STDRT.exe

[Druzdak]

Dobrý den, mám problém s virem stdrt.exe který vidím v procesech, pořád něco stahuje, žere cpu (300 000 kb paměti) a k tomu všemu ještě pouští náhodné zvuky. Po foru jsem se dočetl že po restartu se objeví znova a přes hledání byl v temp souborech. Log je pořízený když byl v procesech vypnutý.


Logfile of random's system information tool 1.09 (written by random/random)
Run by uživatel at 2011-09-04 01:35:00
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 720 GB (76%) free of 954 GB
Total RAM: 3319 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:35:29, on 4.9.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Users\uživatel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\uživatel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\uživatel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\uživatel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\uživatel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Users\uživatel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\uživatel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\uživatel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\system32\taskmgr.exe
C:\Users\uživatel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\uživatel\Downloads\RSIT.exe
C:\Program Files\trend micro\uživatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\uživatel\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\uživatel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: LOLRecorder.lnk = C:\Program Files\LOLReplay\LOLRecorder.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\uživatel\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\uživatel\AppData\Roaming\FlashGetBHO\GetUrl.htm
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Adobe Licensing Console - - C:\Windows\system32\mrvcl32.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

--
End of file - 7494 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2419579696-3991638777-3736419961-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2419579696-3991638777-3736419961-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\n8cubmmw.default

prefs.js - "browser.startup.homepage" - "http://start.icq.com/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.1.9&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
npdnu.dll
npdnu.xpt
npdnupdater2.dll
npdnupdater2.xpt
npnul32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\n8cubmmw.default\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}

C:\Users\uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\n8cubmmw.default\searchplugins\
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16 3942048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}]
FlashGetBHO - C:\Users\uživatel\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll [2009-12-22 157232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-07-14 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-07-04 3493720]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-02-09 500208]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\uživatel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-31 136176]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"Aim"=C:\Program Files\AIM\aim.exe [2011-01-05 4321112]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-09-23 4240760]
"Steam"=C:\Program Files\Steam\Steam.exe [2011-08-02 1242448]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-08-18 17360520]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
LOLRecorder.lnk - C:\Program Files\LOLReplay\LOLRecorder.exe

C:\Users\uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe"="C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"msacm.divxa32"=msaud32_divx.acm
"VIDC.XFR1"=xfcodec.dll
"msacm.siren"=sirenacm.dll
"msacm.vorbis"=vorbis.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-09-04 01:35:01 ----D---- C:\Program Files\trend micro
2011-09-04 01:35:00 ----D---- C:\rsit
2011-09-01 12:56:30 ----A---- C:\Windows\system32\mrvcl32.exe
2011-08-29 17:17:29 ----D---- C:\Program Files\Screaming Bee LLC
2011-08-29 17:10:49 ----D---- C:\Users\uživatel\AppData\Roaming\Screaming Bee
2011-08-29 17:10:10 ----D---- C:\ProgramData\Screaming Bee
2011-08-29 17:10:10 ----D---- C:\Program Files\Screaming Bee
2011-08-29 01:37:01 ----D---- C:\Program Files\Heroes of Newerth
2011-08-27 18:32:55 ----A---- C:\Windows\system32\tzres.dll
2011-08-14 23:28:10 ----D---- C:\Program Files\LOLReplay
2011-08-13 01:02:53 ----A---- C:\Windows\War3Unin.pif
2011-08-13 01:02:53 ----A---- C:\Windows\War3Unin.exe
2011-08-13 01:02:53 ----A---- C:\Windows\War3Unin.dat
2011-08-10 19:55:54 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-10 19:55:53 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-08-10 19:55:52 ----A---- C:\Windows\system32\xmllite.dll
2011-08-10 19:55:52 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-08-10 19:55:47 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-08-10 19:55:42 ----A---- C:\Windows\system32\iertutil.dll
2011-08-10 19:55:41 ----A---- C:\Windows\system32\mshtml.dll
2011-08-10 19:55:41 ----A---- C:\Windows\system32\ieframe.dll
2011-08-10 19:55:40 ----A---- C:\Windows\system32\wininet.dll
2011-08-10 19:55:40 ----A---- C:\Windows\system32\urlmon.dll
2011-08-10 19:55:40 ----A---- C:\Windows\system32\msfeeds.dll
2011-08-10 19:55:39 ----A---- C:\Windows\system32\url.dll
2011-08-10 19:55:39 ----A---- C:\Windows\system32\mshtmled.dll
2011-08-10 19:55:39 ----A---- C:\Windows\system32\ieui.dll
2011-08-10 19:55:38 ----A---- C:\Windows\system32\jsproxy.dll
2011-08-10 19:55:35 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-10 19:55:35 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-08-10 19:55:35 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-08-10 19:55:35 ----A---- C:\Windows\system32\winsrv.dll
2011-08-10 19:55:35 ----A---- C:\Windows\system32\KernelBase.dll
2011-08-10 19:55:35 ----A---- C:\Windows\system32\kernel32.dll
2011-08-10 19:55:35 ----A---- C:\Windows\system32\conhost.exe
2011-08-10 19:55:34 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-08-10 19:55:34 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-08-10 19:55:34 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-10 19:55:34 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-08-10 19:55:34 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-10 19:55:34 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-08-10 19:55:34 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-10 19:55:34 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-10 19:55:34 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-10 19:55:34 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-08-10 19:55:34 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-08-10 19:55:34 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-10 19:55:34 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-10 19:55:34 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-08-10 19:55:34 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-10 19:55:34 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-08-10 19:55:34 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-08-10 19:55:34 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-08-10 19:55:34 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-10 19:55:34 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-08-10 19:55:34 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-08-10 19:55:34 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-08-10 19:55:33 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-08-10 19:55:33 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-08-10 19:55:33 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-08-10 19:55:32 ----A---- C:\Windows\system32\odbctrac.dll
2011-08-10 19:55:32 ----A---- C:\Windows\system32\odbcjt32.dll
2011-08-10 19:55:32 ----A---- C:\Windows\system32\odbccu32.dll
2011-08-10 19:55:32 ----A---- C:\Windows\system32\odbccr32.dll
2011-08-10 19:55:32 ----A---- C:\Windows\system32\odbccp32.dll
2011-08-09 08:06:48 ----D---- C:\Users\uživatel\AppData\Roaming\SGTY
2011-08-09 08:01:36 ----D---- C:\Users\uživatel\AppData\Roaming\Realm of the Titans
2011-08-09 08:00:25 ----D---- C:\AeriaGames
2011-08-08 19:54:37 ----A---- C:\Users\uživatel\AppData\Roaming\room_v3.dat
2011-08-08 19:52:32 ----D---- C:\Program Files\Garena
2011-08-07 22:37:46 ----D---- C:\Users\uživatel\AppData\Roaming\Rovio

======List of files/folders modified in the last 1 month======

2011-09-04 01:35:26 ----D---- C:\Windows\Temp
2011-09-04 01:35:11 ----D---- C:\Windows\Prefetch
2011-09-04 01:35:01 ----RD---- C:\Program Files
2011-09-04 01:32:25 ----D---- C:\Users\uživatel\AppData\Roaming\Winamp
2011-09-04 01:32:25 ----D---- C:\Users\uživatel\AppData\Roaming\Skype
2011-09-04 01:32:25 ----D---- C:\Program Files\Steam
2011-09-04 01:32:18 ----D---- C:\Windows\Logs
2011-09-04 01:32:18 ----D---- C:\Windows\debug
2011-09-04 01:32:18 ----D---- C:\Windows
2011-09-04 01:21:22 ----D---- C:\Windows\system32\config
2011-09-04 01:09:31 ----D---- C:\Windows\System32
2011-09-04 01:09:25 ----D---- C:\Program Files\Common Files\Akamai
2011-09-03 19:41:13 ----D---- C:\ProgramData\PMB Files
2011-09-03 09:52:29 ----D---- C:\Windows\system32\drivers
2011-09-03 09:02:08 ----RSD---- C:\Windows\assembly
2011-09-03 09:02:08 ----D---- C:\Windows\Microsoft.NET
2011-09-01 22:12:14 ----D---- C:\Windows\inf
2011-09-01 22:12:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-09-01 17:16:50 ----SHD---- C:\Windows\Installer
2011-09-01 17:11:10 ----SHD---- C:\System Volume Information
2011-09-01 17:10:37 ----D---- C:\Windows\system32\NDF
2011-09-01 16:12:15 ----D---- C:\Users\uživatel\AppData\Roaming\BITS
2011-09-01 13:46:18 ----SD---- C:\Users\uživatel\AppData\Roaming\Microsoft
2011-09-01 13:46:18 ----SD---- C:\ProgramData\Microsoft
2011-09-01 12:57:01 ----D---- C:\Program Files\Image-Line
2011-08-31 20:24:58 ----D---- C:\Program Files\Silkroad
2011-08-30 18:10:26 ----D---- C:\Windows\rescache
2011-08-29 17:20:33 ----D---- C:\Windows\system32\catroot2
2011-08-29 17:10:22 ----D---- C:\Windows\system32\catroot
2011-08-29 17:10:20 ----D---- C:\Windows\system32\DriverStore
2011-08-29 17:10:10 ----HD---- C:\ProgramData
2011-08-28 02:01:50 ----D---- C:\Windows\winsxs
2011-08-28 02:01:40 ----D---- C:\Windows\system32\cs-CZ
2011-08-27 16:53:35 ----D---- C:\Windows\system32\Tasks
2011-08-27 16:53:28 ----RD---- C:\Program Files\Skype
2011-08-27 16:53:24 ----D---- C:\ProgramData\Skype
2011-08-13 01:00:48 ----D---- C:\HRY
2011-08-11 08:18:14 ----D---- C:\Windows\system32\migration
2011-08-11 08:18:14 ----D---- C:\Program Files\Internet Explorer
2011-08-11 00:37:50 ----A---- C:\Windows\system32\MRT.exe
2011-08-09 08:01:33 ----D---- C:\Windows\system32\directx
2011-08-09 08:01:28 ----HD---- C:\Windows\msdownld.tmp
2011-08-08 18:28:41 ----A---- C:\Windows\system32\PnkBstrB.exe
2011-08-07 23:12:22 ----D---- C:\Downloads
2011-08-07 22:39:44 ----D---- C:\Program Files\NVIDIA Corporation
2011-08-07 22:39:44 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 TPkd;TPkd; C:\Windows\system32\drivers\TPkd.sys [2009-12-23 86016]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-07-04 441176]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-07-04 43608]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-23 218688]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-09-07 3187816]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
R3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\Windows\system32\drivers\ScreamingBAudio.sys [2010-07-01 34896]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\safedrv.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;Ovladač WinUSB; C:\Windows\system32\drivers\WinUSB.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-07-04 42184]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-08-08 129640]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2011-05-07 75136]
R2 TeamViewer6;TeamViewer 6; C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-08-03 411432]
S2 Adobe Licensing Console;Adobe Licensing Console; C:\Windows\system32\mrvcl32.exe [2011-09-01 819729]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-08 136120]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2011-04-24 4303928]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-12-31 1343400]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[vyosek]

Zdravim a pekny den preji

Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

• Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
• Pokud utilita najde infikekci, bude ji chtit lecit (Cure), povolte leceni kliknutim na Continue
• Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
• Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
• Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
• Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte

Stahnete SytemLook (viz muj podpis) a ulozte jej na plochu

• Do okna vlozte skript nize

• Kód: Vybrat vše

  :filefind
  stdrt.exe
  
  :regfind
  stdrt.exe

• Kliknete na Look
• Tlacitko Look se zmeni na Scanning a zsedne
• Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
• Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte

[Druzdak]

Opět zdravím.První program našel 0 věcí mám taky házet log? A mohu vypnout stdrt.exe v procesech? Hodně to žere paměť.. A od včerejška se mi volné místo na C zmenšilo o 17 GB. Přikládám log systemlooku.


SystemLook 30.07.11 by jpshortstuff
Log created at 12:01 on 04/09/2011 by uživatel
Administrator - Elevation successful

========== filefind ==========

Searching for "stdrt.exe"
C:\Windows\Temp\mrt389C.tmp\stdrt.exe --a---- 368640 bytes [09:51 04/09/2011] [09:51 04/09/2011] 685FFCD7C90059DDD988373A09780BF0
C:\Windows\Temp\mrt586B.tmp\stdrt.exe --a---- 368640 bytes [12:47 03/09/2011] [12:47 03/09/2011] 685FFCD7C90059DDD988373A09780BF0
C:\Windows\Temp\mrt68DF.tmp\stdrt.exe --a---- 368640 bytes [09:57 04/09/2011] [09:57 04/09/2011] 685FFCD7C90059DDD988373A09780BF0
C:\Windows\Temp\mrt784A.tmp\stdrt.exe --a---- 368640 bytes [23:08 03/09/2011] [23:08 03/09/2011] 685FFCD7C90059DDD988373A09780BF0
C:\Windows\Temp\mrtC4C4.tmp\stdrt.exe --a---- 368640 bytes [06:41 03/09/2011] [06:41 03/09/2011] 685FFCD7C90059DDD988373A09780BF0

========== regfind ==========

Searching for "stdrt.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\294d29c6_0]
@="{0.0.0.00000000}.{b86a678a-e4fb-493a-aad9-e2c820c47450}|\Device\HarddiskVolume2\Windows\Temp\mrt68DF.tmp\stdrt.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\37468512_0]
@="{0.0.0.00000000}.{b86a678a-e4fb-493a-aad9-e2c820c47450}|\Device\HarddiskVolume2\Windows\Temp\mrt784A.tmp\stdrt.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name"="stdrt.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\stdrt.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication]
"Name"="stdrt.exe"
[HKEY_USERS\S-1-5-21-2419579696-3991638777-3736419961-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\294d29c6_0]
@="{0.0.0.00000000}.{b86a678a-e4fb-493a-aad9-e2c820c47450}|\Device\HarddiskVolume2\Windows\Temp\mrt68DF.tmp\stdrt.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2419579696-3991638777-3736419961-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\37468512_0]
@="{0.0.0.00000000}.{b86a678a-e4fb-493a-aad9-e2c820c47450}|\Device\HarddiskVolume2\Windows\Temp\mrt784A.tmp\stdrt.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication]
"Name"="stdrt.exe"

-= EOF =-

[vyosek]

Log netreba pokud nic nenasel...

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte

[Druzdak]

Combofix Log :


ComboFix 11-09-03.01 - uživatel 04.09.2011 14:56:43.1.8 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3319.2173 [GMT 2:00]
Spuštěný z: c:\users\u×ivatel\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\system32\mfc100deu.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-04 do 2011-09-04 )))))))))))))))))))))))))))))))
.
.
2011-09-04 13:02 . 2011-09-04 13:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-04 09:58 . 2011-09-04 09:58 -------- d-----w- c:\users\uživatel\AppData\Local\{288235DE-52E5-4CD7-B9F9-79161E2AA922}
2011-09-04 09:52 . 2011-09-04 09:52 -------- d-----w- c:\users\uživatel\AppData\Local\{365F0C27-4BB4-477C-9A3A-8D023A1EEF43}
2011-09-03 23:35 . 2011-09-03 23:35 -------- d-----w- c:\program files\trend micro
2011-09-03 23:35 . 2011-09-03 23:35 -------- d-----w- C:\rsit
2011-09-03 23:09 . 2011-09-03 23:09 -------- d-----w- c:\users\uživatel\AppData\Local\{8C33E035-D461-4756-9CB7-3A2BEC9FF674}
2011-09-03 12:48 . 2011-09-03 12:48 -------- d-----w- c:\users\uživatel\AppData\Local\{1A1B4EC0-A287-425A-9B12-0E637A8AE5DD}
2011-09-03 06:45 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{566D7267-CE2F-4D92-9996-760394CFE6E9}\mpengine.dll
2011-09-03 06:41 . 2011-09-03 06:42 -------- d-----w- c:\users\uživatel\AppData\Local\{8E99AC6B-DDB2-45F8-850E-B5C28FE686F0}
2011-09-02 21:33 . 2011-09-02 21:33 -------- d-----w- c:\users\uživatel\AppData\Local\{2BBA004D-27E9-428D-9116-3D9DD21B6DB4}
2011-09-02 12:41 . 2011-09-02 12:41 -------- d-----w- c:\users\uživatel\AppData\Local\{85F3AC65-16F3-441D-BBAC-7133D9AE468C}
2011-09-02 05:04 . 2011-09-02 05:04 -------- d-----w- c:\users\uživatel\AppData\Local\{4C982E89-D286-49E8-A1E4-0BF6D13322A6}
2011-09-01 15:22 . 2011-09-01 15:22 -------- d-----w- c:\users\uživatel\AppData\Local\{3342FC35-92F6-432D-8FFA-773B68FFA2FE}
2011-09-01 11:00 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\system32\vorbis.acm
2011-09-01 10:56 . 2011-09-01 10:56 819729 ----a-w- c:\windows\system32\mrvcl32.exe
2011-09-01 09:07 . 2011-09-01 09:07 -------- d-----w- c:\users\uživatel\AppData\Local\{DCE7EFDC-2018-4498-88F5-F2A99B7769FF}
2011-09-01 05:00 . 2011-09-01 05:01 -------- d-----w- c:\users\uživatel\AppData\Local\{CC022E96-C006-4CC2-BE8E-244E24C62413}
2011-08-31 11:38 . 2011-08-31 11:38 -------- d-----w- c:\users\uživatel\AppData\Local\{A12A3FE5-C1FB-4BD8-971E-B0FC8DF40220}
2011-08-31 08:14 . 2011-08-31 08:14 -------- d-----w- c:\users\uživatel\AppData\Local\{067ECDF6-8544-4D88-AA9A-8A2DC295D81A}
2011-08-30 14:25 . 2011-08-30 14:25 -------- d-----w- c:\users\uživatel\AppData\Local\{D776F60C-D6CA-49DC-8D6D-5749C8E7977B}
2011-08-30 09:23 . 2011-08-30 09:23 -------- d-----w- c:\users\uživatel\AppData\Local\{6920279A-C260-49BF-8393-0A6A53E7E99A}
2011-08-29 22:19 . 2011-08-29 22:19 -------- d-----w- c:\users\uživatel\AppData\Local\{037E3C4B-F8D1-47CC-AD6D-25F995D5D153}
2011-08-29 21:09 . 2011-08-29 21:09 -------- d-----w- c:\users\uživatel\AppData\Local\{B0CCC690-3FA2-44F1-84BC-B8D1E369865D}
2011-08-29 15:17 . 2011-08-29 15:17 -------- d-----w- c:\program files\Screaming Bee LLC
2011-08-29 15:10 . 2011-08-29 15:10 -------- d-----w- c:\users\uživatel\AppData\Roaming\Screaming Bee
2011-08-29 15:10 . 2011-08-30 10:35 -------- d-----w- c:\program files\Screaming Bee
2011-08-29 15:10 . 2011-08-29 15:10 -------- d-----w- c:\programdata\Screaming Bee
2011-08-29 14:57 . 2011-08-29 14:57 -------- d-----w- c:\users\uživatel\AppData\Local\SkypeFx
2011-08-29 14:57 . 2011-08-29 14:57 -------- d-----w- c:\users\uživatel\AppData\Local\IsolatedStorage
2011-08-29 10:07 . 2011-08-29 10:07 -------- d-----w- c:\users\uživatel\AppData\Local\{83C330AF-3D19-43BC-A81D-5C0E026F7683}
2011-08-28 23:37 . 2011-08-28 23:38 -------- d-----w- c:\program files\Heroes of Newerth
2011-08-28 08:58 . 2011-08-28 08:58 -------- d-----w- c:\users\uživatel\AppData\Local\{D79761A4-785D-4ABD-8F23-8D23D2A6B266}
2011-08-27 16:32 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-27 14:52 . 2011-08-27 14:52 -------- d-----w- c:\users\uživatel\AppData\Local\{A8DC011E-D7C6-4777-A225-898B689F3CCA}
2011-08-27 14:48 . 2011-08-27 14:48 -------- d-----w- c:\users\uživatel\AppData\Local\ElevatedDiagnostics
2011-08-17 13:41 . 2011-08-17 13:41 -------- d-----w- c:\users\uživatel\AppData\Local\{7FB498CC-B93B-4CDF-B472-B75F3DA165E7}
2011-08-16 07:40 . 2011-08-16 07:41 -------- d-----w- c:\users\uživatel\AppData\Local\{7FCA4A89-0DEF-4F26-AAC7-D1E87ED1E358}
2011-08-16 05:20 . 2011-08-16 05:20 4892320 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-08-15 15:22 . 2011-08-15 15:22 -------- d-----w- c:\users\uživatel\AppData\Local\{66A11CCB-BCEB-42B7-9E8A-77F80717E26E}
2011-08-15 08:59 . 2011-08-15 08:59 -------- d-----w- c:\users\uživatel\AppData\Local\{6901AB01-41BE-450D-B0D0-287D3A5F87B9}
2011-08-14 21:28 . 2011-08-14 21:28 -------- d-----w- c:\program files\LOLReplay
2011-08-14 13:46 . 2011-08-14 13:46 -------- d-----w- c:\users\uživatel\AppData\Local\{BABBC861-6EBA-4AC1-8B44-404C637EFEAD}
2011-08-13 09:16 . 2011-08-13 09:16 -------- d-----w- c:\users\uživatel\AppData\Local\{430D92C4-172F-476A-AD9D-26F0F4AE62C6}
2011-08-12 23:02 . 2011-08-12 23:11 2829 ----a-w- c:\windows\War3Unin.pif
2011-08-12 23:02 . 2011-08-12 23:11 139264 ----a-w- c:\windows\War3Unin.exe
2011-08-12 16:37 . 2011-08-12 16:37 -------- d-----w- c:\users\uživatel\AppData\Local\{DF072A1C-A918-4089-A051-7412A6608AA8}
2011-08-12 10:20 . 2011-08-12 10:21 -------- d-----w- c:\users\uživatel\AppData\Local\{5F8C3A00-7374-4675-9D30-F3619655C8E5}
2011-08-11 06:20 . 2011-08-11 06:20 -------- d-----w- c:\users\uživatel\AppData\Local\{DE89958E-DD8C-417B-A700-7E68FEAA0ECD}
2011-08-10 12:49 . 2011-08-10 12:50 -------- d-----w- c:\users\uživatel\AppData\Local\{001CAA64-7772-4AB5-A2F7-6FE67D238D57}
2011-08-09 18:02 . 2011-08-09 18:03 -------- d-----w- c:\users\uživatel\AppData\Local\{EC08242A-C4A1-4933-A208-BB634F075A2D}
2011-08-09 06:06 . 2011-08-09 06:06 -------- d-----w- c:\users\uživatel\AppData\Roaming\SGTY
2011-08-09 06:01 . 2011-08-09 06:01 -------- d-----w- c:\users\uživatel\AppData\Roaming\Realm of the Titans
2011-08-09 06:00 . 2011-08-09 06:00 -------- d-----w- C:\AeriaGames
2011-08-08 17:52 . 2011-08-14 16:36 -------- d-----w- c:\program files\Garena
2011-08-08 12:57 . 2011-08-08 12:57 -------- d-----w- c:\users\uživatel\AppData\Local\{D1A983E3-26BB-41F1-8CFE-647265E4DF42}
2011-08-08 10:48 . 2011-08-08 10:48 -------- d-----w- c:\users\uživatel\AppData\Local\{EED88004-7319-4B41-99C3-26C59F9FBA11}
2011-08-07 20:37 . 2011-08-07 20:37 -------- d-----w- c:\users\uživatel\AppData\Roaming\Rovio
2011-08-07 10:33 . 2011-08-07 10:33 -------- d-----w- c:\users\uživatel\AppData\Local\{B679D979-D8E7-44FF-9CB5-E41E5A83A619}
2011-08-06 10:19 . 2011-08-06 10:19 -------- d-----w- c:\users\uživatel\AppData\Local\{796A31B3-E2A9-4CFF-9FDA-5BD777F626FC}
2011-08-05 22:44 . 2011-08-05 22:44 -------- d-----w- c:\users\uživatel\AppData\Local\{F787BE00-752F-4CE8-9A26-B68301E5DE65}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-13 09:41 . 2011-05-31 05:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-08 16:28 . 2011-02-12 08:56 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-08-08 16:28 . 2011-03-06 11:29 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-08-08 16:28 . 2011-02-12 08:55 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-08-08 16:27 . 2011-02-12 08:55 103736 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-07-18 11:03 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-07-18 10:56 . 2011-07-18 10:56 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-04 11:43 . 2010-12-31 16:07 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-12-31 16:07 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-05-18 15:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-12-31 16:08 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-12-31 16:08 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2010-12-31 16:08 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-12-31 16:07 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2010-12-31 16:08 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-11 02:29 . 2011-07-13 08:22 2334208 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-08-18 17360520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-02-09 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\u§ivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files\LOLReplay\LOLRecorder.exe [2011-8-28 372736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 Adobe Licensing Console;Adobe Licensing Console;c:\windows\system32\mrvcl32.exe [2011-09-01 819729]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-04-24 4303928]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-31 1343400]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-23 218688]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-07-01 34896]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 18605357
*Deregistered* - 18605357
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all by FlashGet3 - c:\users\uživatel\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\uživatel\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 109.202.72.93 109.202.73.93
FF - ProfilePath - c:\users\uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\n8cubmmw.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Call of Duty Modern Warfare 2_is1 - c:\program files\Activision\Modern Warfare 2\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-09-04 15:03:41
ComboFix-quarantined-files.txt 2011-09-04 13:03
.
Před spuštěním: Volných bajtů: 756 801 650 688
Po spuštění: Volných bajtů: 756 917 280 768
.
- - End Of File - - 8AC1301A4D62A86D9BD62FA62549698F

[Druzdak]

Tak jdu pro dnešek spát, snad počítač půjde zítra zapnout. Dobrou noc

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  Firefox::
  FF - ProfilePath - c:\users\uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\n8cubmmw.default\
  FF - prefs.js: browser.search.selectedEngine - ICQ Search
  FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
  FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.9&q=
  
  DDS::
  uStart Page = hxxp://start.icq.com/
  Trusted Zone: kuaiche.com\software
  
  Driver::
  Akamai
  ICQ Service
  18605357
  
  NetSvc::
  Akamai
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "AdobeAAMUpdater-1.0"=-
  "SwitchBoard"=-
  "SunJavaUpdateSched"=-
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "DAEMON Tools Lite"=-
  "msnmsgr"=-
  "Steam"=-
  "Skype"=-
  
  Collect::
  c:\windows\system32\mrvcl32.exe
  C:\Windows\Temp\mrt389C.tmp\stdrt.exe
  
  Folder::
  C:\Program Files\Common Files\Akamai
  C:\Program Files\ICQ6Toolbar
  C:\Windows\Temp
  
  Reboot::KillAll::
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  Firefox::
  FF - ProfilePath - c:\users\uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\n8cubmmw.default\
  FF - prefs.js: browser.search.selectedEngine - ICQ Search
  FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
  FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.9&q=
  
  DDS::
  uStart Page = hxxp://start.icq.com/
  Trusted Zone: kuaiche.com\software
  
  Driver::
  Akamai
  ICQ Service
  18605357
  
  NetSvc::
  Akamai
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "AdobeAAMUpdater-1.0"=-
  "SwitchBoard"=-
  "SunJavaUpdateSched"=-
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "DAEMON Tools Lite"=-
  "msnmsgr"=-
  "Steam"=-
  "Skype"=-
  
  Collect::
  c:\windows\system32\mrvcl32.exe
  C:\Windows\Temp\mrt389C.tmp\stdrt.exe
  
  Folder::
  C:\Program Files\Common Files\Akamai
  C:\Program Files\ICQ6Toolbar
  C:\Windows\Temp
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[Druzdak]

Provedeno. Aspoň doufám. Windows naběhly v pohodě ale stdrt.exe se stále zapíná. Přikládám log.


ComboFix 11-09-03.01 - uživatel 05.09.2011 7:09.2.8 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3319.2147 [GMT 2:00]
Spuštěný z: c:\users\u×ivatel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\u×ivatel\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-05 do 2011-09-05 )))))))))))))))))))))))))))))))
.
.
2011-09-05 05:15 . 2011-09-05 05:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-05 05:02 . 2011-09-05 05:03 -------- d-----w- c:\users\uživatel\AppData\Local\{AAF1BB61-0885-47E1-8042-69819E113C2F}
2011-09-04 18:56 . 2011-09-04 18:56 -------- d-----w- C:\UPM
2011-09-04 18:40 . 2011-09-04 18:40 -------- d-----w- c:\users\uživatel\AppData\Roaming\SUPERAntiSpyware.com
2011-09-04 18:39 . 2011-09-04 18:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-04 18:39 . 2011-09-04 18:39 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-09-04 17:04 . 2011-09-04 17:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-09-04 17:04 . 2011-09-04 17:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-09-04 09:58 . 2011-09-04 09:58 -------- d-----w- c:\users\uživatel\AppData\Local\{288235DE-52E5-4CD7-B9F9-79161E2AA922}
2011-09-04 09:52 . 2011-09-04 09:52 -------- d-----w- c:\users\uživatel\AppData\Local\{365F0C27-4BB4-477C-9A3A-8D023A1EEF43}
2011-09-03 23:35 . 2011-09-03 23:35 -------- d-----w- c:\program files\trend micro
2011-09-03 23:35 . 2011-09-03 23:35 -------- d-----w- C:\rsit
2011-09-03 23:09 . 2011-09-03 23:09 -------- d-----w- c:\users\uživatel\AppData\Local\{8C33E035-D461-4756-9CB7-3A2BEC9FF674}
2011-09-03 12:48 . 2011-09-03 12:48 -------- d-----w- c:\users\uživatel\AppData\Local\{1A1B4EC0-A287-425A-9B12-0E637A8AE5DD}
2011-09-03 06:45 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{566D7267-CE2F-4D92-9996-760394CFE6E9}\mpengine.dll
2011-09-03 06:41 . 2011-09-03 06:42 -------- d-----w- c:\users\uživatel\AppData\Local\{8E99AC6B-DDB2-45F8-850E-B5C28FE686F0}
2011-09-02 21:33 . 2011-09-02 21:33 -------- d-----w- c:\users\uživatel\AppData\Local\{2BBA004D-27E9-428D-9116-3D9DD21B6DB4}
2011-09-02 12:41 . 2011-09-02 12:41 -------- d-----w- c:\users\uživatel\AppData\Local\{85F3AC65-16F3-441D-BBAC-7133D9AE468C}
2011-09-02 05:04 . 2011-09-02 05:04 -------- d-----w- c:\users\uživatel\AppData\Local\{4C982E89-D286-49E8-A1E4-0BF6D13322A6}
2011-09-01 15:22 . 2011-09-01 15:22 -------- d-----w- c:\users\uživatel\AppData\Local\{3342FC35-92F6-432D-8FFA-773B68FFA2FE}
2011-09-01 11:00 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\system32\vorbis.acm
2011-09-01 10:56 . 2011-09-01 10:56 819729 ----a-w- c:\windows\system32\mrvcl32.exe
2011-09-01 09:07 . 2011-09-01 09:07 -------- d-----w- c:\users\uživatel\AppData\Local\{DCE7EFDC-2018-4498-88F5-F2A99B7769FF}
2011-09-01 05:00 . 2011-09-01 05:01 -------- d-----w- c:\users\uživatel\AppData\Local\{CC022E96-C006-4CC2-BE8E-244E24C62413}
2011-08-31 11:38 . 2011-08-31 11:38 -------- d-----w- c:\users\uživatel\AppData\Local\{A12A3FE5-C1FB-4BD8-971E-B0FC8DF40220}
2011-08-31 08:14 . 2011-08-31 08:14 -------- d-----w- c:\users\uživatel\AppData\Local\{067ECDF6-8544-4D88-AA9A-8A2DC295D81A}
2011-08-30 14:25 . 2011-08-30 14:25 -------- d-----w- c:\users\uživatel\AppData\Local\{D776F60C-D6CA-49DC-8D6D-5749C8E7977B}
2011-08-30 09:23 . 2011-08-30 09:23 -------- d-----w- c:\users\uživatel\AppData\Local\{6920279A-C260-49BF-8393-0A6A53E7E99A}
2011-08-29 22:19 . 2011-08-29 22:19 -------- d-----w- c:\users\uživatel\AppData\Local\{037E3C4B-F8D1-47CC-AD6D-25F995D5D153}
2011-08-29 21:09 . 2011-08-29 21:09 -------- d-----w- c:\users\uživatel\AppData\Local\{B0CCC690-3FA2-44F1-84BC-B8D1E369865D}
2011-08-29 15:10 . 2011-08-29 15:10 -------- d-----w- c:\users\uživatel\AppData\Roaming\Screaming Bee
2011-08-29 15:10 . 2011-08-29 15:10 -------- d-----w- c:\programdata\Screaming Bee
2011-08-29 14:57 . 2011-08-29 14:57 -------- d-----w- c:\users\uživatel\AppData\Local\SkypeFx
2011-08-29 14:57 . 2011-08-29 14:57 -------- d-----w- c:\users\uživatel\AppData\Local\IsolatedStorage
2011-08-29 10:07 . 2011-08-29 10:07 -------- d-----w- c:\users\uživatel\AppData\Local\{83C330AF-3D19-43BC-A81D-5C0E026F7683}
2011-08-28 23:37 . 2011-08-28 23:38 -------- d-----w- c:\program files\Heroes of Newerth
2011-08-28 08:58 . 2011-08-28 08:58 -------- d-----w- c:\users\uživatel\AppData\Local\{D79761A4-785D-4ABD-8F23-8D23D2A6B266}
2011-08-27 16:32 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-27 14:52 . 2011-08-27 14:52 -------- d-----w- c:\users\uživatel\AppData\Local\{A8DC011E-D7C6-4777-A225-898B689F3CCA}
2011-08-27 14:48 . 2011-08-27 14:48 -------- d-----w- c:\users\uživatel\AppData\Local\ElevatedDiagnostics
2011-08-17 13:41 . 2011-08-17 13:41 -------- d-----w- c:\users\uživatel\AppData\Local\{7FB498CC-B93B-4CDF-B472-B75F3DA165E7}
2011-08-16 07:40 . 2011-08-16 07:41 -------- d-----w- c:\users\uživatel\AppData\Local\{7FCA4A89-0DEF-4F26-AAC7-D1E87ED1E358}
2011-08-16 05:20 . 2011-08-16 05:20 4892320 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-08-15 15:22 . 2011-08-15 15:22 -------- d-----w- c:\users\uživatel\AppData\Local\{66A11CCB-BCEB-42B7-9E8A-77F80717E26E}
2011-08-15 08:59 . 2011-08-15 08:59 -------- d-----w- c:\users\uživatel\AppData\Local\{6901AB01-41BE-450D-B0D0-287D3A5F87B9}
2011-08-14 13:46 . 2011-08-14 13:46 -------- d-----w- c:\users\uživatel\AppData\Local\{BABBC861-6EBA-4AC1-8B44-404C637EFEAD}
2011-08-13 09:16 . 2011-08-13 09:16 -------- d-----w- c:\users\uživatel\AppData\Local\{430D92C4-172F-476A-AD9D-26F0F4AE62C6}
2011-08-12 23:02 . 2011-08-12 23:11 2829 ----a-w- c:\windows\War3Unin.pif
2011-08-12 23:02 . 2011-08-12 23:11 139264 ----a-w- c:\windows\War3Unin.exe
2011-08-12 16:37 . 2011-08-12 16:37 -------- d-----w- c:\users\uživatel\AppData\Local\{DF072A1C-A918-4089-A051-7412A6608AA8}
2011-08-12 10:20 . 2011-08-12 10:21 -------- d-----w- c:\users\uživatel\AppData\Local\{5F8C3A00-7374-4675-9D30-F3619655C8E5}
2011-08-11 06:20 . 2011-08-11 06:20 -------- d-----w- c:\users\uživatel\AppData\Local\{DE89958E-DD8C-417B-A700-7E68FEAA0ECD}
2011-08-10 12:49 . 2011-08-10 12:50 -------- d-----w- c:\users\uživatel\AppData\Local\{001CAA64-7772-4AB5-A2F7-6FE67D238D57}
2011-08-09 18:02 . 2011-08-09 18:03 -------- d-----w- c:\users\uživatel\AppData\Local\{EC08242A-C4A1-4933-A208-BB634F075A2D}
2011-08-09 06:06 . 2011-08-09 06:06 -------- d-----w- c:\users\uživatel\AppData\Roaming\SGTY
2011-08-09 06:01 . 2011-08-09 06:01 -------- d-----w- c:\users\uživatel\AppData\Roaming\Realm of the Titans
2011-08-09 06:00 . 2011-08-09 06:00 -------- d-----w- C:\AeriaGames
2011-08-08 17:52 . 2011-08-14 16:36 -------- d-----w- c:\program files\Garena
2011-08-08 12:57 . 2011-08-08 12:57 -------- d-----w- c:\users\uživatel\AppData\Local\{D1A983E3-26BB-41F1-8CFE-647265E4DF42}
2011-08-08 10:48 . 2011-08-08 10:48 -------- d-----w- c:\users\uživatel\AppData\Local\{EED88004-7319-4B41-99C3-26C59F9FBA11}
2011-08-07 20:37 . 2011-08-07 20:37 -------- d-----w- c:\users\uživatel\AppData\Roaming\Rovio
2011-08-07 10:33 . 2011-08-07 10:33 -------- d-----w- c:\users\uživatel\AppData\Local\{B679D979-D8E7-44FF-9CB5-E41E5A83A619}
2011-08-06 10:19 . 2011-08-06 10:19 -------- d-----w- c:\users\uživatel\AppData\Local\{796A31B3-E2A9-4CFF-9FDA-5BD777F626FC}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-13 09:41 . 2011-05-31 05:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-08 16:28 . 2011-02-12 08:56 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-08-08 16:28 . 2011-03-06 11:29 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-08-08 16:28 . 2011-02-12 08:55 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-08-08 16:27 . 2011-02-12 08:55 103736 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-07-18 11:03 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-07-18 10:56 . 2011-07-18 10:56 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-04 11:43 . 2010-12-31 16:07 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-12-31 16:07 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-05-18 15:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-12-31 16:08 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-12-31 16:08 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2010-12-31 16:08 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-12-31 16:07 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2010-12-31 16:08 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-11 02:29 . 2011-07-13 08:22 2334208 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-08-18 17360520]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 4603264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-02-09 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\u§ivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files\LOLReplay\LOLRecorder.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 Adobe Licensing Console;Adobe Licensing Console;c:\windows\system32\mrvcl32.exe [2011-09-01 819729]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-04-24 4303928]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-07-01 34896]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-31 1343400]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-23 218688]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all by FlashGet3 - c:\users\uživatel\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\uživatel\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 109.202.72.93 109.202.73.93
FF - ProfilePath - c:\users\uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\n8cubmmw.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-09-05 07:17:10
ComboFix-quarantined-files.txt 2011-09-05 05:17
ComboFix2.txt 2011-09-04 13:03
.
Před spuštěním: Volných bajtů: 769 293 611 008
Po spuštění: Volných bajtů: 769 256 165 376
.
- - End Of File - - 66C4B6A29D460C89DF91526EA3A84B84

[Druzdak]

Pokud tam něco nebude dávat smysl tak jsem včera pár programu odinstaloval

[vyosek]

CF neprovedlo co melo Zopakujte postup prosim v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

[Druzdak]

Zdá se mi že to zase neudělalo to co mělo, ale posouzení nechám na tobě A CF vidí zapnutý avast který není ale ani na liště ani v procesech.


ComboFix 11-09-05.02 - uživatel 05.09.2011 15:27:40.3.8 - x86 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3319.2782 [GMT 2:00]
Spuštěný z: c:\combofix\ComboFix.exe
Použité ovládací přepínače :: c:\users\u×ivatel\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-05 do 2011-09-05 )))))))))))))))))))))))))))))))
.
.
2011-09-05 13:33 . 2011-09-05 13:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-05 13:01 . 2011-09-05 13:01 -------- d-----w- c:\users\uživatel\AppData\Local\{E8109C12-DF1E-41F1-8C86-9F577BB16506}
2011-09-05 05:02 . 2011-09-05 05:03 -------- d-----w- c:\users\uživatel\AppData\Local\{AAF1BB61-0885-47E1-8042-69819E113C2F}
2011-09-04 18:56 . 2011-09-04 18:56 -------- d-----w- C:\UPM
2011-09-04 18:40 . 2011-09-04 18:40 -------- d-----w- c:\users\uživatel\AppData\Roaming\SUPERAntiSpyware.com
2011-09-04 18:39 . 2011-09-04 18:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-04 18:39 . 2011-09-04 18:39 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-09-04 17:04 . 2011-09-04 17:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-09-04 17:04 . 2011-09-04 17:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-09-04 09:58 . 2011-09-04 09:58 -------- d-----w- c:\users\uživatel\AppData\Local\{288235DE-52E5-4CD7-B9F9-79161E2AA922}
2011-09-04 09:52 . 2011-09-04 09:52 -------- d-----w- c:\users\uživatel\AppData\Local\{365F0C27-4BB4-477C-9A3A-8D023A1EEF43}
2011-09-03 23:35 . 2011-09-03 23:35 -------- d-----w- c:\program files\trend micro
2011-09-03 23:35 . 2011-09-03 23:35 -------- d-----w- C:\rsit
2011-09-03 23:09 . 2011-09-03 23:09 -------- d-----w- c:\users\uživatel\AppData\Local\{8C33E035-D461-4756-9CB7-3A2BEC9FF674}
2011-09-03 12:48 . 2011-09-03 12:48 -------- d-----w- c:\users\uživatel\AppData\Local\{1A1B4EC0-A287-425A-9B12-0E637A8AE5DD}
2011-09-03 06:45 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{566D7267-CE2F-4D92-9996-760394CFE6E9}\mpengine.dll
2011-09-03 06:41 . 2011-09-03 06:42 -------- d-----w- c:\users\uživatel\AppData\Local\{8E99AC6B-DDB2-45F8-850E-B5C28FE686F0}
2011-09-02 21:33 . 2011-09-02 21:33 -------- d-----w- c:\users\uživatel\AppData\Local\{2BBA004D-27E9-428D-9116-3D9DD21B6DB4}
2011-09-02 12:41 . 2011-09-02 12:41 -------- d-----w- c:\users\uživatel\AppData\Local\{85F3AC65-16F3-441D-BBAC-7133D9AE468C}
2011-09-02 05:04 . 2011-09-02 05:04 -------- d-----w- c:\users\uživatel\AppData\Local\{4C982E89-D286-49E8-A1E4-0BF6D13322A6}
2011-09-01 15:22 . 2011-09-01 15:22 -------- d-----w- c:\users\uživatel\AppData\Local\{3342FC35-92F6-432D-8FFA-773B68FFA2FE}
2011-09-01 11:00 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\system32\vorbis.acm
2011-09-01 10:56 . 2011-09-01 10:56 819729 ----a-w- c:\windows\system32\mrvcl32.exe
2011-09-01 09:07 . 2011-09-01 09:07 -------- d-----w- c:\users\uživatel\AppData\Local\{DCE7EFDC-2018-4498-88F5-F2A99B7769FF}
2011-09-01 05:00 . 2011-09-01 05:01 -------- d-----w- c:\users\uživatel\AppData\Local\{CC022E96-C006-4CC2-BE8E-244E24C62413}
2011-08-31 11:38 . 2011-08-31 11:38 -------- d-----w- c:\users\uživatel\AppData\Local\{A12A3FE5-C1FB-4BD8-971E-B0FC8DF40220}
2011-08-31 08:14 . 2011-08-31 08:14 -------- d-----w- c:\users\uživatel\AppData\Local\{067ECDF6-8544-4D88-AA9A-8A2DC295D81A}
2011-08-30 14:25 . 2011-08-30 14:25 -------- d-----w- c:\users\uživatel\AppData\Local\{D776F60C-D6CA-49DC-8D6D-5749C8E7977B}
2011-08-30 09:23 . 2011-08-30 09:23 -------- d-----w- c:\users\uživatel\AppData\Local\{6920279A-C260-49BF-8393-0A6A53E7E99A}
2011-08-29 22:19 . 2011-08-29 22:19 -------- d-----w- c:\users\uživatel\AppData\Local\{037E3C4B-F8D1-47CC-AD6D-25F995D5D153}
2011-08-29 21:09 . 2011-08-29 21:09 -------- d-----w- c:\users\uživatel\AppData\Local\{B0CCC690-3FA2-44F1-84BC-B8D1E369865D}
2011-08-29 15:10 . 2011-08-29 15:10 -------- d-----w- c:\users\uživatel\AppData\Roaming\Screaming Bee
2011-08-29 15:10 . 2011-08-29 15:10 -------- d-----w- c:\programdata\Screaming Bee
2011-08-29 14:57 . 2011-08-29 14:57 -------- d-----w- c:\users\uživatel\AppData\Local\SkypeFx
2011-08-29 14:57 . 2011-08-29 14:57 -------- d-----w- c:\users\uživatel\AppData\Local\IsolatedStorage
2011-08-29 10:07 . 2011-08-29 10:07 -------- d-----w- c:\users\uživatel\AppData\Local\{83C330AF-3D19-43BC-A81D-5C0E026F7683}
2011-08-28 23:37 . 2011-08-28 23:38 -------- d-----w- c:\program files\Heroes of Newerth
2011-08-28 08:58 . 2011-08-28 08:58 -------- d-----w- c:\users\uživatel\AppData\Local\{D79761A4-785D-4ABD-8F23-8D23D2A6B266}
2011-08-27 16:32 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-27 14:52 . 2011-08-27 14:52 -------- d-----w- c:\users\uživatel\AppData\Local\{A8DC011E-D7C6-4777-A225-898B689F3CCA}
2011-08-27 14:48 . 2011-09-05 13:21 -------- d-----w- c:\users\uživatel\AppData\Local\ElevatedDiagnostics
2011-08-17 13:41 . 2011-08-17 13:41 -------- d-----w- c:\users\uživatel\AppData\Local\{7FB498CC-B93B-4CDF-B472-B75F3DA165E7}
2011-08-16 07:40 . 2011-08-16 07:41 -------- d-----w- c:\users\uživatel\AppData\Local\{7FCA4A89-0DEF-4F26-AAC7-D1E87ED1E358}
2011-08-16 05:20 . 2011-08-16 05:20 4892320 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-08-15 15:22 . 2011-08-15 15:22 -------- d-----w- c:\users\uživatel\AppData\Local\{66A11CCB-BCEB-42B7-9E8A-77F80717E26E}
2011-08-15 08:59 . 2011-08-15 08:59 -------- d-----w- c:\users\uživatel\AppData\Local\{6901AB01-41BE-450D-B0D0-287D3A5F87B9}
2011-08-14 13:46 . 2011-08-14 13:46 -------- d-----w- c:\users\uživatel\AppData\Local\{BABBC861-6EBA-4AC1-8B44-404C637EFEAD}
2011-08-13 09:16 . 2011-08-13 09:16 -------- d-----w- c:\users\uživatel\AppData\Local\{430D92C4-172F-476A-AD9D-26F0F4AE62C6}
2011-08-12 23:02 . 2011-08-12 23:11 2829 ----a-w- c:\windows\War3Unin.pif
2011-08-12 23:02 . 2011-08-12 23:11 139264 ----a-w- c:\windows\War3Unin.exe
2011-08-12 16:37 . 2011-08-12 16:37 -------- d-----w- c:\users\uživatel\AppData\Local\{DF072A1C-A918-4089-A051-7412A6608AA8}
2011-08-12 10:20 . 2011-08-12 10:21 -------- d-----w- c:\users\uživatel\AppData\Local\{5F8C3A00-7374-4675-9D30-F3619655C8E5}
2011-08-11 06:20 . 2011-08-11 06:20 -------- d-----w- c:\users\uživatel\AppData\Local\{DE89958E-DD8C-417B-A700-7E68FEAA0ECD}
2011-08-10 12:49 . 2011-08-10 12:50 -------- d-----w- c:\users\uživatel\AppData\Local\{001CAA64-7772-4AB5-A2F7-6FE67D238D57}
2011-08-09 18:02 . 2011-08-09 18:03 -------- d-----w- c:\users\uživatel\AppData\Local\{EC08242A-C4A1-4933-A208-BB634F075A2D}
2011-08-09 06:06 . 2011-08-09 06:06 -------- d-----w- c:\users\uživatel\AppData\Roaming\SGTY
2011-08-09 06:01 . 2011-08-09 06:01 -------- d-----w- c:\users\uživatel\AppData\Roaming\Realm of the Titans
2011-08-09 06:00 . 2011-08-09 06:00 -------- d-----w- C:\AeriaGames
2011-08-08 17:52 . 2011-08-14 16:36 -------- d-----w- c:\program files\Garena
2011-08-08 12:57 . 2011-08-08 12:57 -------- d-----w- c:\users\uživatel\AppData\Local\{D1A983E3-26BB-41F1-8CFE-647265E4DF42}
2011-08-08 10:48 . 2011-08-08 10:48 -------- d-----w- c:\users\uživatel\AppData\Local\{EED88004-7319-4B41-99C3-26C59F9FBA11}
2011-08-07 20:37 . 2011-08-07 20:37 -------- d-----w- c:\users\uživatel\AppData\Roaming\Rovio
2011-08-07 10:33 . 2011-08-07 10:33 -------- d-----w- c:\users\uživatel\AppData\Local\{B679D979-D8E7-44FF-9CB5-E41E5A83A619}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-13 09:41 . 2011-05-31 05:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-08 16:28 . 2011-02-12 08:56 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-08-08 16:28 . 2011-03-06 11:29 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-08-08 16:28 . 2011-02-12 08:55 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-08-08 16:27 . 2011-02-12 08:55 103736 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-07-18 11:03 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-07-18 10:56 . 2011-07-18 10:56 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-04 11:43 . 2010-12-31 16:07 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-12-31 16:07 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-05-18 15:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-12-31 16:08 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-12-31 16:08 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2010-12-31 16:08 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-12-31 16:07 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2010-12-31 16:08 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-11 02:29 . 2011-07-13 08:22 2334208 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-08-18 17360520]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 4603264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-02-09 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\u§ivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files\LOLReplay\LOLRecorder.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R2 Adobe Licensing Console;Adobe Licensing Console;c:\windows\system32\mrvcl32.exe [2011-09-01 819729]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-04-24 4303928]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-07-01 34896]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-31 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-23 218688]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all by FlashGet3 - c:\users\uživatel\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\uživatel\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 109.202.72.93 109.202.73.93
FF - ProfilePath - c:\users\uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\n8cubmmw.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-09-05 15:35:06
ComboFix-quarantined-files.txt 2011-09-05 13:35
ComboFix2.txt 2011-09-05 05:17
ComboFix3.txt 2011-09-04 13:03
.
Před spuštěním: Volných bajtů: 769 417 543 680
Po spuštění: Volných bajtů: 769 104 769 024
.
- - End Of File - - 33279342E5E2E44145C35B7424894396

[vyosek]

Presne tak, zase se flakal, takze na to pujdem jinak

Stahnete OTL (viz muj podpis) a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
• Zaskrtnete okenko Pro vsechny uzivatele
• Zaskrtnete okenko Kontrola na havet "LOP"
• Zaskrtnete okenko Kontrola na havet "Purity"
• Stari souboru zmente z 30 dnu na 7 dnu
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  CREATERESTOREPOINT
  
  netsvcs /all
  drivers32
  savembr:0
  
  /md5start
  adp3132.sys
  AGP440.sys
  ahcix86.sys
  ahcix86s.sys
  atapi.sys
  autochk.exe
  cdrom.sys
  cngaudit.dll
  cryptsvc.dll
  eNetHook.dll
  eventlog.dll
  explorer.exe
  hal.dll
  Changer.sys
  iaStor.sys
  iastorv.sys
  IdeChnDr.sys
  isapnp.sys
  JakNDis.sys
  KR10N.sys
  logevent.dll
  lsass.exe
  mv61xx.sys
  ndis.sys
  netlogon.dll
  ntelogon.dll
  nvata.sys
  nvatabus.sys
  nvgts.sys
  nvraid.sys
  nvrd32.sys
  nvstor.sys
  nvstor32.sys
  scecli.dll
  sceclt.dll
  smss.exe
  svchost.exe
  symmpi.sys
  tcpip.sys
  userinit.exe
  vaxscsi.sys
  viamraid.sys
  viasraid.sys
  ViPrt.sys
  winlogon.exe
  ws2_32.dll
  /md5stop
  
  %systemroot%*.* /U /s
  %SYSTEMDRIVE%\*.exe
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\drivers\*.sys /3
  %systemroot%\system32\*.* /3
  %SYSTEMDRIVE%\*.exe
  
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
  
  type c:\boot.ini >> test.txt /c
  %SystemDrive%\PhysicalMBR.bin /md5 
  
  *crack* /s
  *keygen* /s

• Kliknete na tlacitko Prohledat
• Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

[Druzdak]

OTL.txt


OTL logfile created on: 5.9.2011 15:54:49 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\uživatel\Desktop
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,24 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 55,54% Memory free
6,48 Gb Paging File | 4,80 Gb Available in Paging File | 74,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,41 Gb Total Space | 716,42 Gb Free Space | 76,92% Space Free | Partition Type: NTFS

Computer Name: UŽIVATEL-PC | User Name: uživatel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2011.09.05 15:51:54 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\uživatel\Desktop\OTL.exe
PRC - [2011.08.12 23:37:06 | 004,603,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011.07.04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.27 17:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.01.20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011.01.17 16:37:42 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 16:37:42 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2011.01.05 19:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:42 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


========== Modules (No Company Name) ==========

MOD - [2011.09.05 15:50:36 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011.09.04 20:40:17 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011.09.04 20:40:17 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011.09.04 20:40:17 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011.09.03 14:28:23 | 000,400,440 | ---- | M] () -- C:\Users\uživatel\AppData\Local\Google\Chrome\Application\13.0.782.220\ppgooglenaclpluginchrome.dll
MOD - [2011.09.03 14:28:22 | 004,118,072 | ---- | M] () -- C:\Users\uživatel\AppData\Local\Google\Chrome\Application\13.0.782.220\pdf.dll
MOD - [2011.09.03 14:26:51 | 000,104,520 | ---- | M] () -- C:\Users\uživatel\AppData\Local\Google\Chrome\Application\13.0.782.220\avutil-50.dll
MOD - [2011.09.03 14:26:49 | 000,203,848 | ---- | M] () -- C:\Users\uživatel\AppData\Local\Google\Chrome\Application\13.0.782.220\avformat-52.dll
MOD - [2011.09.03 14:26:48 | 001,846,344 | ---- | M] () -- C:\Users\uživatel\AppData\Local\Google\Chrome\Application\13.0.782.220\avcodec-52.dll
MOD - [2011.09.03 12:35:01 | 006,338,720 | ---- | M] () -- C:\Users\uživatel\AppData\Local\Google\Chrome\Application\13.0.782.220\gcswf32.dll
MOD - [2011.05.05 13:49:36 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.01.05 19:06:43 | 000,176,128 | ---- | M] () -- C:\Program Files\AIM\nssckbi.dll
MOD - [2010.03.15 12:28:24 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.09.01 12:56:30 | 000,819,729 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\mrvcl32.exe -- (Adobe Licensing Console)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.08.08 22:03:20 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011.07.04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.04.24 23:08:00 | 004,303,928 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2011.01.27 17:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.12.31 19:47:27 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.07.04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.07.04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.07.04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.07.04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.07.04 13:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.07.04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.01.23 03:27:30 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\WinUSB.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.08.08 23:33:00 | 010,337,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.07.01 14:21:14 | 000,034,896 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009.12.23 11:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2419579696-3991638777-3736419961-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-2419579696-3991638777-3736419961-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2419579696-3991638777-3736419961-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... r=1.1.9&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\uživatel\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\uživatel\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.04 15:02:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.02.24 18:36:45 | 000,000,000 | ---D | M]

[2011.01.04 15:02:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uživatel\AppData\Roaming\Mozilla\Extensions
[2011.08.12 21:43:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\n8cubmmw.default\extensions
[2011.03.28 20:40:28 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\n8cubmmw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.08.02 18:10:50 | 000,001,056 | ---- | M] () -- C:\Users\uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\n8cubmmw.default\searchplugins\icqplugin.xml
[2011.08.28 01:44:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.08.28 01:45:04 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.01.12 21:57:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.11 20:16:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.21 17:26:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\UĹĽIVATEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N8CUBMMW.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.12.03 20:08:29 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2010.12.03 20:08:29 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2010.12.03 20:08:29 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2010.12.03 20:08:29 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2010.12.03 20:08:29 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2011.09.04 15:02:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\uživatel\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2419579696-3991638777-3736419961-1000..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-2419579696-3991638777-3736419961-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2419579696-3991638777-3736419961-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-2419579696-3991638777-3736419961-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2419579696-3991638777-3736419961-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2419579696-3991638777-3736419961-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\uživatel\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\uživatel\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-2419579696-3991638777-3736419961-1000\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 109.202.72.93 109.202.73.93
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{494FA3D3-3DDC-4B64-8245-BDFB22EBD964}: DhcpNameServer = 109.202.72.93 109.202.73.93
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: AeLookupSvc - C:\Windows\System32\aelupsvc.dll (Microsoft Corporation)
NetSvcs: CertPropSvc - C:\Windows\System32\certprop.dll (Microsoft Corporation)
NetSvcs: SCPolicySvc - C:\Windows\System32\certprop.dll (Microsoft Corporation)
NetSvcs: lanmanserver - C:\Windows\System32\srvsvc.dll (Microsoft Corporation)
NetSvcs: gpsvc - C:\Windows\System32\gpsvc.dll (Microsoft Corporation)
NetSvcs: IKEEXT - C:\Windows\System32\IKEEXT.DLL (Microsoft Corporation)
NetSvcs: AudioSrv - C:\Windows\System32\audiosrv.dll (Microsoft Corporation)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Rasauto - C:\Windows\System32\rasauto.dll (Microsoft Corporation)
NetSvcs: Rasman - C:\Windows\System32\rasmans.dll (Microsoft Corporation)
NetSvcs: Remoteaccess - C:\Windows\System32\mprdim.dll (Microsoft Corporation)
NetSvcs: SENS - C:\Windows\System32\Sens.dll (Microsoft Corporation)
NetSvcs: Sharedaccess - C:\Windows\System32\ipnathlp.dll (Microsoft Corporation)
NetSvcs: SRService - File not found
NetSvcs: Tapisrv - C:\Windows\System32\tapisrv.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: TermService - C:\Windows\System32\termsrv.dll (Microsoft Corporation)
NetSvcs: wuauserv - C:\Windows\System32\wuaueng.dll (Microsoft Corporation)
NetSvcs: BITS - C:\Windows\System32\qmgr.dll (Microsoft Corporation)
NetSvcs: ShellHWDetection - C:\Windows\System32\shsvcs.dll (Microsoft Corporation)
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: iphlpsvc - C:\Windows\System32\iphlpsvc.dll (Microsoft Corporation)
NetSvcs: seclogon - C:\Windows\System32\seclogon.dll (Microsoft Corporation)
NetSvcs: AppInfo - C:\Windows\System32\appinfo.dll (Microsoft Corporation)
NetSvcs: msiscsi - C:\Windows\System32\iscsiexe.dll (Microsoft Corporation)
NetSvcs: MMCSS - C:\Windows\System32\mmcss.dll (Microsoft Corporation)
NetSvcs: wercplsupport - C:\Windows\System32\wercplsupport.dll (Microsoft Corporation)
NetSvcs: EapHost - C:\Windows\System32\eapsvc.dll (Microsoft Corporation)
NetSvcs: ProfSvc - C:\Windows\System32\profsvc.dll (Microsoft Corporation)
NetSvcs: schedule - C:\Windows\System32\schedsvc.dll (Microsoft Corporation)
NetSvcs: hkmsvc - C:\Windows\System32\KMSVC.DLL (Microsoft Corporation)
NetSvcs: SessionEnv - C:\Windows\System32\SessEnv.dll (Microsoft Corporation)
NetSvcs: winmgmt - C:\Windows\System32\wbem\WMIsvc.dll (Microsoft Corporation)
NetSvcs: browser - C:\Windows\System32\browser.dll (Microsoft Corporation)
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
NetSvcs: AppMgmt - C:\Windows\System32\appmgmts.dll (Microsoft Corporation)

Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2011.09.05 15:51:47 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\uživatel\Desktop\OTL.exe
[2011.09.05 15:51:00 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Local\{8C37B274-ED20-44A2-A326-B0C32825A7DC}
[2011.09.05 15:35:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.09.05 15:34:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.09.05 15:01:08 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Local\{E8109C12-DF1E-41F1-8C86-9F577BB16506}
[2011.09.05 07:02:50 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Local\{AAF1BB61-0885-47E1-8042-69819E113C2F}
[2011.09.04 21:09:32 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011.09.04 20:56:02 | 000,000,000 | ---D | C] -- C:\UPM
[2011.09.04 20:40:12 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Roaming\SUPERAntiSpyware.com
[2011.09.04 20:39:51 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.09.04 20:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.09.04 20:39:49 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.09.04 19:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.09.04 19:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.09.04 19:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.09.04 14:54:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.09.04 14:54:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.09.04 14:54:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.09.04 14:54:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.09.04 14:53:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.09.04 14:09:08 | 004,194,725 | R--- | C] (Swearware) -- C:\Users\uživatel\Desktop\ComboFix.exe
[2011.09.04 11:58:41 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Local\{288235DE-52E5-4CD7-B9F9-79161E2AA922}
[2011.09.04 11:52:13 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Local\{365F0C27-4BB4-477C-9A3A-8D023A1EEF43}
[2011.09.04 01:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.09.04 01:35:00 | 000,000,000 | ---D | C] -- C:\rsit
[2011.09.04 01:09:48 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Local\{8C33E035-D461-4756-9CB7-3A2BEC9FF674}
[2011.09.03 14:48:40 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Local\{1A1B4EC0-A287-425A-9B12-0E637A8AE5DD}
[2011.09.03 08:41:56 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Local\{8E99AC6B-DDB2-45F8-850E-B5C28FE686F0}
[2011.09.02 23:33:21 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Local\{2BBA004D-27E9-428D-9116-3D9DD21B6DB4}
[2011.09.02 14:41:01 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Local\{85F3AC65-16F3-441D-BBAC-7133D9AE468C}
[2011.09.02 07:04:14 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Local\{4C982E89-D286-49E8-A1E4-0BF6D13322A6}
[2011.09.01 17:22:23 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Local\{3342FC35-92F6-432D-8FFA-773B68FFA2FE}
[2011.09.01 13:00:42 | 001,554,944 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\System32\vorbis.acm
[2011.09.01 12:56:30 | 000,819,729 | ---- | C] ( ) -- C:\Windows\System32\mrvcl32.exe
[2011.09.01 11:07:25 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Local\{DCE7EFDC-2018-4498-88F5-F2A99B7769FF}
[2011.09.01 07:00:55 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Local\{CC022E96-C006-4CC2-BE8E-244E24C62413}
[2011.08.31 13:38:39 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Local\{A12A3FE5-C1FB-4BD8-971E-B0FC8DF40220}
[2011.08.31 10:14:32 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Local\{067ECDF6-8544-4D88-AA9A-8A2DC295D81A}
[2011.08.30 16:25:03 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Local\{D776F60C-D6CA-49DC-8D6D-5749C8E7977B}
[2011.08.30 11:23:33 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Local\{6920279A-C260-49BF-8393-0A6A53E7E99A}
[2011.08.30 00:19:18 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Local\{037E3C4B-F8D1-47CC-AD6D-25F995D5D153}
[2011.08.29 23:09:25 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Local\{B0CCC690-3FA2-44F1-84BC-B8D1E369865D}
[2011.08.29 17:10:49 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Roaming\Screaming Bee
[2011.08.29 17:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Screaming Bee
[2011.08.29 16:57:54 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Local\SkypeFx
[2011.08.29 16:57:51 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Local\IsolatedStorage
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2011.09.05 15:57:36 | 000,010,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.05 15:57:36 | 000,010,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.05 15:57:12 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.09.05 15:51:54 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\uživatel\Desktop\OTL.exe
[2011.09.05 15:49:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.05 15:49:34 | 2610,253,824 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.04 21:12:29 | 000,001,923 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2011.09.04 20:39:51 | 000,001,965 | ---- | M] () -- C:\Users\uživatel\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.09.04 19:04:33 | 000,001,220 | ---- | M] () -- C:\Users\uživatel\Desktop\Spybot - Search & Destroy.lnk
[2011.09.04 15:02:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.09.04 14:09:23 | 004,194,725 | R--- | M] (Swearware) -- C:\Users\uživatel\Desktop\ComboFix.exe
[2011.09.04 12:01:14 | 000,139,264 | ---- | M] () -- C:\Users\uživatel\Desktop\SystemLook.exe
[2011.09.01 22:12:14 | 000,666,194 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2011.09.01 22:12:14 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.01 22:12:14 | 000,139,890 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2011.09.01 22:12:14 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.01 17:29:43 | 000,490,328 | ---- | M] () -- C:\Users\uživatel\Desktop\01092011.jpg
[2011.09.01 13:01:01 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\FL Studio 10.lnk
[2011.09.01 12:56:30 | 000,819,729 | ---- | M] ( ) -- C:\Windows\System32\mrvcl32.exe
[2011.09.01 11:22:34 | 001,702,521 | ---- | M] () -- C:\Users\uživatel\Desktop\Bez názvu-1.jpg
[2011.09.01 10:13:36 | 001,976,268 | ---- | M] () -- C:\Users\uživatel\Desktop\DSC03080.JPG
[2011.09.01 10:13:26 | 001,967,992 | ---- | M] () -- C:\Users\uživatel\Desktop\DSC03079.JPG
[2011.09.01 10:11:54 | 002,115,011 | ---- | M] () -- C:\Users\uživatel\Desktop\DSC03078.JPG
[2011.09.01 10:08:24 | 001,910,619 | ---- | M] () -- C:\Users\uživatel\Desktop\DSC03076.JPG
[2011.09.01 10:07:58 | 001,957,643 | ---- | M] () -- C:\Users\uživatel\Desktop\DSC03075.JPG
[2011.09.01 07:05:41 | 009,775,104 | ---- | M] () -- C:\Users\uživatel\Desktop\savior.mp3
[2011.09.01 07:02:35 | 003,797,330 | ---- | M] () -- C:\Users\uživatel\Desktop\Rise_Against_2.mp3
[2011.08.31 20:55:41 | 000,546,550 | ---- | M] () -- C:\Users\uživatel\Desktop\jak.jpg
[2011.08.31 20:24:50 | 017,874,572 | ---- | M] () -- C:\Users\uživatel\Desktop\SilkroadOnline_GlobalOfficial_v1_321(for_v1_315_320).exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.09.05 15:57:12 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.09.04 20:39:51 | 000,001,965 | ---- | C] () -- C:\Users\uživatel\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.09.04 19:04:33 | 000,001,220 | ---- | C] () -- C:\Users\uživatel\Desktop\Spybot - Search & Destroy.lnk
[2011.09.04 14:54:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.09.04 14:54:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.09.04 14:54:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.09.04 14:54:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.09.04 14:54:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.09.04 12:01:14 | 000,139,264 | ---- | C] () -- C:\Users\uživatel\Desktop\SystemLook.exe
[2011.09.01 17:29:19 | 000,490,328 | ---- | C] () -- C:\Users\uživatel\Desktop\01092011.jpg
[2011.09.01 13:01:03 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\FL Studio 10.lnk
[2011.09.01 11:22:31 | 001,702,521 | ---- | C] () -- C:\Users\uživatel\Desktop\Bez názvu-1.jpg
[2011.09.01 11:09:14 | 002,115,011 | ---- | C] () -- C:\Users\uživatel\Desktop\DSC03078.JPG
[2011.09.01 11:09:14 | 001,976,268 | ---- | C] () -- C:\Users\uživatel\Desktop\DSC03080.JPG
[2011.09.01 11:09:14 | 001,967,992 | ---- | C] () -- C:\Users\uživatel\Desktop\DSC03079.JPG
[2011.09.01 11:09:14 | 001,957,643 | ---- | C] () -- C:\Users\uživatel\Desktop\DSC03075.JPG
[2011.09.01 11:09:14 | 001,910,619 | ---- | C] () -- C:\Users\uživatel\Desktop\DSC03076.JPG
[2011.09.01 07:04:52 | 009,775,104 | ---- | C] () -- C:\Users\uživatel\Desktop\savior.mp3
[2011.09.01 07:02:46 | 003,797,330 | ---- | C] () -- C:\Users\uživatel\Desktop\Rise_Against_2.mp3
[2011.08.31 20:55:33 | 000,546,550 | ---- | C] () -- C:\Users\uživatel\Desktop\jak.jpg
[2011.08.31 20:24:46 | 017,874,572 | ---- | C] () -- C:\Users\uživatel\Desktop\SilkroadOnline_GlobalOfficial_v1_321(for_v1_315_320).exe
[2011.08.29 17:08:43 | 033,998,680 | ---- | C] () -- C:\Users\uživatel\Desktop\MorphVOX Pro v4.3.13 with Addons + Crk.exe
[2011.08.13 01:02:53 | 000,066,989 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.08.08 19:54:37 | 000,051,078 | ---- | C] () -- C:\Users\uživatel\AppData\Roaming\room_v3.dat
[2011.06.10 13:44:44 | 000,000,105 | ---- | C] () -- C:\Users\uživatel\AppData\Roaming\private_server_loader.ini
[2011.06.07 15:38:36 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.02.12 10:56:13 | 000,138,160 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.02.12 10:56:13 | 000,138,056 | ---- | C] () -- C:\Users\uživatel\AppData\Roaming\PnkBstrK.sys
[2011.02.12 10:55:39 | 000,271,200 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.02.12 10:55:37 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.02.12 10:55:35 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2011.01.01 18:10:05 | 000,000,891 | ---- | C] () -- C:\Windows\System32\secushr.dat
[2011.01.01 18:09:55 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010.12.31 17:34:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.07.09 21:00:32 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009.08.14 06:52:50 | 000,666,194 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2009.08.14 06:52:50 | 000,292,004 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2009.08.14 06:52:50 | 000,139,890 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2009.08.14 06:52:50 | 000,036,232 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,293,712 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,651,938 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,120,870 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[Druzdak]

[2011.07.04 16:18:24 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\.minecraft
[2011.02.24 18:37:18 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\acccore
[2011.09.01 16:12:15 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\BITS
[2011.01.23 03:45:16 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\DAEMON Tools Lite
[2011.02.14 20:25:55 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\edxLabs
[2011.01.30 11:50:56 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\EuroTalk
[2011.01.01 18:04:03 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\FlashGet
[2011.01.01 18:04:01 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\FlashGetBHO
[2011.06.17 16:01:16 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\go
[2011.03.03 13:33:20 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Hardcore
[2011.06.25 10:51:34 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\ICQ
[2011.02.09 22:54:11 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Imagenomic
[2011.03.02 12:54:38 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Juce VST Host
[2011.07.02 15:33:18 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Lionhead Studios
[2011.02.25 15:42:35 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\LolClient
[2011.05.05 13:50:36 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\OpenOffice.org
[2011.07.29 14:04:20 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\PACE Anti-Piracy
[2011.02.10 23:17:17 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Publish Providers
[2011.08.07 22:37:46 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Rovio
[2011.03.03 13:32:00 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Sawer
[2011.08.29 17:10:55 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Screaming Bee
[2011.08.09 08:06:48 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\SGTY
[2011.02.10 23:17:14 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Sony
[2011.02.18 20:00:19 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\TeamViewer
[2011.07.29 14:06:53 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\TS3Client
[2011.09.01 16:34:44 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< >

< >


< MD5 for: AGP440.SYS >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SoftwareDistribution\Download\e5556aeb28e014a0a0c9d20064d91946\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\SoftwareDistribution\Download\e5556aeb28e014a0a0c9d20064d91946\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010.11.20 14:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\ERDNT\cache\cryptsvc.dll
[2010.11.20 14:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\SoftwareDistribution\Download\e5556aeb28e014a0a0c9d20064d91946\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2010.11.20 14:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\System32\cryptsvc.dll
[2010.11.20 14:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\e5556aeb28e014a0a0c9d20064d91946\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\SoftwareDistribution\Download\e5556aeb28e014a0a0c9d20064d91946\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2010.11.20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010.11.20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: IASTORV.SYS >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\e5556aeb28e014a0a0c9d20064d91946\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\isapnp.sys
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\ERDNT\cache\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\System32\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys
[2010.11.20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\ERDNT\cache\ndis.sys
[2010.11.20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\SoftwareDistribution\Download\e5556aeb28e014a0a0c9d20064d91946\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys
[2010.11.20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\System32\drivers\ndis.sys
[2010.11.20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys

< MD5 for: NETLOGON.DLL >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\e5556aeb28e014a0a0c9d20064d91946\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys
[2010.11.20 14:30:06 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\SoftwareDistribution\Download\e5556aeb28e014a0a0c9d20064d91946\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvraid.sys
[2010.11.20 14:30:06 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvraid.sys
[2010.11.20 14:30:06 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvraid.sys
[2011.03.11 07:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\System32\drivers\nvraid.sys
[2011.03.11 07:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvraid.sys
[2011.03.11 07:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvraid.sys
[2011.03.11 07:28:10 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=E3B840350A72CA6F39BD2BEF85A2BCFB -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvraid.sys
[2011.03.11 07:44:01 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=F1B0BED906F97E16F6D0C3629D2F21C6 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvraid.sys
[2011.03.11 07:52:25 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=FCD5C3542A85EEBA7D0833B7E5086C10 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\e5556aeb28e014a0a0c9d20064d91946\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\e5556aeb28e014a0a0c9d20064d91946\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\System32\smss.exe
[2009.07.14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2011.04.25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011.06.21 07:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\ERDNT\cache\tcpip.sys
[2011.06.21 07:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\System32\drivers\tcpip.sys
[2011.06.21 07:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466\tcpip.sys
[2011.04.25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010.11.20 14:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\SoftwareDistribution\Download\e5556aeb28e014a0a0c9d20064d91946\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2010.11.20 14:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011.04.25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2011.04.25 06:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2011.06.21 07:30:45 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=93C444D118B184452132357C322124CD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_b3703df4e0e237e0\tcpip.sys
[2010.06.14 08:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2010.06.14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys
[2011.06.21 07:39:53 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=C2DAAEB48F3A47C410B041A0D2382EE1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_b32e82b7c78da1d1\tcpip.sys
[2011.06.21 08:54:00 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=DEC4940487050AE13C60C86F40E07E75 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\e5556aeb28e014a0a0c9d20064d91946\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\e5556aeb28e014a0a0c9d20064d91946\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WS2_32.DLL >
[2010.11.20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\ERDNT\cache\ws2_32.dll
[2010.11.20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\SoftwareDistribution\Download\e5556aeb28e014a0a0c9d20064d91946\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
[2010.11.20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\System32\ws2_32.dll
[2010.11.20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[6 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp files -> C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\dc5785e9c8b3c9af476ade166b57dd6e\*.tmp files -> C:\Windows\SoftwareDistribution\Download\dc5785e9c8b3c9af476ade166b57dd6e\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\f1172ec065789780f3e853c2a63ff94c\*.tmp files -> C:\Windows\SoftwareDistribution\Download\f1172ec065789780f3e853c2a63ff94c\*.tmp -> ]
[3 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.07.04 16:18:24 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\.minecraft
[2011.02.24 18:37:18 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\acccore
[2011.02.09 22:04:15 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Adobe
[2011.09.01 16:12:15 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\BITS
[2011.01.23 03:45:16 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\DAEMON Tools Lite
[2011.02.14 20:25:55 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\edxLabs
[2011.01.30 11:50:56 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\EuroTalk
[2011.01.01 18:04:03 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\FlashGet
[2011.01.01 18:04:01 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\FlashGetBHO
[2011.06.17 16:01:16 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\go
[2011.01.02 01:32:57 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\GRETECH
[2011.03.03 13:33:20 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Hardcore
[2011.06.25 10:51:34 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\ICQ
[2010.12.27 12:48:11 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Identities
[2011.02.09 22:54:11 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Imagenomic
[2011.03.02 12:54:38 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Juce VST Host
[2011.07.02 15:33:18 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Lionhead Studios
[2011.02.25 15:42:35 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\LolClient
[2010.12.31 17:24:47 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Macromedia
[2009.07.14 09:49:10 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Media Center Programs
[2011.09.01 13:46:18 | 000,000,000 | --SD | M] -- C:\Users\uživatel\AppData\Roaming\Microsoft
[2011.01.04 15:02:32 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Mozilla
[2011.07.19 19:01:09 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\NVIDIA
[2011.05.05 13:50:36 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\OpenOffice.org
[2011.07.29 14:04:20 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\PACE Anti-Piracy
[2011.02.10 23:17:17 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Publish Providers
[2011.08.09 08:01:36 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Realm of the Titans
[2011.08.07 22:37:46 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Rovio
[2011.03.03 13:32:00 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Sawer
[2011.08.29 17:10:55 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Screaming Bee
[2011.08.09 08:06:48 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\SGTY
[2011.09.05 16:24:37 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Skype
[2011.05.28 09:32:12 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\skypePM
[2011.02.10 23:17:14 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Sony
[2011.09.04 20:40:12 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\SUPERAntiSpyware.com
[2011.02.18 20:00:19 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\TeamViewer
[2011.07.29 14:06:53 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\TS3Client
[2011.09.04 14:51:34 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Winamp
[2010.12.31 18:40:22 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\WinRAR
[2011.01.22 13:50:22 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Xfire

< %APPDATA%\*.exe /s >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2011.09.05 15:57:36 | 000,010,112 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.05 15:57:36 | 000,010,112 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun -- [2011.01.20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd)
"Aim" = "C:\Program Files\AIM\aim.exe" /d locale=en-US -- [2011.01.05 19:11:04 | 004,321,112 | ---- | M] (AOL Inc.)
"msnmsgr" = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background -- [2010.09.23 00:47:30 | 004,240,760 | ---- | M] (Microsoft Corporation)
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2011.08.18 17:04:48 | 017,360,520 | R--- | M] (Skype Technologies S.A.)
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -- [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited)
"SUPERAntiSpyware" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -- [2011.08.12 23:37:06 | 004,603,264 | ---- | M] (SUPERAntiSpyware.com)

< >

< type c:\boot.ini >> test.txt /c >
No captured output from command...

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.09.05 15:57:12 | 000,000,512 | ---- | M] () MD5=8B2DD135265C73DA7C2D9642929CD334 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2011.03.12 20:30:39 | 000,008,275 | RHS- | M] () -- \Downloads\DS2CRACKFIX-FLT_EPIDEMZ.NET.rar.torrent
[2011.07.02 15:39:34 | 015,531,749 | ---- | M] () -- \Downloads\Fable III Crack & Update ONLY-SKIDROW.rar
[2011.07.02 15:36:49 | 000,010,177 | RHS- | M] () -- \Downloads\Fable III Crack & Update ONLY-SKIDROW.rar.torrent
[2011.05.15 20:19:02 | 4205,696,685 | ---- | M] () -- \Downloads\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By G-ADLVR_R7.rar
[2011.05.15 19:00:00 | 000,020,598 | RHS- | M] () -- \Downloads\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By G-ADLVR_R7.rar.torrent
[2011.06.26 13:11:37 | 000,005,561 | RHS- | M] () -- \Downloads\Alice.Madness.Returns.Crackfix-SKIDROW\Alice.Madness.Returns.Crackfix-SKIDROW.torrent
[2011.07.25 11:52:59 | 005,148,800 | ---- | M] () -- \Downloads\music\DnB & Dubstep Collection 3\01 Cracks (Flux Pavilion Remix).mp3
[2011.07.25 13:05:01 | 003,082,336 | ---- | M] () -- \Downloads\music\DnB Dubstep Collection 2\Cracks (Flux Pavilion Remix).mp3
[2011.07.25 11:15:45 | 003,072,032 | ---- | M] () -- \Downloads\music\dub\Freestylers - Cracks (Flux Pavilion Remix).mp3
[2011.03.30 22:48:32 | 009,808,348 | ---- | M] () -- \Downloads\music\Getdarker Presents This Is Dubstep Vol 3\08 Cracks (Flux Pavillion Remix) [fe.m4a
[2011.04.25 14:27:41 | 000,002,745 | RHS- | M] () -- \Downloads\Portal.2.Crack.Fix-SKIDROW\Portal.2.Crack.Fix-SKIDROW.torrent
[2011.05.23 15:23:17 | 038,445,769 | ---- | M] () -- \Downloads\software\Virtual DJ v7.0 PRO + Crack [ChattChitto RG]\Virtual DJ v7.0 PRO + Crack [ChattChitto RG].exe
[2011.05.23 15:21:32 | 000,012,611 | RHS- | M] () -- \Downloads\software\Virtual DJ v7.0 PRO + Crack [ChattChitto RG]\Virtual DJ v7.0 PRO + Crack [ChattChitto RG].torrent
[2010.09.22 00:49:32 | 000,013,312 | ---- | M] () -- \HRY\ZSZC SRO\crackloader.exe
[2009.03.08 10:59:14 | 000,163,840 | ---- | M] () -- \Program Files\Garena\plugins\UI\AvoidCrackPlugin.dll
[2008.09.08 22:55:14 | 000,000,204 | ---- | M] () -- \Program Files\Image-Line\FL Studio 10\Plugins\Fruity\Effects\Hardcore\Presets\I cracked my Tube!.hdprg
[2010.01.15 22:56:40 | 000,000,272 | ---- | M] () -- \Program Files\Image-Line\FL Studio 10\Plugins\Fruity\Generators\Drumaxx\Drum Patches\Sound FX\Crack.dmpatch
[2010.01.15 22:56:40 | 000,000,272 | ---- | M] () -- \Program Files\Image-Line\FL Studio 10\Plugins\Fruity\Generators\DrumPad\Drum Patches\Sound FX\Crack.dmpatch
[2008.09.08 22:55:14 | 000,000,204 | ---- | M] () -- \Program Files\Image-Line\Hardcore\Presets\I cracked my Tube!.hdprg
[2009.03.03 13:28:38 | 000,000,461 | ---- | M] () -- \Program Files\Image-Line\Sawer\Presets\Ambient\MC Cracked.sawer
[2011.01.25 17:52:50 | 000,076,652 | ---- | M] () -- \Program Files\Paradox Interactive\Magicka\Content\Levels\Textures\Surface\Nature\Ground\dirt01_cracked_0.xnb
[2011.01.25 17:52:50 | 000,034,846 | ---- | M] () -- \Program Files\Paradox Interactive\Magicka\Content\Levels\Textures\Surface\Nature\Ground\dirt01_cracked_NRM_0.xnb
[2011.01.25 17:52:50 | 000,018,032 | ---- | M] () -- \Program Files\Paradox Interactive\Magicka\Content\Levels\Textures\Surface\Structure\Stone\wall_cracked01_0.xnb
[2011.01.25 17:52:50 | 000,008,364 | ---- | M] () -- \Program Files\Paradox Interactive\Magicka\Content\Levels\Textures\Surface\Structure\Stone\wall_cracked_NRM_0.xnb
[2010.07.30 14:58:38 | 000,021,985 | ---- | M] () -- \Program Files\Stunlock Studios\Bloodline Champions\Content\Particles\1x1\point_cracks.dds.xnb
[2011.04.25 14:27:41 | 000,002,745 | ---- | M] () -- \Users\uživatel\AppData\Roaming\FlashGet\v3\dat\torrent\11864172_Portal_2_Crack_Fix-SKIDROW.6331819.TPB.torrent
[2011.05.15 19:00:00 | 000,020,598 | ---- | M] () -- \Users\uživatel\AppData\Roaming\FlashGet\v3\dat\torrent\30189531_GTA_San_Andreas_full_game_pc___with_crack__.3649668.TPB.torrent
[2011.03.12 20:30:39 | 000,008,275 | ---- | M] () -- \Users\uživatel\AppData\Roaming\FlashGet\v3\dat\torrent\31672664_Dead_Space_2_Crack_Fix_FTL.6136922.TPB.torrent
[2011.02.07 20:04:28 | 000,032,981 | ---- | M] () -- \Users\uživatel\AppData\Roaming\FlashGet\v3\dat\torrent\42967948_Call_of_Duty_4_Keygen_and_Crack.3889893.TPB.torrent
[2011.07.02 15:36:49 | 000,010,177 | ---- | M] () -- \Users\uživatel\AppData\Roaming\FlashGet\v3\dat\torrent\54539119_Fable.III.Crack._.Update.ONLY-SKIDROW.6403413.TPB.torrent
[2011.05.23 15:21:32 | 000,012,611 | ---- | M] () -- \Users\uživatel\AppData\Roaming\FlashGet\v3\dat\torrent\6181180_Virtual_DJ_v7.0_PRO___Crack_[ChattChitto_RG].5888476.TPB.torrent
[2011.06.26 13:11:37 | 000,005,561 | ---- | M] () -- \Users\uživatel\AppData\Roaming\FlashGet\v3\dat\torrent\6558172_Alice_Madness_Returns_Crackfix-SKIDROW.6478009.TPB.torrent
[2011.06.26 13:11:37 | 000,005,561 | ---- | M] () -- \Users\uživatel\Downloads\Alice_Madness_Returns_Crackfix-SKIDROW.6478009.TPB.torrent
[2011.08.11 17:24:59 | 000,006,389 | ---- | M] () -- \Users\uživatel\Downloads\Audio4Fun_AV_Voice_Changer_Diamond_7.0.29___Crack_[RH].5930251.TPB.torrent
[2011.06.11 12:25:24 | 001,554,735 | ---- | M] () -- \Users\uživatel\Downloads\db_Bot_v1.3a + crack (1).rar
[2011.06.10 13:46:49 | 001,554,735 | ---- | M] () -- \Users\uživatel\Downloads\db_Bot_v1.3a + crack.rar
[2011.07.02 15:36:49 | 000,010,177 | ---- | M] () -- \Users\uživatel\Downloads\Fable.III.Crack._.Update.ONLY-SKIDROW.6403413.TPB.torrent
[2011.05.15 19:00:00 | 000,020,598 | ---- | M] () -- \Users\uživatel\Downloads\GTA_San_Andreas_full_game_pc___with_crack__.3649668.TPB.torrent
[2011.08.03 19:21:52 | 1005,787,049 | ---- | M] () -- \Users\uživatel\Downloads\multiplayer-crack-dlc.rar
[2011.04.25 14:27:41 | 000,002,745 | ---- | M] () -- \Users\uživatel\Downloads\Portal_2_Crack_Fix-SKIDROW.6331819.TPB.torrent
[2011.06.02 15:22:08 | 000,101,210 | ---- | M] () -- \Users\uživatel\Downloads\RORCRACK10A.ZIP
[2011.05.23 15:21:32 | 000,012,611 | ---- | M] () -- \Users\uživatel\Downloads\Virtual_DJ_v7.0_PRO___Crack_[ChattChitto_RG].5888476.TPB.torrent
[2010.12.09 13:50:03 | 005,570,560 | ---- | M] () -- \Users\uživatel\Music\HPTN vol.2 Mr. Mustage sampler\03-3. La4 & James Cole - Neco jako klid_Crack.mp3
[2010.12.07 19:46:28 | 009,108,706 | ---- | M] () -- \Users\uživatel\Music\La4 - Gyzmo\04-Něco jako klid_crack (+James Cole).mp3
[2010.12.19 17:35:06 | 005,255,521 | ---- | M] () -- \Users\uživatel\Music\UKF Dubstep 2010 - MartN\02 Cracks (Flux Pavilion Remix).mp3
[2011.07.18 17:31:29 | 005,121,662 | ---- | M] () -- \Users\uživatel\Music\UKF Dubstep\Freestylers - Cracks (Flux Pavilion Remix).mp3
[2011.07.31 01:11:17 | 001,329,944 | ---- | M] () -- \Users\uživatel\Pictures\Perverted+Toys+Check+out+the+full+article+at+cracked+com_f38493_2420805.jpg

< *keygen* /s >
[2011.01.30 19:13:23 | 000,012,246 | ---- | M] () -- \Users\uživatel\AppData\Roaming\FlashGet\v3\dat\torrent\29330418_Sony_Vegas_Movie_Studio_HD_Platinum_10.0.179___Keygen_[RH].5723041.TPB.torrent
[2011.02.07 20:04:28 | 000,032,981 | ---- | M] () -- \Users\uživatel\AppData\Roaming\FlashGet\v3\dat\torrent\42967948_Call_of_Duty_4_Keygen_and_Crack.3889893.TPB.torrent

< End of report >

[Druzdak]

Extras.txt


OTL Extras logfile created on: 5.9.2011 15:54:49 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\uživatel\Desktop
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,24 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 55,54% Memory free
6,48 Gb Paging File | 4,80 Gb Available in Paging File | 74,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,41 Gb Total Space | 716,42 Gb Free Space | 76,92% Space Free | Partition Type: NTFS

Computer Name: UŽIVATEL-PC | User Name: uživatel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 26
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}" = Vegas Movie Studio HD Platinum 10.0
"{463F67F4-58D0-4C0D-BBC9-D0CC4E56D1B8}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{662CFD19-EA80-4EFE-A0D8-EE10EFEB3C83}" = Livestream Procaster
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2DE62D8-EF1B-36CB-B461-B1E221ED8608}" = Microsoft .NET Framework 4 Extended CSY Language Pack
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5B94160-4A07-4956-9C73-8C5EEFEF180F}" = OpenOffice.org 3.3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBECFA83-42DC-4585-A970-A764AB01A956}" = Call Of Duty(R) 2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface
"Alice: Madness Returns_is1" = Alice: Madness Returns
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Celestia_is1" = Celestia 1.6.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"EuroTalk Talk Now Plus!" = EuroTalk Talk Now Plus!
"FL Studio 10" = FL Studio 10
"FL Studio 9" = FL Studio 9
"FlashGet 3.3" = FlashGet 3.3
"GameParkClient_is1" = GamePark
"Garena" = Garena 2010
"GOM Player" = GOM Player
"Hardcore" = Hardcore
"hon" = Heroes of Newerth
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"IL Download Manager" = IL Download Manager
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Magicka_is1" = Magicka
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended CSY Language Pack" = Microsoft .NET Framework 4 Extended CSY Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"Realm Of The Titans" = Realm Of The Titans
"Sawer" = Sawer
"Silkroad" = Silkroad
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"Toxic Biohazard" = Toxic Biohazard
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"VST Bridge_is1" = VST Bridge 1.1
"Warcraft III" = Warcraft III
"Warcraft III Reign of Chaos & The Frozen Throne" = Warcraft III Reign of Chaos & The Frozen Throne
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2419579696-3991638777-3736419961-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome
"Warcraft III" = Warcraft III: All Products
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >