E950B58
-------\Legacy_MPKSL84299830
-------\Legacy_MPKSL8C7BD594
-------\Legacy_MPKSL8E01EB4F
-------\Legacy_MPKSL93AA603A
-------\Legacy_MPKSLA13337FB
-------\Legacy_MPKSLACEF811D
-------\Legacy_MPKSLB5367677
-------\Legacy_MPKSLB88C8E82
-------\Legacy_MPKSLD7DA30C8
-------\Legacy_MPKSLEC217711
-------\Legacy_MPKSLF114191E
-------\Legacy_NISDRV
-------\Service_KMService
-------\Service_MpKsl07dc30ca
-------\Service_MpKsl10db4f34
-------\Service_MpKsl12fa8cdb
-------\Service_MpKsl4f3b5414
-------\Service_MpKsl50962797
-------\Service_MpKsl5e9af7ce
-------\Service_MpKsl69ea3cbe
-------\Service_MpKsl77937ed4
-------\Service_MpKsl7e950b58
-------\Service_MpKsl84299830
-------\Service_MpKsl8c7bd594
-------\Service_MpKsl8e01eb4f
-------\Service_MpKsl93aa603a
-------\Service_MpKsla13337fb
-------\Service_MpKslacef811d
-------\Service_MpKslb5367677
-------\Service_MpKslb88c8e82
-------\Service_MpKsld7da30c8
-------\Service_MpKslec217711
-------\Service_MpKslf114191e
-------\Service_NisDrv
-------\Service_NisSrv
-------\Service_MsMpSvc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-19 do 2011-07-19 )))))))))))))))))))))))))))))))
.
.
2011-07-19 17:48 . 2011-07-19 17:49 -------- d-----w- c:\users\Verca\AppData\Local\Temp
2011-07-18 19:38 . 2011-07-19 17:35 246272 ----a-w- c:\windows\unrar.exe
2011-07-18 19:32 . 2011-07-19 17:35 110592 ----a-w- c:\windows\l1rezerv.exe
2011-07-18 19:32 . 2011-07-19 17:35 114176 ----a-w- c:\windows\systemup.exe
2011-07-18 19:30 . 2011-07-19 17:35 232960 ----a-w- c:\windows\sysdriver32.exe
2011-07-18 19:15 . 2011-07-19 17:35 1150976 ----a-w- c:\windows\services32.exe
2011-07-13 21:45 . 2011-07-19 14:39 -------- d-----w- c:\users\Verca\AppData\Roaming\skypePM
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-19 17:35 . 2010-10-24 20:25 54144 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-25 1594664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-05-18 9210400]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-05-18 1407520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-26 150552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-26 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-26 173592]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-10-23 4114288]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-10-23 5064560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]
R3 CFcatchme;CFcatchme;c:\users\Verca\AppData\Local\Temp\CFcatchme.sys [x]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-30 175104]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-05 218176]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\qstart.sys\config\DVMExportService.exe [2009-12-29 331776]
S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-20 189440]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.60.89 88.146.180.2
FF - ProfilePath - c:\users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Seznam liĹˇtiÄŤka: {ea614400-e918-4741-9a97-7a972ff7c30b} - %profile%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-MsMpSvc
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2011-07-19 19:55:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-19 17:55
ComboFix2.txt 2011-07-19 15:12
.
Před spuštěním: Volných bajtů: 65 038 721 024
Po spuštění: Volných bajtů: 64 946 176 000
.
- - End Of File - - 2DEB567E115F2471DF27670C9CB9BB9C

Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu

Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

/md5start
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
hal.dll
logevent.dll
netlogon.dll
ntelogon.dll
scecli.dll
sceclt.dll
ws2_32.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
cdrom.sys 
Changer.sys
fastfat.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys 
JakNDis.sys
KR10N.sys
mv61xx.sys
ndis.sys
ntfs.sys
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys 
nvrd32.sys 
nvstor.sys
nvstor32.sys
symmpi.sys
tcpip.sys
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
/md5stop

C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X 
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav 
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe


HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

Označte položku Pro všechny uživatele.
Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Klikněte na tlačítko Prohledat
Po dokončení, sem vložte logy OTL.Txt a Extras.txt

OTL logfile created on: 7/20/2011 1:30:43 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Verca\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1013.42 Mb Total Physical Memory | 498.02 Mb Available Physical Memory | 49.14% Memory free
1.99 Gb Paging File | 1.28 Gb Available in Paging File | 64.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 187.67 Gb Total Space | 60.59 Gb Free Space | 32.29% Space Free | Partition Type: NTFS
Drive D: | 30.27 Gb Total Space | 28.89 Gb Free Space | 95.46% Space Free | Partition Type: NTFS

Computer Name: VERCA-PC | User Name: Verca | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/20 13:09:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Verca\Desktop\OTL.exe
PRC - [2011/01/05 11:09:52 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/07/25 13:37:55 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/05/18 12:04:06 | 001,407,520 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2009/12/29 11:39:22 | 000,331,776 | -H-- | M] (DeviceVM, Inc.) -- C:\QSTART.SYS\config\DVMExportService.exe
PRC - [2009/10/23 04:17:10 | 004,114,288 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2009/10/23 04:16:26 | 005,064,560 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2009/07/14 16:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IgrsSvcs.exe
PRC - [2009/07/14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/06/04 21:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (SafeList) ==========

MOD - [2011/07/20 13:09:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Verca\Desktop\OTL.exe
MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/12/29 11:39:22 | 000,331,776 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\QSTART.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/09/22 20:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV - [2009/08/14 16:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV - [2009/07/14 16:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\System32\IgrsSvcs.exe -- (ReadyComm.DirectRouter)
SRV - [2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\IgrsSvcs.exe -- (PS_MDP)
SRV - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

========== Driver Services (SafeList) ==========

DRV - [2011/04/05 17:29:35 | 000,218,176 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/01/29 11:18:20 | 001,313,776 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2009/09/30 03:59:12 | 000,175,104 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/28 23:09:36 | 000,063,240 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdbridge.sys -- (Bridge0)
DRV - [2009/07/21 23:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009/07/16 14:37:14 | 000,011,792 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/07/14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2009/05/19 15:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008/08/06 14:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2476508261-4095849176-3837510243-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-2476508261-4095849176-3837510243-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz"
FF - prefs.js..extensions.enabledItems: {ea614400-e918-4741-9a97-7a972ff7c30b}:2.1.14
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dllintenance-timer", 1310929418); File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/18 21:30:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/18 21:30:38 | 000,000,000 | ---D | M]

[2011/03/31 22:23:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Verca\AppData\Roaming\Mozilla\Extensions
[2011/07/18 21:13:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\extensions
[2010/03/30 19:11:50 | 000,000,000 | ---D | M] (Seznam liĹˇtiÄŤka) -- C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2011/03/31 22:23:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/20 01:02:21 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011/03/20 01:02:21 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2011/03/20 01:02:21 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2011/03/20 01:02:21 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011/03/20 01:02:21 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2011/07/19 19:49:06 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-2476508261-4095849176-3837510243-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2476508261-4095849176-3837510243-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2476508261-4095849176-3837510243-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.60.89 88.146.180.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\windows\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\windows\System32\yv12vfw.dll (www.helixcommunity.org)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011/07/20 13:28:24 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Verca\Desktop\OTL.exe
[2011/07/19 19:53:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/07/19 19:48:49 | 000,000,000 | ---D | C] -- C:\Users\Verca\AppData\Local\Temp
[2011/07/19 17:03:03 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/07/19 16:50:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/07/19 16:50:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/07/19 16:50:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/07/19 16:50:15 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/07/19 16:50:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/19 16:43:52 | 004,157,619 | R--- | C] (Swearware) -- C:\Users\Verca\Desktop\ComboFix.exe
[2011/07/13 23:45:08 | 000,000,000 | ---D | C] -- C:\Users\Verca\AppData\Roaming\skypePM
[2011/06/30 13:46:45 | 000,000,000 | ---D | C] -- C:\Users\Verca\Desktop\Chorvatsko 17.-30.6.2011

========== Files - Modified Within 30 Days ==========

[2011/07/20 13:31:55 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/07/20 13:19:15 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2011/07/20 13:16:34 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/20 13:16:34 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/20 13:09:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Verca\Desktop\OTL.exe
[2011/07/20 13:08:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/07/20 13:08:46 | 796,987,392 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/19 19:49:06 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2011/07/19 19:35:16 | 000,246,272 | ---- | M] () -- C:\windows\unrar.exe
[2011/07/19 19:35:15 | 000,114,176 | ---- | M] () -- C:\windows\systemup.exe
[2011/07/19 19:35:14 | 000,008,192 | ---- | M] () -- C:\windows\System32\srvany.exe
[2011/07/19 19:35:13 | 000,054,144 | ---- | M] () -- C:\windows\System32\drivers\NisDrvWFP.sys
[2011/07/19 19:35:11 | 001,150,976 | ---- | M] () -- C:\windows\services32.exe
[2011/07/19 19:35:11 | 000,232,960 | ---- | M] () -- C:\windows\sysdriver32.exe
[2011/07/19 19:35:09 | 000,110,592 | ---- | M] () -- C:\windows\l1rezerv.exe
[2011/07/19 19:35:08 | 000,151,552 | ---- | M] () -- C:\windows\KMService.exe
[2011/07/19 19:27:36 | 000,001,911 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2011/07/19 16:44:48 | 000,633,392 | ---- | M] () -- C:\windows\System32\perfh005.dat
[2011/07/19 16:44:48 | 000,618,108 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/07/19 16:44:48 | 000,122,914 | ---- | M] () -- C:\windows\System32\perfc005.dat
[2011/07/19 16:44:48 | 000,107,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/07/19 16:42:40 | 004,157,619 | R--- | M] (Swearware) -- C:\Users\Verca\Desktop\ComboFix.exe
[2011/07/19 11:35:22 | 001,008,041 | ---- | M] () -- C:\Users\Verca\Desktop\rkill.exe
[2011/07/19 11:32:07 | 000,294,400 | ---- | M] () -- C:\Users\Verca\Desktop\exeHelper.com
[2011/07/19 10:58:44 | 000,000,734 | ---- | M] () -- C:\windows\System32\drivers\etc\hîsts
[2011/07/18 21:39:29 | 000,904,792 | ---- | M] () -- C:\windows\geoiplist.rar
[2011/07/18 21:38:06 | 005,589,370 | ---- | M] () -- C:\windows\phoenix.rar
[2011/07/18 21:38:06 | 001,075,284 | ---- | M] () -- C:\windows\rpcminer.rar
[2011/07/18 21:38:06 | 000,182,617 | ---- | M] () -- C:\windows\ufa.rar
[2011/07/18 21:32:31 | 000,000,179 | ---- | M] () -- C:\windows\info1
[2011/07/18 21:30:17 | 000,000,000 | ---- | M] () -- C:\windows\loader2.exe_ok
[2011/07/17 03:24:20 | 004,636,907 | ---- | M] () -- C:\windows\geoiplist
[2011/07/15 09:02:56 | 000,281,544 | ---- | M] () -- C:\Users\Verca\Desktop\adelka.jpg
[2011/07/14 14:56:22 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2011/06/26 08:45:56 | 000,256,000 | ---- | M] () -- C:\windows\PEV.exe

========== Files Created - No Company Name ==========

[2011/07/20 13:31:55 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/07/19 16:50:24 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/07/19 16:50:24 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/07/19 16:50:24 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/07/19 16:50:24 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/07/19 16:50:24 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/07/19 11:36:03 | 001,008,041 | ---- | C] () -- C:\Users\Verca\Desktop\rkill.exe
[2011/07/19 11:33:48 | 000,294,400 | ---- | C] () -- C:\Users\Verca\Desktop\exeHelper.com
[2011/07/18 21:39:31 | 004,636,907 | ---- | C] () -- C:\windows\geoiplist
[2011/07/18 21:39:29 | 000,904,792 | ---- | C] () -- C:\windows\geoiplist.rar
[2011/07/18 21:38:06 | 005,589,370 | ---- | C] () -- C:\windows\phoenix.rar
[2011/07/18 21:38:06 | 001,075,284 | ---- | C] () -- C:\windows\rpcminer.rar
[2011/07/18 21:38:06 | 000,246,272 | ---- | C] () -- C:\windows\unrar.exe
[2011/07/18 21:38:06 | 000,182,617 | ---- | C] () -- C:\windows\ufa.rar
[2011/07/18 21:32:19 | 000,110,592 | ---- | C] () -- C:\windows\l1rezerv.exe
[2011/07/18 21:32:06 | 000,114,176 | ---- | C] () -- C:\windows\systemup.exe
[2011/07/18 21:30:17 | 000,000,000 | ---- | C] () -- C:\windows\loader2.exe_ok
[2011/07/18 21:30:12 | 000,000,179 | ---- | C] () -- C:\windows\info1
[2011/07/18 21:30:01 | 000,232,960 | ---- | C] () -- C:\windows\sysdriver32.exe
[2011/07/18 21:29:53 | 000,001,911 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2011/07/18 21:15:58 | 001,150,976 | ---- | C] () -- C:\windows\services32.exe
[2011/07/15 09:02:49 | 000,281,544 | ---- | C] () -- C:\Users\Verca\Desktop\adelka.jpg
[2011/07/14 14:56:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/06 08:01:07 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini
[2011/04/06 08:00:57 | 000,810,496 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2011/04/06 08:00:57 | 000,183,808 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2011/04/06 08:00:55 | 000,080,896 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2010/10/24 22:25:38 | 000,054,144 | ---- | C] () -- C:\windows\System32\drivers\NisDrvWFP.sys
[2010/07/25 13:19:11 | 000,633,392 | ---- | C] () -- C:\windows\System32\perfh005.dat
[2010/07/25 13:19:11 | 000,292,004 | ---- | C] () -- C:\windows\System32\perfi005.dat
[2010/07/25 13:19:11 | 000,122,914 | ---- | C] () -- C:\windows\System32\perfc005.dat
[2010/07/25 13:19:11 | 000,036,232 | ---- | C] () -- C:\windows\System32\perfd005.dat
[2010/07/25 06:51:00 | 000,016,648 | R--- | C] () -- C:\windows\System32\LogAPI.dll
[2010/07/25 06:46:13 | 001,410,400 | ---- | C] () -- C:\windows\System32\IcnOvrly.dll
[2010/07/25 06:46:13 | 000,513,376 | ---- | C] () -- C:\windows\System32\SimpleExt.dll
[2010/07/25 06:46:12 | 002,110,816 | ---- | C] () -- C:\windows\System32\Apblend.dll
[2010/07/25 06:46:12 | 001,171,456 | ---- | C] () -- C:\windows\System32\PicNotify.dll
[2010/07/25 06:46:12 | 000,660,832 | ---- | C] () -- C:\windows\System32\EncIcons.dll
[2010/07/25 06:45:53 | 001,044,480 | ---- | C] () -- C:\windows\System32\3DImageRenderer.dll
[2010/07/25 06:10:47 | 000,015,190 | ---- | C] () -- C:\windows\M3000Twn.ini
[2010/07/25 06:09:24 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2010/03/09 07:19:25 | 000,151,552 | ---- | C] () -- C:\windows\KMService.exe
[2010/03/09 07:19:25 | 000,008,192 | ---- | C] () -- C:\windows\System32\srvany.exe
[2010/03/09 04:42:58 | 000,165,376 | ---- | C] () -- C:\windows\System32\unrar.dll
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 06:33:53 | 000,447,256 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,618,108 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,107,388 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/14 00:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/14 00:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/14 00:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/14 00:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2008/10/28 16:14:10 | 000,362,029 | ---- | C] () -- C:\windows\System32\sqlite3.dll

========== LOP Check ==========

[2011/04/05 17:31:02 | 000,000,000 | ---D | M] -- C:\Users\Verca\AppData\Roaming\DAEMON Tools Lite
[2011/04/05 17:22:15 | 000,000,000 | ---D | M] -- C:\Users\Verca\AppData\Roaming\GHISLER
[2010/03/09 06:47:29 | 000,000,000 | ---D | M] -- C:\Users\Verca\AppData\Roaming\OpenOffice.org
[2011/04/05 17:14:20 | 000,000,000 | ---D | M] -- C:\Users\Verca\AppData\Roaming\XnView
[2011/04/05 17:27:33 | 000,000,000 | ---D | M] -- C:\Users\Verca\AppData\Roaming\Zoner
[2011/06/30 00:34:47 | 000,032,588 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2011/01/26 17:05:34 | 015,026,056 | R--- | M] (Skype Technologies S.A.)
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun -- [2011/01/05 11:09:52 | 001,305,408 | ---- | M] (DT Soft Ltd)

< >

< MD5 for: AGP440.SYS >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe

< MD5 for: CDROM.SYS >
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009/07/14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\ERDNT\cache\cryptsvc.dll
[2009/07/14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\System32\cryptsvc.dll
[2009/07/14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: CSRSS.EXE >
[2009/07/14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe
[2009/07/14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe

< MD5 for: EXPLORER.EXE >
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2010/07/25 13:37:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\ERDNT\cache\explorer.exe
[2010/07/25 13:37:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2010/07/25 13:37:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010/07/25 13:32:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010/07/25 13:32:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2010/07/25 13:37:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: FASTFAT.SYS >
[2009/07/14 01:14:02 | 000,148,480 | ---- | M] (Microsoft Corporation) MD5=7E0AB74553476622FB6AE36F73D97D35 -- C:\Windows\System32\drivers\fastfat.sys
[2009/07/14 01:14:02 | 000,148,480 | ---- | M] (Microsoft Corporation) MD5=7E0AB74553476622FB6AE36F73D97D35 -- C:\Windows\winsxs\x86_microsoft-windows-fat_31bf3856ad364e35_6.1.7600.16385_none_ae8981a3b8b7be50\fastfat.sys

< MD5 for: HAL.DLL >
[2009/07/14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009/07/14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: IASTOR.SYS >
[2009/06/04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/04 20:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/06/04 20:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/04 20:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1f15fc3e546800a\iaStor.sys

< MD5 for: IASTORV.SYS >
[2010/07/25 13:45:56 | 000,332,168 | ---- | M] (Intel Corporation) MD5=2D2918606673C46769FB516A5ACE958E -- C:\Windows\System32\drivers\iaStorV.sys
[2010/07/25 13:45:56 | 000,332,168 | ---- | M] (Intel Corporation) MD5=2D2918606673C46769FB516A5ACE958E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_c9199d57075f47a9\iaStorV.sys
[2010/07/25 13:45:56 | 000,332,168 | ---- | M] (Intel Corporation) MD5=2D2918606673C46769FB516A5ACE958E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_aed9db9de9265a3a\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/07/25 13:45:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=FE8186428F0AB44F0E500C7AA33E9B51 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_afb9f9af020317a3\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\isapnp.sys
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys

< MD5 for: LSASS.EXE >
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\ERDNT\cache\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\System32\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe

< MD5 for: NDIS.SYS >
[2009/07/14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\ERDNT\cache\ndis.sys
[2009/07/14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009/07/14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NTFS.SYS >
[2009/07/14 03:20:44 | 001,210,432 | ---- | M] (Microsoft Corporation) MD5=3795DCD21F740EE799FB7223234215AF -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_a6477fe07e3f2f04\ntfs.sys
[2010/07/25 13:45:56 | 001,210,760 | ---- | M] (Microsoft Corporation) MD5=B0FF28FEF1C6B51BC1AC91B9FFD5D00E -- C:\Windows\ERDNT\cache\ntfs.sys
[2010/07/25 13:45:56 | 001,210,760 | ---- | M] (Microsoft Corporation) MD5=B0FF28FEF1C6B51BC1AC91B9FFD5D00E -- C:\Windows\System32\drivers\ntfs.sys
[2010/07/25 13:45:56 | 001,210,760 | ---- | M] (Microsoft Corporation) MD5=B0FF28FEF1C6B51BC1AC91B9FFD5D00E -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16592_none_a639b2e27e49f93e\ntfs.sys
[2010/07/25 13:45:56 | 001,210,248 | ---- | M] (Microsoft Corporation) MD5=F68CACD7D259166B6F1A248498CF898F -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20712_none_a719d0f39726b6a7\ntfs.sys

< MD5 for: NVRAID.SYS >
[2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys
[2010/07/25 13:45:56 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=841339E8B477F52311C5A7AFD5AA2388 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_3a836a5e3939c17b\nvraid.sys
[2010/07/25 13:45:56 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=D71FEB6FCB0912EB238F0CFE5CB085B8 -- C:\Windows\System32\drivers\nvraid.sys
[2010/07/25 13:45:56 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=D71FEB6FCB0912EB238F0CFE5CB085B8 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_c09ee40f078b4594\nvraid.sys
[2010/07/25 13:45:56 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=D71FEB6FCB0912EB238F0CFE5CB085B8 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_39a34c4d205d0412\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2010/07/25 13:45:56 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=1D8B6A440DFF2BDEAA4EB209FCBA21BF -- C:\Windows\System32\drivers\nvstor.sys
[2010/07/25 13:45:56 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=1D8B6A440DFF2BDEAA4EB209FCBA21BF -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_c09ee40f078b4594\nvstor.sys
[2010/07/25 13:45:56 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=1D8B6A440DFF2BDEAA4EB209FCBA21BF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_39a34c4d205d0412\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
[2010/07/25 13:45:56 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=F3596C8A63D3871890B0D3A0DFFEF0D0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_3a836a5e3939c17b\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: SERVICES.EXE >
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SMSS.EXE >
[2009/07/14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\System32\smss.exe
[2009/07/14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe

< MD5 for: SPOOLSV.EXE >
[2010/08/20 06:25:14 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=2FB4CE429488156B19C0D8E5C4552043 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_d6ab9bc23bf9f1c6\spoolsv.exe
[2009/07/14 03:14:41 | 000,316,416 | ---- | M] (Microsoft Corporation) MD5=49B6DD6AB3715B7A67965F17194E98A9 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_d621f94522dc5a87\spoolsv.exe
[2010/08/21 07:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\ERDNT\cache\spoolsv.exe
[2010/08/21 07:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\System32\spoolsv.exe
[2010/08/21 07:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_d6339da722cfb4be\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2009/07/14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010/04/09 09:16:33 | 001,289,096 | ---- | M] (Microsoft Corporation) MD5=5D6A83E928F22AF5AC9868B162FFAD0D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_b38009a0e0d5a32d\tcpip.sys
[2010/04/09 09:24:54 | 001,285,000 | ---- | M] (Microsoft Corporation) MD5=63170B9EE1D0EF0032F0408605671D1A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_b30e0d41c7a5fe2f\tcpip.sys
[2010/06/14 08:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2010/06/14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\ERDNT\cache\tcpip.sys
[2010/06/14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\System32\drivers\tcpip.sys
[2010/06/14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/07/25 13:37:55 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/07/25 13:37:55 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2010/07/25 13:37:55 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2010/07/25 13:37:55 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\ERDNT\cache\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< >

< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2009/07/14 03:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll
[2010/07/25 13:17:13 | 000,003,584 | ---- | M] (Lexmark International Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\cs-CZ\LXKPTPRC.DLL.mui

< %systemroot%\system32\drivers\*.sys /5 >
[2011/07/19 19:35:13 | 000,054,144 | ---- | M] () -- C:\windows\system32\drivers\NisDrvWFP.sys

< %systemroot%\system32\drivers\*.sys /X >
[2010/07/25 13:46:52 | 000,000,000 | ---- | M] () -- C:\windows\system32\drivers\17aa_Lenovo_IdeaPad_S10-3_20039.MRK
[2009/06/10 23:14:29 | 003,440,660 | ---- | M] () -- C:\windows\system32\drivers\gm.dls
[2009/06/10 23:14:29 | 000,000,646 | ---- | M] () -- C:\windows\system32\drivers\gmreadme.txt
[2009/06/10 23:27:38 | 000,000,003 | ---- | M] () -- C:\windows\system32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2010/07/25 06:07:55 | 000,000,000 | -H-- | M] () -- C:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2009/07/29 11:29:10 | 000,000,000 | -H-- | M] () -- C:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/05/05 09:05:25 | 000,000,000 | -H-- | M] () -- C:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.* /5 >
[2011/07/20 13:16:34 | 000,009,696 | -H-- | M] () -- C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/20 13:16:34 | 000,009,696 | -H-- | M] () -- C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/19 16:44:48 | 000,122,914 | ---- | M] () -- C:\windows\system32\perfc005.dat
[2011/07/19 16:44:48 | 000,107,388 | ---- | M] () -- C:\windows\system32\perfc009.dat
[2011/07/19 16:44:48 | 000,633,392 | ---- | M] () -- C:\windows\system32\perfh005.dat
[2011/07/19 16:44:48 | 000,618,108 | ---- | M] () -- C:\windows\system32\perfh009.dat
[2011/07/19 16:44:48 | 001,476,590 | ---- | M] () -- C:\windows\system32\PerfStringBackup.INI
[2011/07/19 19:35:14 | 000,008,192 | ---- | M] () -- C:\windows\system32\srvany.exe

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\config\*.sav >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\*.* /U /s >
[5 C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\windows\SoftwareDistribution\Download\224d26232b4c41567ae1c8e26be88837\*.tmp files -> C:\windows\SoftwareDistribution\Download\224d26232b4c41567ae1c8e26be88837\*.tmp -> ]
[1 C:\windows\SoftwareDistribution\Download\3a97dad38b8bc9ed30087d25a0d7412a\*.tmp files -> C:\windows\SoftwareDistribution\Download\3a97dad38b8bc9ed30087d25a0d7412a\*.tmp -> ]
[1 C:\windows\SoftwareDistribution\Download\40298a5cb4246d479345ba280c3a92b2\*.tmp files -> C:\windows\SoftwareDistribution\Download\40298a5cb4246d479345ba280c3a92b2\*.tmp -> ]
[1 C:\windows\SoftwareDistribution\Download\8d807f892ca841589b4d5a3f13cd8cb3\*.tmp files -> C:\windows\SoftwareDistribution\Download\8d807f892ca841589b4d5a3f13cd8cb3\*.tmp -> ]
[1 C:\windows\SoftwareDistribution\Download\9eeb0ab0774fe04917d638b2dc708765\*.tmp files -> C:\windows\SoftwareDistribution\Download\9eeb0ab0774fe04917d638b2dc708765\*.tmp -> ]
[1 C:\windows\SoftwareDistribution\Download\a3bb71ad37da113da2ce5b18d7f0cfb0\*.tmp files -> C:\windows\SoftwareDistribution\Download\a3bb71ad37da113da2ce5b18d7f0cfb0\*.tmp -> ]
[1 C:\windows\SoftwareDistribution\Download\bfb1c08d6e037134d7be5c3de1668731\*.tmp files -> C:\windows\SoftwareDistribution\Download\bfb1c08d6e037134d7be5c3de1668731\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %ALLUSERSPROFILE%\Data Aplikací\*.* >

< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.* >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s >

< %APPDATA%\*. >
[2010/03/09 04:20:30 | 000,000,000 | ---D | M] -- C:\Users\Verca\AppData\Roaming\Adobe
[2011/04/05 17:31:02 | 000,000,000 | ---D | M] -- C:\Users\Verca\AppData\Roaming\DAEMON Tools Lite
[2011/04/05 17:22:15 | 000,000,000 | ---D | M] -- C:\Users\Verca\AppData\Roaming\GHISLER
[2010/03/09 01:38:33 | 000,000,000 | ---D | M] -- C:\Users\Verca\AppData\Roaming\Identities
[2010/03/09 02:15:42 | 000,000,000 | ---D | M] -- C:\Users\Verca\AppData\Roaming\Macromedia
[2011/04/06 08:02:24 | 000,000,000 | ---D | M] -- C:\Users\Verca\AppData\Roaming\Media Player Classic
[2011/04/06 07:49:43 | 000,000,000 | --SD | M] -- C:\Users\Verca\AppData\Roaming\Microsoft
[2010/03/30 19:11:44 | 000,000,000 | ---D | M] -- C:\Users\Verca\AppData\Roaming\Mozilla
[2010/03/09 06:47:29 | 000,000,000 | ---D | M] -- C:\Users\Verca\AppData\Roaming\OpenOffice.org
[2011/07/20 13:10:06 | 000,000,000 | ---D | M] -- C:\Users\Verca\AppData\Roaming\Skype
[2011/07/20 13:09:26 | 000,000,000 | ---D | M] -- C:\Users\Verca\AppData\Roaming\skypePM
[2011/04/05 17:14:20 | 000,000,000 | ---D | M] -- C:\Users\Verca\AppData\Roaming\XnView
[2011/04/05 17:27:33 | 000,000,000 | ---D | M] -- C:\Users\Verca\AppData\Roaming\Zoner

< %APPDATA%\*.* >

< %APPDATA%\*.exe /s >

< %SYSTEMDRIVE%\*.exe >

< >

< >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-03 21:25:25

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s >
"JobInactivityTimeout" = 7776000
"JobMinimumRetryDelay" = 600
"JobNoProgressTimeout" = 1209600
"LogFileFlags" = 0
"LogFileMinMemory" = 120
"LogFileSize" = 1
"TimeQuantaLength" = 300
"UseLmCompat" = 2
"IGDSearcherDLL" = bitsigd.dll -- [2009/07/14 03:14:59 | 000,039,936 | ---- | M] (Microsoft Corporation)
"StateIndex" = 0

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011/07/20 13:31:55 | 000,000,512 | ---- | M] () MD5=617BA6D7DA6C2EE8B76918CA4F66C4D3 -- C:\PhysicalMBR.bin

< End of report >

OTL Extras logfile created on: 7/20/2011 1:30:43 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Verca\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1013.42 Mb Total Physical Memory | 498.02 Mb Available Physical Memory | 49.14% Memory free
1.99 Gb Paging File | 1.28 Gb Available in Paging File | 64.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 187.67 Gb Total Space | 60.59 Gb Free Space | 32.29% Space Free | Partition Type: NTFS
Drive D: | 30.27 Gb Total Space | 28.89 Gb Free Space | 95.46% Space Free | Partition Type: NTFS

Computer Name: VERCA-PC | User Name: Verca | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2476508261-4095849176-3837510243-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallOverride" = 1
"DisableThumbnailCache" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{357B11ED-5417-4CF3-8EB2-386299BC30E0}" = Lenovo Quick Start
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client CS-CZ Language Pack
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{AC76BA86-7AD7-1029-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Czech
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6197679-051D-4E3E-9757-4D5CDA6D658B}" = Microsoft Antimalware Service CS-CZ Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.0.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"ZonerPhotoStudio12_CZ_is1" = Zoner Photo Studio 12

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/30/2010 1:04:32 PM | Computer Name = Verca-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .

Error - 3/30/2010 1:04:37 PM | Computer Name = Verca-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .

Error - 3/30/2010 1:04:37 PM | Computer Name = Verca-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .

Error - 3/30/2010 1:09:43 PM | Computer Name = Verca-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .

Error - 3/30/2010 1:09:43 PM | Computer Name = Verca-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .

Error - 3/30/2010 1:09:43 PM | Computer Name = Verca-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .

Error - 3/30/2010 1:25:31 PM | Computer Name = Verca-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .

Error - 3/30/2010 1:25:31 PM | Computer Name = Verca-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .

Error - 4/5/2011 11:53:07 AM | Computer Name = Verca-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: Explorer.EXE, verze: 6.1.7600.16450, časové
razítko: 0x4aeba271 Název chybujícího modulu: IZArcCM.dll_unloaded, verze: 0.0.0.0,
časové razítko: 0x4c29a140 Kód výjimky: 0xc0000005 Posun chyby: 0x03c8ad80 ID chybujícího
procesu: 0x5d8 Čas spuštění chybující aplikace: 0x01cbf3a4c408bfdc Cesta k chybující
aplikaci: C:\windows\Explorer.EXE Cesta k chybujícímu modulu: IZArcCM.dll ID zprávy:
cbfb3781-5f9c-11e0-b318-002682b7159a

Error - 4/5/2011 11:53:20 AM | Computer Name = Verca-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: Explorer.EXE, verze: 6.1.7600.16450, časové
razítko: 0x4aeba271 Název chybujícího modulu: IZArcCM.dll_unloaded, verze: 0.0.0.0,
časové razítko: 0x4c29a140 Kód výjimky: 0xc0000005 Posun chyby: 0x03c8ad80 ID chybujícího
procesu: 0x5d8 Čas spuštění chybující aplikace: 0x01cbf3a4c408bfdc Cesta k chybující
aplikaci: C:\windows\Explorer.EXE Cesta k chybujícímu modulu: IZArcCM.dll ID zprávy:
d40d61ef-5f9c-11e0-b318-002682b7159a

[ System Events ]
Error - 7/18/2011 3:51:11 PM | Computer Name = Verca-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 7/18/2011 3:51:11 PM | Computer Name = Verca-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 7/18/2011 3:51:11 PM | Computer Name = Verca-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 7/18/2011 3:51:12 PM | Computer Name = Verca-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 7/18/2011 3:51:12 PM | Computer Name = Verca-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 7/18/2011 3:51:41 PM | Computer Name = Verca-PC | Source = DCOM | ID = 10005
Description =

Error - 7/18/2011 3:52:37 PM | Computer Name = Verca-PC | Source = Service Control Manager | ID = 7000
Description = Služba Microsoft Antimalware Service neuspěla při spuštění v důsledku
následující chyby: %%2

Error - 7/18/2011 3:53:30 PM | Computer Name = Verca-PC | Source = Schannel | ID = 36888
Description = Byla vygenerována následující výstraha o závažné chybě: 10. Stav interní
chyby: 10

Error - 7/18/2011 3:53:30 PM | Computer Name = Verca-PC | Source = Schannel | ID = 36888
Description = Byla vygenerována následující výstraha o závažné chybě: 10. Stav interní
chyby: 10

Error - 7/18/2011 4:00:28 PM | Computer Name = Verca-PC | Source = Service Control Manager | ID = 7000
Description = Služba Microsoft Antimalware Service neuspěla při spuštění v důsledku
následující chyby: %%2

< End of report >

Kdo Vám poradil použít Rkill a Exehelper

Jak je to s legálností Microsoft Office

no to jsem viděl v tom návodu tak to asi byla chyba

microsoft office jsou nelegální ale windows je originál.

Provádějte pouze úkony, které máte v tomto topicu.

Takže až budou odinstalovány nelegální programy, tak budeme pokračovat.

Já jsem použil prvně rkill potom exehelper potom ComboFix a pak už jsem nevěděl jak dál. Tak vše nelegální odstraněno

Tak Vás poprosím o nový log z RSIT, stačí mi info.txt.

info.txt logfile of random's system information tool 1.09 2011-07-20 14:50:49

======Uninstall list======

Adobe Flash Player 10 ActiveX-->C:\windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe -maintain plugin
Adobe Reader X (10.0.1) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AA0000000001}
Broadcom 802.11 Wireless Driver-->C:\Program Files\InstallShield Installation Information\{8991E763-21F5-4DEA-A938-5D9D77DCB488}\setup.exe -runfromtemp -l0x0009 -removeonly
DAEMON Tools Lite-->C:\Program Files\DAEMON Tools Lite\uninst.exe
Energy Management-->"C:\Program Files\InstallShield Installation Information\{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel(R) Graphics Media Accelerator Driver-->C:\windows\system32\igxpun.exe -uninstall
Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
IZArc 4.1.2-->"C:\Program Files\IZArc\unins000.exe"
Java(TM) 6 Update 24-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216024FF}
K-Lite Mega Codec Pack 7.0.0-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lenovo EasyCamera-->C:\Program Files\InstallShield Installation Information\{4BB1DCED-84D3-47F9-B718-5947E904593E}\setup.exe -runfromtemp -l0x0009 -removeonly
Lenovo OneKey Recovery-->"C:\Program Files\InstallShield Installation Information\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\setup.exe" /z-uninstall
Lenovo OneKey Recovery-->"C:\Program Files\InstallShield Installation Information\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\setup.exe" /z-uninstall
Lenovo Quick Start-->MsiExec.exe /X{357B11ED-5417-4CF3-8EB2-386299BC30E0}
Lenovo ReadyComm 5.0 Service-->MsiExec.exe /X{76C66170-C538-4E77-B54D-48E136B5B533}
Lenovo ReadyComm 5-->C:\Program Files\InstallShield Installation Information\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}\Setup.exe -runfromtemp -removeonly
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}
Microsoft .NET Framework 4 Client Profile-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Antimalware Service CS-CZ Language Pack-->MsiExec.exe /X{F6197679-051D-4E3E-9757-4D5CDA6D658B}
Microsoft Antimalware-->MsiExec.exe /X{774088D4-0777-4D78-904D-E435B318F5D2}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Security Client CS-CZ Language Pack-->MsiExec.exe /I{859B9BCA-5376-4566-9F88-C6C9DAA7A925}
Microsoft Security Client-->MsiExec.exe /I{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.18)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Realtek Ethernet Controller Driver For Windows Vista and Later-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Realtek USB 2.0 Card Reader-->"C:\Program Files\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe" -runfromtemp -l0x0009 -removeonly
Skype™ 5.1-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Total Commander (Remove or Repair)-->c:\Program Files\Total Commander\tcuninst.exe
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

======System event log======

Computer Name: WIN-549S7J1JQI7
Event Code: 7036
Message: Stav služby Windows Search byl změněn na: stopped
Record Number: 1847
Source Name: Service Control Manager
Time Written: 20100725045914.859661-000
Event Type: Informace
User:

Computer Name: WIN-549S7J1JQI7
Event Code: 7040
Message: Režim spuštění služby Windows Search byl změněn z auto start na disabled.
Record Number: 1846
Source Name: Service Control Manager
Time Written: 20100725045914.469660-000
Event Type: Informace
User: Verca-PC\Administrator

Computer Name: WIN-549S7J1JQI7
Event Code: 104
Message: Byl vymazán soubor protokolu Setup.
Record Number: 1845
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100725045903.144040-000
Event Type: Informace
User: Verca-PC\Administrator

Computer Name: WIN-549S7J1JQI7
Event Code: 104
Message: Byl vymazán soubor protokolu Application.
Record Number: 1844
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100725045903.097240-000
Event Type: Informace
User: Verca-PC\Administrator

Computer Name: WIN-549S7J1JQI7
Event Code: 104
Message: Byl vymazán soubor protokolu System.
Record Number: 1843
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100725045903.081640-000
Event Type: Informace
User: Verca-PC\Administrator

=====Application event log=====

Computer Name: WIN-549S7J1JQI7
Event Code: 6000
Message: Odběratel oznámení přihlašování do systému Windows <SessionEnv> nemohl zpracovat událost upozornění.
Record Number: 724
Source Name: Microsoft-Windows-Winlogon
Time Written: 20100725045921.000000-000
Event Type: Informace
User:

Computer Name: WIN-549S7J1JQI7
Event Code: 9009
Message: Správce oken plochy byl ukončen s kódem (0x40010004).
Record Number: 723
Source Name: Desktop Window Manager
Time Written: 20100725045921.000000-000
Event Type: Informace
User:

Computer Name: WIN-549S7J1JQI7
Event Code: 1003
Message: Služba Windows Search byla spuštěna.

Record Number: 722
Source Name: Microsoft-Windows-Search
Time Written: 20100725045916.000000-000
Event Type: Informace
User:

Computer Name: WIN-549S7J1JQI7
Event Code: 1013
Message: Služba Windows Search byla řádně zastavena.

Record Number: 721
Source Name: Microsoft-Windows-Search
Time Written: 20100725045914.000000-000
Event Type: Informace
User:

Computer Name: WIN-549S7J1JQI7
Event Code: 103
Message: Windows (3092) Windows: Databázový stroj zastavil instanci (0).
Record Number: 720
Source Name: ESENT
Time Written: 20100725045914.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: WIN-549S7J1JQI7
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: WIN-549S7J1JQI7$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x23c
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 411
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100725045918.931268-000
Event Type: Úspěšný audit
User:

Computer Name: WIN-549S7J1JQI7
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 410
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100725045915.811262-000
Event Type: Úspěšný audit
User:

Computer Name: WIN-549S7J1JQI7
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: WIN-549S7J1JQI7$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x23c
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 409
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100725045915.811262-000
Event Type: Úspěšný audit
User:

Computer Name: WIN-549S7J1JQI7
Event Code: 4738
Message: Byl změněn uživatelský účet.

Předmět:
ID zabezpečení: S-1-5-21-2476508261-4095849176-3837510243-500
Název účtu: Administrator
Doména účtu: WIN-549S7J1JQI7
ID přihlášení: 0x237ca

Cílový účet:
ID zabezpečení: S-1-5-21-2476508261-4095849176-3837510243-500
Název účtu: Administrator
Doména účtu: WIN-549S7J1JQI7

Změněné atributy:
Název účtu SAM: -
Zobrazovaný název: -
Zaregistrovaný název uživatele: -
Domovský adresář: -
Domovská jednotka: -
Cesta skriptu: -
Cesta profilu: -
Pracovní stanice uživatele: -
Poslední nastavení hesla: -
Vypršení platnosti účtu: -
ID primární skupiny: -
Povolené delegování: -
Původní hodnota UAC: 0x211
Nová hodnota UAC: 0x211
Řízení účtu uživatele: -
Parametry uživatele: -
Historie identifikátoru zabezpečení: -
Přihlašovací hodiny: -

Další informace:
Oprávnění: -
Record Number: 408
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100725045903.300040-000
Event Type: Úspěšný audit
User:

Computer Name: WIN-549S7J1JQI7
Event Code: 1102
Message: Protokol auditu byl vymazán.
Předmět:
ID zabezpečení: S-1-5-21-2476508261-4095849176-3837510243-500
Název účtu: Administrator
Název domény: WIN-549S7J1JQI7
ID přihlášení: 0x237ca
Record Number: 407
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100725045903.112840-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=1c0a
"configsetroot"=%SystemRoot%\ConfigSetRoot
"LenovoTestLogFile"=c:\prdv10\PRELOAD.LOG
"LenovoTestPath"=c:\prdv10\

-----------------EOF-----------------

VIRY.CZ

Prosím o kontrolu Logu (facebook vir)

Prosím o kontrolu Logu (facebook vir)

Re: Prosím o kontrolu Logu (facebook vir)

Re: Prosím o kontrolu Logu (facebook vir)

Re: Prosím o kontrolu Logu (facebook vir)

Re: Prosím o kontrolu Logu (facebook vir)

Re: Prosím o kontrolu Logu (facebook vir)

Re: Prosím o kontrolu Logu (facebook vir)

Re: Prosím o kontrolu Logu (facebook vir)

Re: Prosím o kontrolu Logu (facebook vir)

Re: Prosím o kontrolu Logu (facebook vir)

Re: Prosím o kontrolu Logu (facebook vir)

Re: Prosím o kontrolu Logu (facebook vir)

Re: Prosím o kontrolu Logu (facebook vir)

Re: Prosím o kontrolu Logu (facebook vir)

Re: Prosím o kontrolu Logu (facebook vir)