VIRY.CZ

Mám vir z FB....prosím o kontrolu logu. děkuji


Logfile of random's system information tool 1.09 (written by random/random)
Run by oem at 2011-07-24 17:48:39
Microsoft Windows 7 Professional
System drive C: has 26 GB (52%) free of 50 GB
Total RAM: 1014 MB (56% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-367092564-4290927158-3838574436-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-367092564-4290927158-3838574436-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
&Crawler Toolbar Helper - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2011-07-14 1237240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll []
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2011-07-14 1237240]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-11-24 323640]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"tray_ico"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & DestroyS\TeaTimer.exe [2009-03-05 2260480]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-07-24 3037696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\359043.exe]
C:\Windows\Temp\359043.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4262796.exe]
C:\Users\oem\AppData\Local\Temp\4262796.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\6397467.exe]
C:\Windows\Temp\6397467.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\73022690-loader2.exe]
C:\Windows\Temp\73022690-loader2.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9876910.exe]
C:\Windows\Temp\9876910.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
C:\PROGRA~1\AVG\AVG9\avgtray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlazeServoTool]
C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\oem\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-19 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\l1rezerv.exe]
C:\Windows\l1rezerv.exe [2011-07-24 235520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysdriver32.exe]
C:\Windows\sysdriver32.exe [2011-07-24 252928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysdriver32_.exe]
C:\Windows\sysdriver32_.exe [2011-07-24 247296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\systemup]
C:\Windows\systemup.exe [2011-07-21 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray_ico0]
C:\Windows\update.tray-2-0\svchost.exe [2011-07-21 1180672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray_ico1]
C:\Windows\update.tray-12-0\svchost.exe [2011-07-21 1180672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wxpdrv]
C:\Windows\services32.exe [2011-07-21 1178112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-24 17:47:25 ----D---- C:\Program Files\trend micro
2011-07-24 17:47:24 ----D---- C:\rsit
2011-07-24 17:18:43 ----HD---- C:\Windows\PIF
2011-07-24 17:16:30 ----D---- C:\Program Files\Crawler
2011-07-24 17:16:26 ----D---- C:\Users\oem\AppData\Roaming\Spyware Terminator
2011-07-24 17:16:26 ----A---- C:\Windows\system32\drivers\sp_rsdrv2.sys
2011-07-24 17:16:22 ----D---- C:\ProgramData\Spyware Terminator
2011-07-24 17:16:22 ----D---- C:\Program Files\Spyware Terminator
2011-07-24 17:10:46 ----A---- C:\Windows\ntbtlog.txt
2011-07-24 17:00:39 ----D---- C:\Program Files\Spybot - Search & DestroyS
2011-07-24 16:57:37 ----HD---- C:\Windows\update.tray-12-0-lnk
2011-07-24 16:57:37 ----HD---- C:\Windows\update.tray-12-0
2011-07-24 16:53:20 ----HD---- C:\$AVG
2011-07-24 16:53:18 ----A---- C:\Windows\system32\avgrsstx.dll
2011-07-24 16:53:17 ----A---- C:\Windows\system32\drivers\avgrkx86.sys
2011-07-24 16:53:17 ----A---- C:\Windows\system32\drivers\AVGIDSwx.sys
2011-07-24 16:53:15 ----A---- C:\Windows\system32\drivers\avgtdix.sys
2011-07-24 16:53:09 ----A---- C:\Windows\system32\drivers\avgmfx86.sys
2011-07-24 16:53:09 ----A---- C:\Windows\system32\drivers\avgldx86.sys
2011-07-24 16:53:02 ----D---- C:\Windows\system32\drivers\Avg
2011-07-24 16:49:17 ----A---- C:\Windows\system32\drivers\avgfwd6x.sys
2011-07-24 16:24:30 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2011-07-24 16:24:30 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2011-07-24 16:24:29 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2011-07-24 16:24:29 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2011-07-24 16:21:53 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-07-24 16:21:51 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-07-24 15:56:04 ----D---- C:\Program Files\CCleaner
2011-07-21 12:35:20 ----A---- C:\Windows\ddh_iplist.txt
2011-07-21 12:34:46 ----A---- C:\Windows\l1rezerv.exe
2011-07-21 12:34:38 ----A---- C:\Windows\systemup.exe
2011-07-21 12:33:09 ----A---- C:\Windows\iecheck_iplist.txt
2011-07-21 12:32:50 ----D---- C:\Windows\ufa
2011-07-21 12:32:49 ----D---- C:\Windows\rpcminer
2011-07-21 12:32:49 ----D---- C:\Windows\phoenix
2011-07-21 12:32:48 ----A---- C:\Windows\unrar.exe
2011-07-21 12:32:44 ----HD---- C:\Windows\update.2
2011-07-21 12:32:18 ----A---- C:\Windows\btc_client_iplist.txt
2011-07-21 12:31:56 ----HD---- C:\Windows\update.5.0
2011-07-21 12:31:17 ----A---- C:\Windows\iplist.txt
2011-07-21 12:30:15 ----A---- C:\Windows\sysdriver32_.exe
2011-07-21 12:30:01 ----A---- C:\Windows\sysdriver32.exe
2011-07-21 12:29:48 ----A---- C:\Windows\front_ip_list.txt
2011-07-21 12:29:35 ----D---- C:\Windows\av_ico
2011-07-21 12:28:19 ----HD---- C:\Windows\update.1
2011-07-21 12:28:17 ----HD---- C:\Windows\update.tray-2-0-lnk
2011-07-21 12:28:17 ----HD---- C:\Windows\update.tray-2-0
2011-07-21 12:17:20 ----A---- C:\Windows\winlog-ids.txt
2011-07-21 12:17:20 ----A---- C:\Windows\winlog-dirs.txt
2011-07-21 12:17:15 ----A---- C:\Windows\services32.exe
2011-07-20 12:09:25 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2011-07-20 12:09:09 ----D---- C:\Program Files\DAEMON Tools Lite
2011-07-20 12:08:44 ----D---- C:\Users\oem\AppData\Roaming\DAEMON Tools Lite
2011-07-20 12:08:44 ----D---- C:\ProgramData\DAEMON Tools Lite
2011-07-14 15:35:32 ----D---- C:\Users\oem\AppData\Roaming\WinRAR
2011-07-14 15:35:26 ----D---- C:\Program Files\WinRAR
2011-07-13 09:28:23 ----A---- C:\Windows\system32\drivers\BTHUSB.SYS
2011-07-13 09:28:23 ----A---- C:\Windows\system32\drivers\bthport.sys
2011-07-13 09:28:16 ----A---- C:\Windows\system32\kernel32.dll
2011-07-13 09:28:15 ----A---- C:\Windows\system32\winsrv.dll
2011-07-13 09:28:15 ----A---- C:\Windows\system32\conhost.exe
2011-07-13 09:28:01 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-13 09:27:59 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 09:27:56 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 09:27:56 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 09:27:56 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-13 09:27:56 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 09:27:56 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 09:27:56 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 09:27:56 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 09:27:55 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 09:27:55 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 09:27:55 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 09:27:55 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 09:27:55 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-13 09:27:55 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 09:27:55 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 09:27:54 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 09:27:54 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 09:27:54 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-13 09:27:54 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 09:27:54 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 09:27:54 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 09:27:54 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 09:27:54 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 09:27:53 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-13 09:27:53 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-13 09:27:53 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 09:27:53 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 09:27:52 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-13 09:27:46 ----A---- C:\Windows\system32\win32k.sys
2011-07-04 20:58:03 ----D---- C:\UP2011
2011-07-04 20:57:43 ----D---- C:\Program Files\Common Files\InstallShield
2011-06-29 23:17:11 ----A---- C:\Windows\system32\mshtml.dll
2011-06-29 23:17:05 ----A---- C:\Windows\system32\ieframe.dll
2011-06-29 23:17:04 ----A---- C:\Windows\system32\iertutil.dll
2011-06-29 23:17:01 ----A---- C:\Windows\system32\urlmon.dll
2011-06-29 23:16:52 ----A---- C:\Windows\system32\msfeeds.dll
2011-06-29 23:16:51 ----A---- C:\Windows\system32\wininet.dll
2011-06-29 23:16:51 ----A---- C:\Windows\system32\iedkcs32.dll
2011-06-29 23:16:50 ----A---- C:\Windows\system32\mstime.dll
2011-06-29 23:16:50 ----A---- C:\Windows\system32\ieui.dll
2011-06-29 23:16:50 ----A---- C:\Windows\system32\iepeers.dll
2011-06-29 23:16:49 ----A---- C:\Windows\system32\mshtmled.dll
2011-06-29 23:16:49 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-06-29 23:16:49 ----A---- C:\Windows\system32\licmgr10.dll
2011-06-29 23:16:49 ----A---- C:\Windows\system32\jsproxy.dll
2011-06-29 23:16:48 ----A---- C:\Windows\system32\msfeedssync.exe
2011-06-29 22:35:27 ----A---- C:\Windows\system32\tquery.dll
2011-06-29 22:35:27 ----A---- C:\Windows\system32\mssrch.dll
2011-06-29 22:35:25 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-06-29 22:35:24 ----A---- C:\Windows\system32\mssvp.dll
2011-06-29 22:35:24 ----A---- C:\Windows\system32\mssph.dll
2011-06-29 22:35:23 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-06-29 22:35:23 ----A---- C:\Windows\system32\mssphtb.dll
2011-06-29 22:35:22 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-06-29 22:35:22 ----A---- C:\Windows\system32\msscntrs.dll
2011-06-29 22:34:20 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-06-29 22:34:19 ----A---- C:\Windows\system32\drivers\afd.sys
2011-06-29 22:33:22 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-06-29 22:32:46 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-06-29 22:32:46 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-06-29 22:32:46 ----A---- C:\Windows\system32\drivers\srv.sys
2011-06-29 22:31:14 ----A---- C:\Windows\system32\oleaut32.dll
2011-06-29 22:31:11 ----A---- C:\Windows\system32\drivers\dfsc.sys
2011-06-29 22:31:09 ----A---- C:\Windows\system32\inetcomm.dll
2011-06-29 22:31:07 ----A---- C:\Windows\system32\d3d10_1.dll
2011-06-29 22:28:56 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-06-29 22:28:55 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-06-29 22:28:55 ----A---- C:\Windows\system32\drivers\mrxsmb.sys

======List of files/folders modified in the last 1 month======

2011-07-24 17:48:41 ----D---- C:\Windows\Temp
2011-07-24 17:48:40 ----D---- C:\Windows\System32
2011-07-24 17:48:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-24 17:48:39 ----D---- C:\Windows\inf
2011-07-24 17:47:25 ----RD---- C:\Program Files
2011-07-24 17:43:55 ----AD---- C:\Windows\system32\drivers
2011-07-24 17:18:43 ----D---- C:\Windows
2011-07-24 17:16:22 ----HD---- C:\ProgramData
2011-07-24 17:02:49 ----D---- C:\Windows\system32\drivers\etc
2011-07-24 16:50:24 ----D---- C:\Windows\system32\catroot
2011-07-24 16:50:23 ----D---- C:\Windows\system32\DriverStore
2011-07-24 16:47:05 ----SHD---- C:\System Volume Information
2011-07-24 16:45:09 ----SHD---- C:\Windows\Installer
2011-07-24 16:45:08 ----SHD---- C:\Config.Msi
2011-07-24 16:44:59 ----D---- C:\Windows\winsxs
2011-07-24 16:41:22 ----SD---- C:\Users\oem\AppData\Roaming\Microsoft
2011-07-24 15:54:41 ----D---- C:\Windows\system32\config
2011-07-24 15:51:57 ----D---- C:\Windows\system32\catroot2
2011-07-20 12:08:48 ----D---- C:\Windows\Prefetch
2011-07-19 17:55:38 ----D---- C:\Windows\Tasks
2011-07-19 17:55:38 ----D---- C:\Windows\system32\Tasks
2011-07-13 17:26:10 ----D---- C:\Users\oem\AppData\Roaming\vlc
2011-07-13 14:35:22 ----A---- C:\Windows\system32\MRT.exe
2011-07-13 14:34:55 ----D---- C:\ProgramData\Microsoft Help
2011-07-05 17:08:14 ----D---- C:\Windows\system32\NDF
2011-07-04 21:01:57 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-04 20:57:43 ----D---- C:\Program Files\Common Files
2011-07-01 10:12:22 ----D---- C:\ProgramData\Adobe
2011-06-30 16:19:41 ----D---- C:\Windows\Microsoft.NET
2011-06-30 16:19:37 ----RSD---- C:\Windows\assembly
2011-06-30 09:14:29 ----RSD---- C:\Windows\Fonts
2011-06-30 09:14:28 ----D---- C:\Windows\system32\migration
2011-06-30 09:14:28 ----D---- C:\Program Files\Internet Explorer
2011-06-29 23:33:47 ----D---- C:\Program Files\Common Files\microsoft shared

Zdravím.

Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu

• Spusťte, poté do spodního políčka vložte následující skript.

• Označte položku Pro všechny uživatele.
• Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
• Klikněte na tlačítko Prohledat
• Po dokončení, sem vložte logy OTL.Txt a Extras.txt

A kde najdu ty logy z programu OTL?? ....když kliknu na prohledat tak se program vypne (nevim jestli je to dobre, jedu v nouzaku)....

To není dobře... Stáhněte http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe a spusťte. Poté stiskněte 2 a poté Enter. Log RKreport.txt mi sem vložte a zkuste znovu spustit OTL.

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Safe mode with network support
User: oem [Admin rights]
Mode: Remove -- Date : 07/24/2011 18:48:47

Bad processes: 0

Registry Entries: 6
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]


Finished : << RKreport[1].txt >>
RKreport[1].txt

Ok, jde Vám OTL?

OTL stále po kliknutí na prohledat začne hledat ale hned spadne (

Zkuste spustit ComboFix podle návodu http://www.bleepingcomputer.com/combofi ... t-combofix

Tady je log


ComboFix 11-07-24.01 - oem 24.07.2011 21:02:15.1.1 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.1014.395 [GMT 2:00]
Spuštěný z: c:\users\oem\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.tray-12-0\svchost.exe
c:\windows\update.tray-2-0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
-------\Service_srvbtcclient
-------\Service_srvbtcclient
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-24 do 2011-07-24 )))))))))))))))))))))))))))))))
.
.
2011-07-24 19:17 . 2011-07-24 19:19 -------- d-----w- c:\users\oem\AppData\Local\temp
2011-07-24 19:17 . 2011-07-24 19:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-24 15:47 . 2011-07-24 15:49 -------- d-----w- c:\program files\trend micro
2011-07-24 15:47 . 2011-07-24 15:47 -------- d-----w- C:\rsit
2011-07-24 15:18 . 2011-07-24 15:18 -------- d--h--w- c:\windows\PIF
2011-07-24 15:16 . 2011-07-24 15:16 -------- d-----w- c:\program files\Crawler
2011-07-24 15:16 . 2011-07-24 15:17 -------- d-----w- c:\users\oem\AppData\Roaming\Spyware Terminator
2011-07-24 15:16 . 2011-07-24 15:16 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-07-24 15:16 . 2011-07-24 15:17 -------- d-----w- c:\programdata\Spyware Terminator
2011-07-24 15:16 . 2011-07-24 15:17 -------- d-----w- c:\program files\Spyware Terminator
2011-07-24 14:57 . 2011-07-24 19:15 -------- d--h--w- c:\windows\update.tray-12-0
2011-07-24 14:57 . 2011-07-24 14:57 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-07-24 14:53 . 2011-07-24 14:53 -------- d-----w- C:\$AVG
2011-07-24 14:53 . 2011-07-24 14:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2011-07-24 14:53 . 2011-07-24 14:53 25608 ----a-w- c:\windows\system32\drivers\AVGIDSwx.sys
2011-07-24 14:53 . 2011-07-24 14:53 161672 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-07-24 14:53 . 2011-07-24 14:53 356616 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-24 14:53 . 2011-07-24 14:53 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-07-24 14:53 . 2011-07-24 14:53 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-07-24 14:53 . 2011-07-24 14:53 -------- d-----w- c:\windows\system32\drivers\Avg
2011-07-24 14:49 . 2011-07-24 14:49 23832 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2011-07-24 14:24 . 2011-07-24 14:33 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2011-07-24 14:24 . 2011-07-24 14:24 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2011-07-24 14:24 . 2011-07-24 14:33 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2011-07-24 14:24 . 2011-07-24 14:24 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2011-07-24 14:21 . 2011-07-24 16:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-07-24 14:21 . 2011-07-24 15:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-24 13:56 . 2011-07-24 13:56 -------- d-----w- c:\program files\CCleaner
2011-07-21 10:32 . 2011-07-21 10:32 -------- d-----w- c:\windows\ufa
2011-07-21 10:32 . 2011-07-21 10:32 -------- d-----w- c:\windows\rpcminer
2011-07-21 10:32 . 2011-07-21 10:32 -------- d-----w- c:\windows\phoenix
2011-07-21 10:32 . 2011-07-21 10:33 246272 ----a-w- c:\windows\unrar.exe
2011-07-21 10:29 . 2011-07-21 10:29 -------- d-----w- c:\windows\av_ico
2011-07-21 10:28 . 2011-07-24 19:15 -------- d--h--w- c:\windows\update.tray-2-0
2011-07-21 10:28 . 2011-07-21 10:28 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-07-20 10:09 . 2011-07-20 10:09 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-07-20 10:09 . 2011-07-20 10:09 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-07-20 10:08 . 2011-07-20 10:16 -------- d-----w- c:\users\oem\AppData\Roaming\DAEMON Tools Lite
2011-07-20 10:08 . 2011-07-20 10:08 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-07-19 15:55 . 2011-07-19 15:56 -------- d-----w- c:\users\oem\AppData\Local\Google
2011-07-19 09:48 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{77B4C4AA-9E74-4D23-9248-4CB84132CA42}\mpengine.dll
2011-07-13 11:57 . 2011-07-13 11:57 -------- d-----w- c:\users\oem\AppData\Local\Apps
2011-07-13 11:57 . 2011-07-24 14:16 -------- d-----w- c:\users\oem\AppData\Local\Deployment
2011-07-13 07:28 . 2011-04-28 03:29 60416 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-13 07:28 . 2011-04-28 03:29 393216 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-07-13 07:28 . 2011-06-02 05:59 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 07:28 . 2011-06-02 05:55 271872 ----a-w- c:\windows\system32\conhost.exe
2011-07-13 07:28 . 2011-06-02 05:58 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-04 19:04 . 2011-07-04 19:04 -------- d-----w- c:\users\oem\AppData\Local\Adobe
2011-07-04 18:58 . 2011-07-04 19:04 -------- d-----w- C:\UP2011
2011-07-04 18:57 . 2011-07-04 18:57 -------- d-----w- c:\program files\Common Files\InstallShield
2011-06-29 20:35 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 20:35 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 20:35 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 20:35 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 20:35 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 20:35 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 20:35 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-29 20:35 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 20:35 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 20:34 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-29 20:34 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-29 20:33 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 20:32 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-29 20:32 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-29 20:32 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-29 20:31 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-29 20:31 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-29 20:31 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-29 20:31 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-29 20:31 . 2011-04-29 05:08 759296 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-29 20:28 . 2011-05-04 02:43 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-29 20:28 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-29 20:28 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-24 14:28 . 2009-07-13 23:50 217088 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2011-07-24 14:06 . 2011-05-11 23:02 517120 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-24 17:14 . 2010-11-30 13:54 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & DestroyS\TeaTimer.exe" [2009-03-05 2260480]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-07-24 3037696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-07-19 15:55 136176 ----atw- c:\users\oem\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-16 22:11 49152 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [x]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [x]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys [x]
R3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys [x]
R3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-30 1343400]
S0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSwx.sys [2011-07-24 25608]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2011-07-24 161672]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2011-07-24 23832]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2011-07-24 333192]
S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2011-07-24 356616]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-20 218688]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-11-16 95896]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-367092564-4290927158-3838574436-1000Core.job
- c:\users\oem\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-19 15:55]
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-367092564-4290927158-3838574436-1000UA.job
- c:\users\oem\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-19 15:55]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.16.32.250 153.19.250.100 0.0.0.0 208.67.222.222
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
SafeBoot-Wdf01000.sys
MSConfigStartUp-359043 - c:\windows\Temp\359043.exe
MSConfigStartUp-4262796 - c:\users\oem\AppData\Local\Temp\4262796.exe
MSConfigStartUp-6397467 - c:\windows\Temp\6397467.exe
MSConfigStartUp-73022690-loader2 - c:\windows\Temp\73022690-loader2.exe
MSConfigStartUp-9876910 - c:\windows\Temp\9876910.exe
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-BlazeServoTool - c:\program files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
MSConfigStartUp-l1rezerv - c:\windows\l1rezerv.exe
MSConfigStartUp-sysdriver32 - c:\windows\sysdriver32.exe
MSConfigStartUp-sysdriver32_ - c:\windows\sysdriver32_.exe
MSConfigStartUp-systemup - c:\windows\systemup.exe
MSConfigStartUp-tray_ico0 - c:\windows\update.tray-2-0\svchost.exe
MSConfigStartUp-tray_ico1 - c:\windows\update.tray-12-0\svchost.exe
MSConfigStartUp-wxpdrv - c:\windows\services32.exe
AddRemove-AVG9Uninstall - c:\program files\AVG\AVG9\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\.1394ohci]
"ImagePath"="\*"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\.HDAudBus]
"ImagePath"="\*"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\.usbhub]
"ImagePath"="\*"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2011-07-24 21:27:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-24 19:27
.
Před spuštěním: Volných bajtů: 30 071 197 696
Po spuštění: Volných bajtů: 29 831 176 192
.
- - End Of File - - 51E8F056C00CAAF898225A39AE48146A

Jde Vám OTL?

Áno, log přikládám ...



OTL logfile created on: 24.7.2011 21:57:15 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\oem\Downloads
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1014,43 Mb Total Physical Memory | 284,39 Mb Available Physical Memory | 28,03% Memory free
1,99 Gb Paging File | 1,16 Gb Available in Paging File | 58,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,73 Gb Total Space | 29,85 Gb Free Space | 61,27% Space Free | Partition Type: NTFS
Drive D: | 100,21 Gb Total Space | 36,09 Gb Free Space | 36,01% Space Free | Partition Type: NTFS
Drive F: | 3,69 Gb Total Space | 2,67 Gb Free Space | 72,51% Space Free | Partition Type: FAT32

Computer Name: OEM-PC | User Name: oem | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.07.24 21:56:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\oem\Downloads\OTL (8).exe
PRC - [2011.07.24 17:16:26 | 003,037,696 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2011.07.24 17:16:26 | 000,498,176 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (SafeList) ==========

MOD - [2011.07.24 21:56:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\oem\Downloads\OTL (8).exe
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AVGIDSAgent)
SRV - File not found [Auto | Stopped] -- -- (avgfws9)
SRV - File not found [Auto | Stopped] -- -- (avg9wd)
SRV - [2011.07.24 17:16:26 | 000,498,176 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2010.11.30 17:12:16 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011.07.24 16:53:17 | 000,161,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2011.07.24 16:53:17 | 000,025,608 | ---- | M] (AVG Technologies ) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\AVGIDSwx.sys -- (AVGIDSErHrw7x)
DRV - [2011.07.24 16:53:16 | 000,356,616 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2011.07.24 16:53:09 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2011.07.24 16:53:09 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011.07.24 16:49:17 | 000,023,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2011.07.24 16:06:19 | 000,517,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbhub.sys -- (usbhub)
DRV - [2011.07.20 12:09:25 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.01.13 23:08:01 | 000,483,200 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2010.11.20 12:01:12 | 000,164,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009.11.16 10:06:52 | 000,095,896 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2009.11.16 10:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.11.16 09:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 01:12:21 | 000,187,904 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\netbt.sys -- (NetBT)
DRV - [2009.07.14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009.04.29 09:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009.04.20 10:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2007.05.11 04:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007.05.09 02:59:40 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007.03.05 07:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007.03.05 06:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT)
DRV - [2007.03.05 06:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2007.03.05 06:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2007.03.05 06:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)
DRV - [2007.03.05 06:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
DRV - [2006.11.16 10:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006.11.16 05:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.16 03:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-367092564-4290927158-3838574436-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-367092564-4290927158-3838574436-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\oem\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\oem\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird


O1 HOSTS File: ([2011.07.24 21:19:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O4 - HKU\S-1-5-21-367092564-4290927158-3838574436-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & DestroyS\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-367092564-4290927158-3838574436-1000..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-367092564-4290927158-3838574436-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-367092564-4290927158-3838574436-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.32.250 153.19.250.100 0.0.0.0 208.67.222.222
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011.07.24 21:26:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.07.24 21:17:14 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Local\temp
[2011.07.24 20:59:08 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.07.24 19:27:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.07.24 19:27:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.07.24 19:27:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.07.24 19:26:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.07.24 19:26:27 | 004,151,589 | R--- | C] (Swearware) -- C:\Users\oem\Desktop\ComboFix.exe
[2011.07.24 19:16:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.07.24 18:48:47 | 000,000,000 | ---D | C] -- C:\Users\oem\Desktop\RK_Quarantine
[2011.07.24 18:01:45 | 000,000,000 | ---D | C] -- C:\Users\oem\Desktop\OTL
[2011.07.24 17:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.07.24 17:47:24 | 000,000,000 | ---D | C] -- C:\rsit
[2011.07.24 17:18:43 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011.07.24 17:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler lišta
[2011.07.24 17:16:30 | 000,000,000 | ---D | C] -- C:\Program Files\Crawler
[2011.07.24 17:16:26 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\Spyware Terminator
[2011.07.24 17:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2011.07.24 17:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator
[2011.07.24 17:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2011.07.24 17:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & DestroyS
[2011.07.24 16:57:37 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-12-0-lnk
[2011.07.24 16:57:37 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-12-0
[2011.07.24 16:53:20 | 000,000,000 | ---D | C] -- C:\$AVG
[2011.07.24 16:53:18 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2011.07.24 16:53:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 9.0
[2011.07.24 16:53:17 | 000,161,672 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2011.07.24 16:53:17 | 000,025,608 | ---- | C] (AVG Technologies ) -- C:\Windows\System32\drivers\AVGIDSwx.sys
[2011.07.24 16:53:15 | 000,356,616 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2011.07.24 16:53:09 | 000,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2011.07.24 16:53:09 | 000,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2011.07.24 16:53:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2011.07.24 16:49:17 | 000,023,832 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2011.07.24 16:24:50 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\oem\Desktop\setup-spybotsd162.exe
[2011.07.24 16:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2011.07.24 16:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2011.07.24 16:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2011.07.24 16:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2011.07.24 16:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.07.24 16:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.07.24 16:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.07.24 16:21:23 | 000,000,000 | ---D | C] -- C:\Users\oem\Desktop\AVG Internet Security 9.0.663 serial cz-sk-eng
[2011.07.24 15:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.07.24 15:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.07.21 12:32:50 | 000,000,000 | ---D | C] -- C:\Windows\ufa
[2011.07.21 12:32:49 | 000,000,000 | ---D | C] -- C:\Windows\rpcminer
[2011.07.21 12:32:49 | 000,000,000 | ---D | C] -- C:\Windows\phoenix
[2011.07.21 12:29:35 | 000,000,000 | ---D | C] -- C:\Windows\av_ico
[2011.07.21 12:28:17 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-2-0-lnk
[2011.07.21 12:28:17 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-2-0
[2011.07.20 16:31:17 | 000,000,000 | ---D | C] -- C:\Users\oem\Documents\18 WoS Extreme Trucker 2
[2011.07.20 12:21:14 | 000,000,000 | ---D | C] -- C:\Users\oem\Desktop\X-Men_-__First_Class_(2011_R5_XviD)_+_CZ_titulky
[2011.07.20 12:09:25 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011.07.20 12:09:09 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011.07.20 12:08:44 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\DAEMON Tools Lite
[2011.07.20 12:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011.07.19 17:57:04 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.07.19 17:55:34 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Local\Google
[2011.07.14 15:46:46 | 000,000,000 | ---D | C] -- C:\Users\oem\Desktop\IronClad
[2011.07.14 15:40:53 | 000,000,000 | R--D | C] -- C:\Users\oem\Desktop\Hudba
[2011.07.14 15:35:32 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\WinRAR
[2011.07.14 15:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.07.14 15:35:31 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.07.14 15:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011.07.13 13:57:21 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CZShare
[2011.07.13 13:57:08 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Local\Apps
[2011.07.13 13:57:07 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Local\Deployment
[2011.07.13 13:56:50 | 000,000,000 | ---D | C] -- C:\Users\oem\Desktop\CZShareManager
[2011.07.13 09:28:15 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011.07.13 09:28:15 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.07.13 09:27:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.13 09:27:56 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011.07.13 09:27:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.07.13 09:27:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011.07.13 09:27:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.07.13 09:27:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011.07.13 09:27:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.07.13 09:27:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011.07.13 09:27:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011.07.13 09:27:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011.07.13 09:27:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.07.13 09:27:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011.07.13 09:27:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011.07.13 09:27:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011.07.13 09:27:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011.07.13 09:27:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011.07.13 09:27:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011.07.13 09:27:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011.07.13 09:27:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011.07.13 09:27:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.07.13 09:27:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011.07.13 09:27:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011.07.13 09:27:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011.07.13 09:27:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011.07.13 09:27:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011.07.13 09:27:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011.07.13 09:27:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011.07.13 09:27:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011.07.13 09:27:46 | 002,332,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.07.04 21:04:59 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Local\Adobe
[2011.07.04 21:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP-Soft
[2011.07.04 20:58:03 | 000,000,000 | ---D | C] -- C:\UP2011
[2011.07.04 20:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011.06.29 23:16:52 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.06.29 23:16:51 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.06.29 23:16:50 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.06.29 23:16:50 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.06.29 23:16:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.06.29 23:16:49 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.06.29 23:16:49 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.06.29 23:16:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.06.29 23:16:48 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.06.29 23:16:48 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.06.29 23:16:47 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.06.29 22:35:27 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011.06.29 22:35:27 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011.06.29 22:35:24 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011.06.29 22:35:24 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011.06.29 22:35:23 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011.06.29 22:35:22 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011.06.29 22:31:07 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

========== Files - Modified Within 30 Days ==========

[2011.07.24 22:00:03 | 000,000,954 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-367092564-4290927158-3838574436-1000UA.job
[2011.07.24 21:58:23 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.07.24 21:30:25 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.24 21:30:25 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.24 21:25:48 | 000,656,624 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2011.07.24 21:25:48 | 000,624,802 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.24 21:25:48 | 000,130,620 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2011.07.24 21:25:48 | 000,114,798 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.07.24 21:19:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.07.24 21:19:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.24 21:18:58 | 797,777,920 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.24 19:26:45 | 004,151,589 | R--- | M] (Swearware) -- C:\Users\oem\Desktop\ComboFix.exe
[2011.07.24 18:22:20 | 000,579,584 | ---- | M] () -- C:\Users\oem\Desktop\OTL.exe
[2011.07.24 18:06:24 | 000,579,584 | ---- | M] () -- C:\Users\oem\Desktop\OTL (1).exe
[2011.07.24 17:17:05 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2011.07.24 17:16:26 | 000,142,592 | ---- | M] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011.07.24 17:00:46 | 000,001,223 | ---- | M] () -- C:\Users\oem\Desktop\Spybot - Search & Destroy.lnk
[2011.07.24 17:00:15 | 000,203,160 | -H-- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110724-170249.backup
[2011.07.24 16:53:18 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2011.07.24 16:53:17 | 000,161,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2011.07.24 16:53:17 | 000,025,608 | ---- | M] (AVG Technologies ) -- C:\Windows\System32\drivers\AVGIDSwx.sys
[2011.07.24 16:53:16 | 000,356,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2011.07.24 16:53:09 | 000,568,130 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2011.07.24 16:53:09 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2011.07.24 16:53:09 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2011.07.24 16:53:09 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2011.07.24 16:53:08 | 041,948,701 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011.07.24 16:53:03 | 006,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2011.07.24 16:53:03 | 000,463,779 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2011.07.24 16:53:03 | 000,113,263 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2011.07.24 16:49:17 | 000,023,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2011.07.24 16:25:18 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\oem\Desktop\setup-spybotsd162.exe
[2011.07.24 16:06:19 | 000,517,120 | ---- | M] () -- C:\Windows\System32\drivers\usbhub.sys
[2011.07.24 15:56:07 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.07.21 12:33:21 | 000,904,792 | ---- | M] () -- C:\Windows\geoiplist.rar
[2011.07.21 12:33:21 | 000,246,272 | ---- | M] () -- C:\Windows\unrar.exe
[2011.07.20 12:09:25 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011.07.20 12:09:14 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011.07.19 18:20:24 | 468,647,061 | ---- | M] () -- C:\Users\oem\Desktop\Soul.Surfer.2011.480p.BRRip.x264.AAC-mitu420.mkv
[2011.07.19 18:00:02 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-367092564-4290927158-3838574436-1000Core.job
[2011.07.19 17:57:10 | 000,002,300 | ---- | M] () -- C:\Users\oem\Desktop\Internet Google Chrome.lnk
[2011.07.17 03:24:20 | 004,636,907 | ---- | M] () -- C:\Windows\geoiplist
[2011.07.14 15:27:26 | 000,000,634 | ---- | M] () -- C:\Users\oem\Desktop\Filmy.lnk
[2011.07.13 23:01:19 | 000,023,774 | ---- | M] () -- C:\Users\oem\Desktop\11455.jpg
[2011.07.13 22:55:58 | 000,029,597 | ---- | M] () -- C:\Users\oem\Desktop\12037.jpg
[2011.07.13 22:55:44 | 000,029,230 | ---- | M] () -- C:\Users\oem\Desktop\12035.jpg
[2011.07.13 22:48:25 | 000,019,933 | ---- | M] () -- C:\Users\oem\Desktop\12712.jpg
[2011.07.13 22:46:59 | 000,020,297 | ---- | M] () -- C:\Users\oem\Desktop\12661.jpg
[2011.07.13 14:46:27 | 000,410,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.07.13 13:57:21 | 000,000,318 | ---- | M] () -- C:\Users\oem\Desktop\CZShare Manager.appref-ms
[2011.07.04 21:04:50 | 000,001,415 | ---- | M] () -- C:\Users\Public\Desktop\Licenční podmínky.lnk
[2011.07.04 21:04:50 | 000,001,408 | ---- | M] () -- C:\Users\Public\Desktop\Doplňující informace.lnk
[2011.07.04 21:04:50 | 000,001,391 | ---- | M] () -- C:\Users\Public\Desktop\Majetek a cenové předpisy, stav k 1.5.2011.lnk
[2011.07.04 21:04:50 | 000,001,389 | ---- | M] () -- C:\Users\Public\Desktop\Účetní poradce, stav k 1.5.2011.lnk
[2011.07.04 21:04:50 | 000,001,383 | ---- | M] () -- C:\Users\Public\Desktop\Poslední stav programu Quickbook.lnk
[2011.07.03 13:25:54 | 000,000,507 | ---- | M] () -- C:\Users\oem\Desktop\Default.aspx - Používá technologii Dokumenty Google.url
[2011.06.26 08:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe

========== Files Created - No Company Name ==========

[2011.07.24 21:58:23 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.07.24 19:30:20 | 000,164,864 | ---- | C] () -- C:\Windows\System32\drivers\1394ohci.svs
[2011.07.24 19:27:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.07.24 19:27:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.07.24 19:27:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.07.24 19:27:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.07.24 19:27:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.07.24 18:22:18 | 000,579,584 | ---- | C] () -- C:\Users\oem\Desktop\OTL.exe
[2011.07.24 18:06:24 | 000,579,584 | ---- | C] () -- C:\Users\oem\Desktop\OTL (1).exe
[2011.07.24 17:17:05 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2011.07.24 17:16:26 | 000,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011.07.24 16:53:09 | 000,568,130 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2011.07.24 16:53:08 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2011.07.24 16:53:03 | 041,948,701 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011.07.24 16:53:03 | 000,463,779 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2011.07.24 16:53:03 | 000,113,263 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2011.07.24 16:53:02 | 006,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2011.07.24 16:22:10 | 000,001,223 | ---- | C] () -- C:\Users\oem\Desktop\Spybot - Search & Destroy.lnk
[2011.07.24 15:56:07 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.07.21 12:33:12 | 004,636,907 | ---- | C] () -- C:\Windows\geoiplist
[2011.07.21 12:33:11 | 000,904,792 | ---- | C] () -- C:\Windows\geoiplist.rar
[2011.07.21 12:32:48 | 000,246,272 | ---- | C] () -- C:\Windows\unrar.exe
[2011.07.20 12:09:14 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011.07.19 18:04:19 | 468,647,061 | ---- | C] () -- C:\Users\oem\Desktop\Soul.Surfer.2011.480p.BRRip.x264.AAC-mitu420.mkv
[2011.07.19 17:57:10 | 000,002,300 | ---- | C] () -- C:\Users\oem\Desktop\Internet Google Chrome.lnk
[2011.07.19 17:55:38 | 000,000,954 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-367092564-4290927158-3838574436-1000UA.job
[2011.07.19 17:55:36 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-367092564-4290927158-3838574436-1000Core.job
[2011.07.14 15:27:26 | 000,000,634 | ---- | C] () -- C:\Users\oem\Desktop\Filmy.lnk
[2011.07.13 23:01:26 | 000,023,774 | ---- | C] () -- C:\Users\oem\Desktop\11455.jpg
[2011.07.13 22:56:05 | 000,029,597 | ---- | C] () -- C:\Users\oem\Desktop\12037.jpg
[2011.07.13 22:55:50 | 000,029,230 | ---- | C] () -- C:\Users\oem\Desktop\12035.jpg
[2011.07.13 22:48:39 | 000,019,933 | ---- | C] () -- C:\Users\oem\Desktop\12712.jpg
[2011.07.13 22:47:17 | 000,020,297 | ---- | C] () -- C:\Users\oem\Desktop\12661.jpg
[2011.07.13 13:57:21 | 000,000,318 | ---- | C] () -- C:\Users\oem\Desktop\CZShare Manager.appref-ms
[2011.07.04 21:04:50 | 000,001,415 | ---- | C] () -- C:\Users\Public\Desktop\Licenční podmínky.lnk
[2011.07.04 21:04:50 | 000,001,408 | ---- | C] () -- C:\Users\Public\Desktop\Doplňující informace.lnk
[2011.07.04 21:04:50 | 000,001,391 | ---- | C] () -- C:\Users\Public\Desktop\Majetek a cenové předpisy, stav k 1.5.2011.lnk
[2011.07.04 21:04:50 | 000,001,389 | ---- | C] () -- C:\Users\Public\Desktop\Účetní poradce, stav k 1.5.2011.lnk
[2011.07.04 21:04:50 | 000,001,383 | ---- | C] () -- C:\Users\Public\Desktop\Poslední stav programu Quickbook.lnk
[2011.07.03 13:25:53 | 000,000,507 | ---- | C] () -- C:\Users\oem\Desktop\Default.aspx - Používá technologii Dokumenty Google.url
[2011.05.12 01:02:37 | 000,517,120 | ---- | C] () -- C:\Windows\System32\drivers\usbhub.sys
[2011.01.07 21:20:45 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo.dll
[2011.01.07 21:17:49 | 000,000,140 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin
[2010.11.30 16:23:44 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009.09.23 20:16:08 | 002,050,952 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2009.07.14 10:44:22 | 000,656,624 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2009.07.14 10:44:22 | 000,292,004 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2009.07.14 10:44:22 | 000,130,620 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2009.07.14 10:44:22 | 000,036,232 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,410,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,624,802 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,114,798 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:52:00 | 000,164,864 | ---- | C] () -- C:\Windows\System32\drivers\1394ohci.sys
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:50:56 | 000,217,088 | ---- | C] () -- C:\Windows\System32\drivers\hdaudbus.sys
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.14 01:12:21 | 000,187,904 | ---- | C] () -- C:\Windows\System32\drivers\netbt.sys
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.05.08 05:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== LOP Check ==========

[2010.12.01 12:11:18 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Ashampoo
[2010.12.10 10:07:53 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\AVG10
[2011.07.20 12:16:45 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\DAEMON Tools Lite
[2010.12.01 12:05:48 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\ESET
[2011.07.24 17:17:39 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Spyware Terminator
[2011.05.20 02:30:18 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & DestroyS\TeaTimer.exe -- [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.)
"SpywareTerminatorUpdate" = "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" -- [2011.07.24 17:16:26 | 003,037,696 | ---- | M] (Crawler.com)

< >


< MD5 for: AGP440.SYS >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\ERDNT\cache\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\System32\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010.11.20 14:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll

< MD5 for: CSRSS.EXE >
[2009.07.14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe
[2009.07.14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\ERDNT\cache\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: FASTFAT.SYS >
[2009.07.14 01:14:02 | 000,148,480 | ---- | M] (Microsoft Corporation) MD5=7E0AB74553476622FB6AE36F73D97D35 -- C:\Windows\System32\drivers\fastfat.sys
[2009.07.14 01:14:02 | 000,148,480 | ---- | M] (Microsoft Corporation) MD5=7E0AB74553476622FB6AE36F73D97D35 -- C:\Windows\winsxs\x86_microsoft-windows-fat_31bf3856ad364e35_6.1.7600.16385_none_ae8981a3b8b7be50\fastfat.sys

< MD5 for: HAL.DLL >
[2010.11.20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: IASTORV.SYS >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\isapnp.sys
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\ERDNT\cache\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\System32\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\ERDNT\cache\ndis.sys
[2009.07.14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009.07.14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys
[2010.11.20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys

< MD5 for: NETLOGON.DLL >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NTFS.SYS >
[2011.03.11 07:44:01 | 001,210,240 | ---- | M] (Microsoft Corporation) MD5=187002CE05693C306F43C873F821381F -- C:\Windows\ERDNT\cache\ntfs.sys
[2011.03.11 07:44:01 | 001,210,240 | ---- | M] (Microsoft Corporation) MD5=187002CE05693C306F43C873F821381F -- C:\Windows\System32\drivers\ntfs.sys
[2011.03.11 07:44:01 | 001,210,240 | ---- | M] (Microsoft Corporation) MD5=187002CE05693C306F43C873F821381F -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16778_none_a65558427e3453b4\ntfs.sys
[2010.11.20 14:30:06 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=33C3093D09017CFE2E219F2472BFF6EB -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_a87893a87b2db29e\ntfs.sys
[2009.07.14 03:20:44 | 001,210,432 | ---- | M] (Microsoft Corporation) MD5=3795DCD21F740EE799FB7223234215AF -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_a6477fe07e3f2f04\ntfs.sys
[2011.03.11 07:39:00 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=81189C3D7763838E55C397759D49007A -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_a83ab4fe7b5ba649\ntfs.sys
[2011.03.11 07:52:25 | 001,210,752 | ---- | M] (Microsoft Corporation) MD5=A7266D82DB9675AFBDED39695B69EDAC -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20921_none_a70e0489972fb38f\ntfs.sys
[2011.03.11 07:28:10 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=E2EDE3F02F95B896A1C7C6F0CC0C4083 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_a8b27fd79487b0a3\ntfs.sys

< MD5 for: NVRAID.SYS >
[2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys
[2010.11.20 14:30:06 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvraid.sys
[2011.03.11 07:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvraid.sys
[2011.03.11 07:28:10 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=E3B840350A72CA6F39BD2BEF85A2BCFB -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvraid.sys
[2011.03.11 07:44:01 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=F1B0BED906F97E16F6D0C3629D2F21C6 -- C:\Windows\System32\drivers\nvraid.sys
[2011.03.11 07:44:01 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=F1B0BED906F97E16F6D0C3629D2F21C6 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvraid.sys
[2011.03.11 07:44:01 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=F1B0BED906F97E16F6D0C3629D2F21C6 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvraid.sys
[2011.03.11 07:52:25 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=FCD5C3542A85EEBA7D0833B7E5086C10 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2007.04.20 05:12:58 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=615D79A1D2C98817FF2FDEB1B167D808 -- C:\swsetup\SP36079\WinVista32\IDE\WinVista\sata_ide\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SMSS.EXE >
[2009.07.14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\System32\smss.exe
[2009.07.14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe

< MD5 for: SPOOLSV.EXE >
[2010.08.20 06:25:14 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=2FB4CE429488156B19C0D8E5C4552043 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_d6ab9bc23bf9f1c6\spoolsv.exe
[2009.07.14 03:14:41 | 000,316,416 | ---- | M] (Microsoft Corporation) MD5=49B6DD6AB3715B7A67965F17194E98A9 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_d621f94522dc5a87\spoolsv.exe
[2010.11.20 14:17:45 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=866A43013535DC8587C258E43579C764 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_d8530d0d1fcade21\spoolsv.exe
[2010.08.21 07:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\ERDNT\cache\spoolsv.exe
[2010.08.21 07:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\System32\spoolsv.exe
[2010.08.21 07:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_d6339da722cfb4be\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011.07.21 12:17:03 | 001,180,672 | -H-- | M] () MD5=E9AB1B94129B06A6FD92C25CC412025E -- C:\Windows\update.tray-12-0-lnk\svchost.exe
[2011.07.21 12:17:03 | 001,180,672 | -H-- | M] () MD5=E9AB1B94129B06A6FD92C25CC412025E -- C:\Windows\update.tray-2-0-lnk\svchost.exe

< MD5 for: TCPIP.SYS >
[2011.04.25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\ERDNT\cache\tcpip.sys
[2011.04.25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\System32\drivers\tcpip.sys
[2011.04.25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011.04.25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010.11.20 14:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011.04.25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2011.04.25 06:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2010.06.14 08:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2010.06.14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WS2_32.DLL >
[2010.11.20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\ERDNT\cache\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< >

< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2009.07.14 03:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006.10.26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009.07.14 03:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll
[2009.07.14 10:43:31 | 000,003,584 | ---- | M] (Lexmark International Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\cs-CZ\LXKPTPRC.DLL.mui

< %systemroot%\system32\drivers\*.sys /5 >
[2011.07.24 16:49:17 | 000,023,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgfwd6x.sys
[2011.07.24 16:53:17 | 000,025,608 | ---- | M] (AVG Technologies ) -- C:\Windows\system32\drivers\AVGIDSwx.sys
[2011.07.24 16:53:09 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgldx86.sys
[2011.07.24 16:53:09 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgmfx86.sys
[2011.07.24 16:53:17 | 000,161,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgrkx86.sys
[2011.07.24 16:53:16 | 000,356,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgtdix.sys
[2011.07.20 12:09:25 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\system32\drivers\dtsoftbus01.sys
[2011.07.24 16:28:56 | 000,217,088 | ---- | M] () -- C:\Windows\system32\drivers\hdaudbus.sys
[2011.07.24 17:16:26 | 000,142,592 | ---- | M] () -- C:\Windows\system32\drivers\sp_rsdrv2.sys
[2011.07.24 16:06:19 | 000,517,120 | ---- | M] () -- C:\Windows\system32\drivers\usbhub.sys

< %systemroot%\system32\drivers\*.sys /X >
[2010.11.20 12:01:12 | 000,164,864 | ---- | M] () -- C:\Windows\system32\drivers\1394ohci.svs
[2009.06.10 23:14:29 | 003,440,660 | ---- | M] () -- C:\Windows\system32\drivers\gm.dls
[2009.06.10 23:14:29 | 000,000,646 | ---- | M] () -- C:\Windows\system32\drivers\gmreadme.txt
[2009.06.10 23:27:38 | 000,000,003 | ---- | M] () -- C:\Windows\system32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2010.12.01 12:01:45 | 000,000,000 | -H-- | M] () -- C:\Windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.12.16 20:21:32 | 000,000,000 | -H-- | M] () -- C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2000.11.19 09:56:14 | 000,014,380 | ---- | M] () -- C:\Windows\system32\drivers\OXSER.VXD
[2003.08.04 00:05:14 | 000,073,728 | ---- | M] (Socket Communications Inc.) -- C:\Windows\system32\drivers\SCBaud.cpl
[2002.12.12 15:35:46 | 000,086,016 | ---- | M] (Socket Communications Inc.) -- C:\Windows\system32\drivers\SCBaud.w9x
[2001.07.12 00:19:40 | 000,005,787 | ---- | M] () -- C:\Windows\system32\drivers\SCTB.VXD
[2007.01.12 06:22:10 | 000,040,960 | ---- | M] (Socket Communications Inc.) -- C:\Windows\system32\drivers\SCTray.exe
[2002.09.17 17:11:02 | 000,077,824 | ---- | M] (Socket Communications Inc.) -- C:\Windows\system32\drivers\SioUi2k.dll
[2004.03.02 22:04:38 | 000,016,486 | ---- | M] () -- C:\Windows\system32\drivers\sktsio9x.vxd
[2006.11.02 07:09:50 | 001,419,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\wdfcoinstaller01005.dll

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.* /5 >
[2011.07.24 21:30:25 | 000,014,256 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.24 21:30:25 | 000,014,256 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.24 16:53:18 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\avgrsstx.dll
[2011.07.24 21:25:48 | 000,130,620 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2011.07.24 21:25:48 | 000,114,798 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2011.07.24 21:25:48 | 000,656,624 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2011.07.24 21:25:48 | 000,624,802 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2011.07.24 21:25:48 | 001,522,792 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\config\*.sav >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\*.* /U /s >
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\a21e6b2afa668bcf5cca9a97187a34ed\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a21e6b2afa668bcf5cca9a97187a34ed\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\cb985c93a969aed0a2fd7e4ddc64cd02\*.tmp files -> C:\Windows\SoftwareDistribution\Download\cb985c93a969aed0a2fd7e4ddc64cd02\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %ALLUSERSPROFILE%\Data Aplikací\*.* >

< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.* >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s >

< %APPDATA%\*. >
[2011.01.05 14:15:17 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Adobe
[2010.12.01 12:11:18 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Ashampoo
[2010.12.10 10:07:53 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\AVG10
[2011.07.20 12:16:45 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\DAEMON Tools Lite
[2010.12.01 12:05:48 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\ESET
[2010.12.01 12:02:32 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\hpqLog
[2010.11.29 21:19:22 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Identities
[2010.11.30 15:59:13 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\InstallShield
[2010.12.10 11:09:09 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Macromedia
[2009.07.14 11:20:15 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Media Center Programs
[2011.07.24 16:41:22 | 000,000,000 | --SD | M] -- C:\Users\oem\AppData\Roaming\Microsoft
[2011.07.24 17:17:39 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Spyware Terminator
[2011.07.13 17:26:10 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\vlc
[2011.07.14 15:35:47 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\WinRAR

< %APPDATA%\*.* >

< %APPDATA%\*.exe /s >

< %SYSTEMDRIVE%\*.exe >

< >

< >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-19 09:49:10

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s >
"JobInactivityTimeout" = 7776000
"JobMinimumRetryDelay" = 600
"JobNoProgressTimeout" = 1209600
"LogFileFlags" = 0
"LogFileMinMemory" = 120
"LogFileSize" = 1
"TimeQuantaLength" = 300
"UseLmCompat" = 2
"IGDSearcherDLL" = bitsigd.dll -- [2009.07.14 03:14:59 | 000,039,936 | ---- | M] (Microsoft Corporation)
"StateIndex" = 1

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.07.24 21:58:23 | 000,000,512 | ---- | M] () MD5=C06C53E9D5BD3C16D1AC68C21A58F666 -- C:\PhysicalMBR.bin

< End of report >

á tady log extras ...


OTL Extras logfile created on: 24.7.2011 21:57:15 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\oem\Downloads
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1014,43 Mb Total Physical Memory | 284,39 Mb Available Physical Memory | 28,03% Memory free
1,99 Gb Paging File | 1,16 Gb Available in Paging File | 58,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,73 Gb Total Space | 29,85 Gb Free Space | 61,27% Space Free | Partition Type: NTFS
Drive D: | 100,21 Gb Total Space | 36,09 Gb Free Space | 36,01% Space Free | Partition Type: NTFS
Drive F: | 3,69 Gb Total Space | 2,67 Gb Free Space | 72,51% Space Free | Partition Type: FAT32

Computer Name: OEM-PC | User Name: oem | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallOverride" = 1
"DisableThumbnailCache" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2BE1DE38-5B5D-433E-BB92-B055AD540530}" = Účetní poradce
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{438BB9B4-65FE-4626-91D9-A8F57B18001D}" = Bluesoleil2.6.0.8 Release 070517
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1029-7B44-A92000000001}" = Adobe Reader 9.2 - Czech
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Burning Studio 8_is1" = Ashampoo Burning Studio 8.04
"CCleaner" = CCleaner
"CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Spyware Terminator_is1" = Spyware Terminator
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 1.1.9
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-367092564-4290927158-3838574436-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"75c0e0ceac8ef0d4" = CZShare Manager
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24.7.2011 15:49:45 | Computer Name = oem-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\program files\hewlett-packard\hp
quick launch buttons\RollBackDr64.exe se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 24.7.2011 15:50:10 | Computer Name = oem-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files\spybot - search
& destroys\DelZip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files\spybot - search & destroys\DelZip179.dll na řádku 8. Hodnota * atributu language
v prvku assemblyIdentity je neplatná.

Error - 24.7.2011 15:50:14 | Computer Name = oem-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files\spybot - search
& destroys\DelZip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files\spybot - search & destroys\DelZip179.dll na řádku 8. Hodnota * atributu language
v prvku assemblyIdentity je neplatná.

Error - 24.7.2011 15:50:21 | Computer Name = oem-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files\spybot - search
& destroys\DelZip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files\spybot - search & destroys\DelZip179.dll na řádku 8. Hodnota * atributu language
v prvku assemblyIdentity je neplatná.

Error - 24.7.2011 15:50:29 | Computer Name = oem-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Windows\system32\conhost.exe se
nezdařilo. Závislé sestavení Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 24.7.2011 16:14:52 | Computer Name = oem-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Windows\system32\conhost.exe se
nezdařilo. Závislé sestavení Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 24.7.2011 16:14:52 | Computer Name = oem-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Windows\system32\conhost.exe se
nezdařilo. Závislé sestavení Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 24.7.2011 16:14:53 | Computer Name = oem-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Windows\system32\conhost.exe se
nezdařilo. Závislé sestavení Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 24.7.2011 16:14:53 | Computer Name = oem-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Windows\system32\conhost.exe se
nezdařilo. Závislé sestavení Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 24.7.2011 16:14:53 | Computer Name = oem-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Windows\system32\conhost.exe se
nezdařilo. Závislé sestavení Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

[ System Events ]
Error - 24.7.2011 15:17:46 | Computer Name = oem-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 24.7.2011 15:19:05 | Computer Name = oem-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (21:17:50, ?24.?7.?2011) bylo neočekávané.

Error - 24.7.2011 15:19:13 | Computer Name = oem-PC | Source = Service Control Manager | ID = 7000
Description = Služba AVG9IDSShim neuspěla při spuštění v důsledku následující chyby:
%%3

Error - 24.7.2011 15:19:13 | Computer Name = oem-PC | Source = Service Control Manager | ID = 7001
Description = Služba AVG9IDSFilter závisí na službě AVG9IDSShim, která neuspěla
při spuštění v důsledku následující chyby: %%3

Error - 24.7.2011 15:19:13 | Computer Name = oem-PC | Source = Service Control Manager | ID = 7001
Description = Služba AVG9IDSDriver závisí na službě AVG9IDSFilter, která neuspěla
při spuštění v důsledku následující chyby: %%1068

Error - 24.7.2011 15:19:13 | Computer Name = oem-PC | Source = Service Control Manager | ID = 7002
Description = Služba AVG9IDSAgent závisí na skupině AVGIDSDriver a žádný člen této
skupiny nebyl spuštěn.

Error - 24.7.2011 15:19:14 | Computer Name = oem-PC | Source = Service Control Manager | ID = 7000
Description = Služba AVG WatchDog neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 24.7.2011 15:19:14 | Computer Name = oem-PC | Source = Service Control Manager | ID = 7000
Description = Služba AVG Firewall neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 24.7.2011 15:20:17 | Computer Name = oem-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 24.7.2011 15:47:17 | Computer Name = oem-PC | Source = volsnap | ID = 393252
Description = Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného
uživatelem se nepodařilo zvětšit úložiště stínové kopie.


< End of report >

Co uděláme s těmi nelegálními programy?

No a to jsou které? .....samozřejmě nelegální software odstraním....
...je to NTB přítelkyně, která prej "byla jen na FB a to samo "....měla tam tuším free NOD a já jsem jí tam potom naivně zkoušel ve snaze odstranit vira naistalovat AVG, ale v půlce instalace se vypl PC a ted tam asi figuruje ale odstranit nejde (nikde nejde odinstalovat)
btw: jak mam odstranit spyware programy, které díky viru nejdou spustit? když je chci smazat ručně, tak to napíše že nemám práva...děkuji

.....pročetl jsem forum a zkusil jsem oddělat zbytky nenainstalovaného nelegálního AVG a naistalovat AVAST.....přikládám log ...děkuji

OTL logfile created on: 25.7.2011 2:29:11 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\oem\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1014,43 Mb Total Physical Memory | 307,00 Mb Available Physical Memory | 30,26% Memory free
1,99 Gb Paging File | 1,14 Gb Available in Paging File | 57,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,73 Gb Total Space | 29,38 Gb Free Space | 60,30% Space Free | Partition Type: NTFS
Drive D: | 100,21 Gb Total Space | 36,09 Gb Free Space | 36,01% Space Free | Partition Type: NTFS

Computer Name: OEM-PC | User Name: oem | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.07.25 02:03:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\oem\Desktop\OTL.exe
PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.07.04 13:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011.07.04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (SafeList) ==========

MOD - [2011.07.25 02:03:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\oem\Desktop\OTL.exe
MOD - [2011.07.04 13:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Stopped] -- -- (sp_rssrv)
SRV - File not found [Unknown | Stopped] -- -- (hpqwmiex)
SRV - File not found [Unknown | Stopped] -- -- (Com4QLBEx)
SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.11.30 17:12:16 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Unknown | Running] -- -- (NetBT)
DRV - [2011.07.20 12:09:25 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.07.04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.07.04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.07.04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.07.04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.07.04 13:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.07.04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.01.13 23:08:01 | 000,483,200 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2010.11.20 12:01:12 | 000,164,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009.11.16 10:06:52 | 000,095,896 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2009.11.16 10:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.11.16 09:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009.04.29 09:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009.04.20 10:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2007.05.11 04:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007.05.09 02:59:40 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007.03.05 07:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007.03.05 06:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT)
DRV - [2007.03.05 06:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2007.03.05 06:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2007.03.05 06:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)
DRV - [2007.03.05 06:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
DRV - [2006.11.16 10:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006.11.16 05:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.16 03:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-367092564-4290927158-3838574436-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-367092564-4290927158-3838574436-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\oem\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\oem\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird


O1 HOSTS File: ([2011.07.24 21:19:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-367092564-4290927158-3838574436-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-367092564-4290927158-3838574436-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.32.250 153.19.250.100 0.0.0.0 208.67.222.222
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.07.25 02:02:47 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\oem\Desktop\OTL.exe
[2011.07.25 02:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011.07.25 02:02:31 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011.07.25 02:02:30 | 000,309,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011.07.25 02:02:28 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011.07.25 02:02:25 | 000,043,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011.07.25 02:02:24 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011.07.25 02:02:20 | 000,054,104 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011.07.25 02:01:32 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.07.25 02:01:32 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.07.25 02:01:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011.07.25 02:01:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011.07.25 00:20:29 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\Malwarebytes
[2011.07.25 00:20:15 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.07.25 00:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.07.25 00:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.07.25 00:20:10 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.07.25 00:20:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.07.25 00:10:47 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & DestroyY
[2011.07.24 21:26:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.07.24 21:17:14 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Local\temp
[2011.07.24 19:26:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.07.24 19:16:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.07.24 17:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.07.24 17:18:43 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011.07.24 17:16:26 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\Spyware Terminator
[2011.07.24 17:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2011.07.24 17:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2011.07.24 17:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & DestroyS
[2011.07.24 16:57:37 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-12-0-lnk
[2011.07.24 16:57:37 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-12-0
[2011.07.24 16:53:20 | 000,000,000 | ---D | C] -- C:\$AVG
[2011.07.24 16:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2011.07.24 16:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2011.07.24 16:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2011.07.24 16:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2011.07.24 16:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.07.24 16:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.07.24 15:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.07.24 15:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.07.21 12:32:50 | 000,000,000 | ---D | C] -- C:\Windows\ufa
[2011.07.21 12:32:49 | 000,000,000 | ---D | C] -- C:\Windows\phoenix
[2011.07.21 12:29:35 | 000,000,000 | ---D | C] -- C:\Windows\av_ico
[2011.07.21 12:28:17 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-2-0-lnk
[2011.07.21 12:28:17 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-2-0
[2011.07.20 16:31:17 | 000,000,000 | ---D | C] -- C:\Users\oem\Documents\18 WoS Extreme Trucker 2
[2011.07.20 12:21:14 | 000,000,000 | ---D | C] -- C:\Users\oem\Desktop\X-Men_-__First_Class_(2011_R5_XviD)_+_CZ_titulky
[2011.07.20 12:09:25 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011.07.20 12:09:09 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011.07.20 12:08:44 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\DAEMON Tools Lite
[2011.07.20 12:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011.07.19 17:57:04 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.07.19 17:55:34 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Local\Google
[2011.07.14 15:46:46 | 000,000,000 | ---D | C] -- C:\Users\oem\Desktop\IronClad
[2011.07.14 15:40:53 | 000,000,000 | R--D | C] -- C:\Users\oem\Desktop\Hudba
[2011.07.14 15:35:32 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\WinRAR
[2011.07.14 15:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.07.14 15:35:31 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.07.14 15:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011.07.13 13:57:21 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CZShare
[2011.07.13 13:57:08 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Local\Apps
[2011.07.13 13:57:07 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Local\Deployment
[2011.07.13 13:56:50 | 000,000,000 | ---D | C] -- C:\Users\oem\Desktop\CZShareManager
[2011.07.13 09:28:15 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011.07.13 09:28:15 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.07.13 09:27:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.13 09:27:56 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011.07.13 09:27:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.07.13 09:27:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011.07.13 09:27:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.07.13 09:27:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011.07.13 09:27:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.07.13 09:27:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011.07.13 09:27:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011.07.13 09:27:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011.07.13 09:27:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.07.13 09:27:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011.07.13 09:27:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011.07.13 09:27:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011.07.13 09:27:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011.07.13 09:27:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011.07.13 09:27:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011.07.13 09:27:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011.07.13 09:27:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011.07.13 09:27:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.07.13 09:27:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011.07.13 09:27:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011.07.13 09:27:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011.07.13 09:27:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011.07.13 09:27:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011.07.13 09:27:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011.07.13 09:27:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011.07.13 09:27:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011.07.13 09:27:46 | 002,332,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.07.04 21:04:59 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Local\Adobe
[2011.07.04 21:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP-Soft
[2011.07.04 20:58:03 | 000,000,000 | ---D | C] -- C:\UP2011
[2011.07.04 20:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011.06.29 23:16:52 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.06.29 23:16:51 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.06.29 23:16:50 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.06.29 23:16:50 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.06.29 23:16:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.06.29 23:16:49 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.06.29 23:16:49 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.06.29 23:16:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.06.29 23:16:48 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.06.29 23:16:48 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.06.29 23:16:47 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.06.29 22:35:27 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011.06.29 22:35:27 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011.06.29 22:35:24 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011.06.29 22:35:24 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011.06.29 22:35:23 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011.06.29 22:35:22 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011.06.29 22:31:07 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

========== Files - Modified Within 30 Days ==========

[2011.07.25 02:22:12 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.25 02:22:12 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.25 02:19:58 | 000,656,624 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2011.07.25 02:19:58 | 000,624,802 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.25 02:19:58 | 000,130,620 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2011.07.25 02:19:58 | 000,114,798 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.07.25 02:12:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.25 02:12:22 | 797,777,920 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.25 02:03:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\oem\Desktop\OTL.exe
[2011.07.25 02:02:32 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.07.25 02:02:20 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011.07.25 02:00:03 | 000,000,954 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-367092564-4290927158-3838574436-1000UA.job
[2011.07.25 00:20:15 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.24 21:58:23 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.07.24 21:19:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.07.24 17:16:26 | 000,142,592 | ---- | M] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011.07.24 17:00:15 | 000,203,160 | -H-- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110724-170249.backup
[2011.07.24 15:56:07 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.07.21 12:33:21 | 000,904,792 | ---- | M] () -- C:\Windows\geoiplist.rar
[2011.07.21 12:33:21 | 000,246,272 | ---- | M] () -- C:\Windows\unrar.exe
[2011.07.20 12:09:25 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011.07.20 12:09:14 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011.07.19 18:20:24 | 468,647,061 | ---- | M] () -- C:\Users\oem\Desktop\Soul.Surfer.2011.480p.BRRip.x264.AAC-mitu420.mkv
[2011.07.19 18:00:02 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-367092564-4290927158-3838574436-1000Core.job
[2011.07.19 17:57:10 | 000,002,300 | ---- | M] () -- C:\Users\oem\Desktop\Internet Google Chrome.lnk
[2011.07.17 03:24:20 | 004,636,907 | ---- | M] () -- C:\Windows\geoiplist
[2011.07.14 15:27:26 | 000,000,634 | ---- | M] () -- C:\Users\oem\Desktop\Filmy.lnk
[2011.07.13 23:01:19 | 000,023,774 | ---- | M] () -- C:\Users\oem\Desktop\11455.jpg
[2011.07.13 22:55:58 | 000,029,597 | ---- | M] () -- C:\Users\oem\Desktop\12037.jpg
[2011.07.13 22:55:44 | 000,029,230 | ---- | M] () -- C:\Users\oem\Desktop\12035.jpg
[2011.07.13 22:48:25 | 000,019,933 | ---- | M] () -- C:\Users\oem\Desktop\12712.jpg
[2011.07.13 22:46:59 | 000,020,297 | ---- | M] () -- C:\Users\oem\Desktop\12661.jpg
[2011.07.13 14:46:27 | 000,410,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.07.13 13:57:21 | 000,000,318 | ---- | M] () -- C:\Users\oem\Desktop\CZShare Manager.appref-ms
[2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.07.04 21:04:50 | 000,001,415 | ---- | M] () -- C:\Users\Public\Desktop\Licenční podmínky.lnk
[2011.07.04 21:04:50 | 000,001,408 | ---- | M] () -- C:\Users\Public\Desktop\Doplňující informace.lnk
[2011.07.04 21:04:50 | 000,001,391 | ---- | M] () -- C:\Users\Public\Desktop\Majetek a cenové předpisy, stav k 1.5.2011.lnk
[2011.07.04 21:04:50 | 000,001,389 | ---- | M] () -- C:\Users\Public\Desktop\Účetní poradce, stav k 1.5.2011.lnk
[2011.07.04 21:04:50 | 000,001,383 | ---- | M] () -- C:\Users\Public\Desktop\Poslední stav programu Quickbook.lnk
[2011.07.04 13:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.07.04 13:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.07.04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011.07.04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011.07.04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011.07.04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011.07.04 13:32:20 | 000,054,104 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011.07.04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011.07.03 13:25:54 | 000,000,507 | ---- | M] () -- C:\Users\oem\Desktop\Default.aspx - Používá technologii Dokumenty Google.url

========== Files Created - No Company Name ==========

[2011.07.25 02:02:32 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.07.25 00:20:15 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.24 21:58:23 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.07.24 19:30:20 | 000,164,864 | ---- | C] () -- C:\Windows\System32\drivers\1394ohci.svs
[2011.07.24 17:16:26 | 000,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011.07.24 15:56:07 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.07.21 12:33:12 | 004,636,907 | ---- | C] () -- C:\Windows\geoiplist
[2011.07.21 12:33:11 | 000,904,792 | ---- | C] () -- C:\Windows\geoiplist.rar
[2011.07.21 12:32:48 | 000,246,272 | ---- | C] () -- C:\Windows\unrar.exe
[2011.07.20 12:09:14 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011.07.19 18:04:19 | 468,647,061 | ---- | C] () -- C:\Users\oem\Desktop\Soul.Surfer.2011.480p.BRRip.x264.AAC-mitu420.mkv
[2011.07.19 17:57:10 | 000,002,300 | ---- | C] () -- C:\Users\oem\Desktop\Internet Google Chrome.lnk
[2011.07.19 17:55:38 | 000,000,954 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-367092564-4290927158-3838574436-1000UA.job
[2011.07.19 17:55:36 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-367092564-4290927158-3838574436-1000Core.job
[2011.07.14 15:27:26 | 000,000,634 | ---- | C] () -- C:\Users\oem\Desktop\Filmy.lnk
[2011.07.13 23:01:26 | 000,023,774 | ---- | C] () -- C:\Users\oem\Desktop\11455.jpg
[2011.07.13 22:56:05 | 000,029,597 | ---- | C] () -- C:\Users\oem\Desktop\12037.jpg
[2011.07.13 22:55:50 | 000,029,230 | ---- | C] () -- C:\Users\oem\Desktop\12035.jpg
[2011.07.13 22:48:39 | 000,019,933 | ---- | C] () -- C:\Users\oem\Desktop\12712.jpg
[2011.07.13 22:47:17 | 000,020,297 | ---- | C] () -- C:\Users\oem\Desktop\12661.jpg
[2011.07.13 13:57:21 | 000,000,318 | ---- | C] () -- C:\Users\oem\Desktop\CZShare Manager.appref-ms
[2011.07.04 21:04:50 | 000,001,415 | ---- | C] () -- C:\Users\Public\Desktop\Licenční podmínky.lnk
[2011.07.04 21:04:50 | 000,001,408 | ---- | C] () -- C:\Users\Public\Desktop\Doplňující informace.lnk
[2011.07.04 21:04:50 | 000,001,391 | ---- | C] () -- C:\Users\Public\Desktop\Majetek a cenové předpisy, stav k 1.5.2011.lnk
[2011.07.04 21:04:50 | 000,001,389 | ---- | C] () -- C:\Users\Public\Desktop\Účetní poradce, stav k 1.5.2011.lnk
[2011.07.04 21:04:50 | 000,001,383 | ---- | C] () -- C:\Users\Public\Desktop\Poslední stav programu Quickbook.lnk
[2011.07.03 13:25:53 | 000,000,507 | ---- | C] () -- C:\Users\oem\Desktop\Default.aspx - Používá technologii Dokumenty Google.url
[2011.01.07 21:20:45 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo.dll
[2011.01.07 21:17:49 | 000,000,140 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin
[2010.11.30 16:23:44 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009.09.23 20:16:08 | 002,050,952 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2009.07.14 10:44:22 | 000,656,624 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2009.07.14 10:44:22 | 000,292,004 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2009.07.14 10:44:22 | 000,130,620 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2009.07.14 10:44:22 | 000,036,232 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,410,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,624,802 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,114,798 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:52:00 | 000,164,864 | ---- | C] () -- C:\Windows\System32\drivers\1394ohci.sys
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.05.08 05:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== LOP Check ==========

[2010.12.01 12:11:18 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Ashampoo
[2011.07.25 01:34:40 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\DAEMON Tools Lite
[2010.12.01 12:05:48 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\ESET
[2011.07.24 17:17:39 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Spyware Terminator
[2011.05.20 02:30:18 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

< End of report >