VIRY.CZ

Zdravím,

potřeboval bych vaši pomoc při řešení následujícího problému. Kdysi se tu tento problém už řešil. Na ploše a ve startu se změnili všechny ikonky programů na list s windows logem a když chci spustit nějaký program z plochy nebo ze startu spustí se program Windows Media Center. Mimochodem PC jsem projel antivirem Panda a zkoušel jsem i obnovu bez úspěchu.

parametry PC:
OS: Windows 7 professional 32bit
Procesor: Intel Celeron 2.8 GHz
Ram: 1,5 GB

Děkuji za případnou pomoc.

Zde přikládám Log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by datasoft at 2012-04-18 08:35:40
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 118 GB (77%) free of 153 GB
Total RAM: 1527 MB (47% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D1BB7F3-F92A-40C1-93B9-15893C2FA4A4}]
Surf-Lock2 Internet Explorer Extension - C:\Program Files\Netop\Vision\Plugins\Surf-Lock\sl2iebho.dll [2011-07-29 265336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
Panda Security Toolbar - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll [2011-06-24 86696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - Panda Security Toolbar - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll [2011-06-24 86696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2006-10-06 98304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2006-10-06 114688]
"Persistence"=C:\Windows\system32\igfxpers.exe [2006-10-06 94208]
"MeUiHelper"=C:\Program Files\Netop\Vision\XL\meuihlp.exe [2011-07-29 213624]
"PSUNMain"=C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe [2011-04-28 439616]
"Panda Security URL Filtering"=C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe [2012-03-19 217256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"*Restore"=C:\Windows\System32\rstrui.exe [2010-11-20 262656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2006-10-06 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F911591F-D659-40ed-B048-EB8F8E48AB00}"=C:\Windows\system32\MeAMHook.dll [2011-07-29 129144]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"EnableShellExecuteHooks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-04-18 08:30:05 ----D---- C:\Program Files\trend micro
2012-04-18 08:30:04 ----D---- C:\rsit
2012-04-18 03:05:41 ----A---- C:\Windows\system32\mshtmled.dll
2012-04-18 03:05:40 ----A---- C:\Windows\system32\jscript9.dll
2012-04-18 03:05:40 ----A---- C:\Windows\system32\jscript.dll
2012-04-18 03:05:40 ----A---- C:\Windows\system32\iertutil.dll
2012-04-18 03:05:39 ----A---- C:\Windows\system32\wininet.dll
2012-04-18 03:05:39 ----A---- C:\Windows\system32\jsproxy.dll
2012-04-18 03:05:38 ----A---- C:\Windows\system32\url.dll
2012-04-18 03:05:38 ----A---- C:\Windows\system32\ieui.dll
2012-04-18 03:05:37 ----A---- C:\Windows\system32\urlmon.dll
2012-04-18 03:05:36 ----A---- C:\Windows\system32\ieframe.dll
2012-04-18 03:05:34 ----A---- C:\Windows\system32\mshtml.dll
2012-04-18 03:03:19 ----A---- C:\Windows\system32\wmi.dll
2012-04-18 03:03:19 ----A---- C:\Windows\system32\wintrust.dll
2012-04-18 03:03:19 ----A---- C:\Windows\system32\imagehlp.dll
2012-04-18 03:03:19 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2012-04-13 09:04:04 ----A---- C:\Windows\system32\ntkrnlpa.exe
2012-04-13 09:04:03 ----A---- C:\Windows\system32\ntoskrnl.exe

======List of files/folders modified in the last 1 month======

2012-04-18 08:35:40 ----D---- C:\Windows\Temp
2012-04-18 08:32:18 ----D---- C:\Windows\System32
2012-04-18 08:32:18 ----D---- C:\Windows\inf
2012-04-18 08:32:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-04-18 08:30:05 ----RD---- C:\Program Files
2012-04-18 08:18:25 ----D---- C:\Windows\system32\wbem
2012-04-18 08:18:25 ----D---- C:\Windows
2012-04-18 08:17:31 ----D---- C:\ProgramData\Panda Security URL Filtering
2012-04-18 08:17:31 ----D---- C:\ProgramData\Microsoft Help
2012-04-18 08:17:31 ----D---- C:\Program Files\Internet Explorer
2012-04-18 08:17:20 ----SHD---- C:\Windows\Installer
2012-04-18 08:17:18 ----D---- C:\Windows\Tasks
2012-04-18 08:17:18 ----D---- C:\Windows\system32\migration
2012-04-18 08:17:18 ----D---- C:\Windows\system32\DriverStore
2012-04-18 08:17:18 ----D---- C:\Windows\system32\drivers
2012-04-18 08:17:18 ----D---- C:\Windows\system32\catroot2
2012-04-18 08:17:15 ----D---- C:\Windows\winsxs
2012-04-18 08:17:11 ----D---- C:\Windows\registration
2012-04-18 08:13:20 ----D---- C:\Windows\system32\config
2012-04-18 08:12:48 ----SHD---- C:\System Volume Information
2012-04-18 08:11:29 ----D---- C:\Windows\Prefetch
2012-04-18 03:16:58 ----D---- C:\Windows\Microsoft.NET
2012-04-18 03:16:11 ----RSD---- C:\Windows\assembly
2012-04-18 03:07:28 ----A---- C:\Windows\win.ini
2012-04-18 03:06:00 ----D---- C:\Windows\system32\catroot
2012-04-18 03:03:45 ----A---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 MENET;MENET; C:\Windows\System32\Drivers\MENET.SYS [2011-07-29 74360]
R1 PSINKNC;PSINKNC; C:\Windows\system32\DRIVERS\psinknc.sys [2011-11-23 126216]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R2 PSINAflt;PSINAflt; C:\Windows\system32\DRIVERS\PSINAflt.sys [2012-01-05 144136]
R2 PSINFile;PSINFile; C:\Windows\system32\DRIVERS\PSINFile.sys [2011-04-28 99400]
R2 PSINProc;PSINProc; C:\Windows\system32\DRIVERS\PSINProc.sys [2011-04-28 111176]
R2 PSINProt;PSINProt; C:\Windows\system32\DRIVERS\PSINProt.sys [2011-11-30 112904]
R3 ialm;ialm; C:\Windows\system32\DRIVERS\igxpmp32.sys [2006-10-06 1181824]
R3 meddmrr;meddmrr; C:\Windows\system32\DRIVERS\meddmrr.sys [2010-07-16 11384]
R3 mekbd;mekbd; C:\Windows\System32\Drivers\mekbd.sys [2011-09-23 18040]
R3 memice;memice; C:\Windows\System32\Drivers\memice.sys [2011-09-23 17016]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2009-07-14 43008]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MeSuWTS;Vision WTS Helper; C:\Program Files\Netop\Vision\XL\mesuwts.exe [2011-07-29 177272]
R2 NanoServiceMain;Panda Cloud Antivirus Service; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-01-28 1343400]

-----------------EOF-----------------

Zdravim a pekny den preji

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Ted nerestartujte PC - prisli byste o ucinek RKillu

Aplikujte exeHelper by Raktor

Linky ke stazeni
- COM soubor http://vyosek.ic.cz/BE/exeHelper.com
- SCR soubor http://vyosek.ic.cz/BE/exeHelper.scr
Utilitu staci spustit jako Spravce (klik pravym mysidlem), probehne oprava a vznikne log exehelperlog.txt

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Pockejte na dokonceni PreScanu
Zvolte moznost Prohledat (scan)
Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte

Děkuji, za Vaši pomoc a čas

Postupuji tak jak píšete,

Log z RKILL
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 18.04.2012 at 9:07:39.
Operating System: Windows 7 Professional

Processes terminated by Rkill or while it was running:

Rkill completed on 18.04.2012 at 9:07:50.

Log z exeHelper

exeHelper by Raktor
Build 20100414
Run at 09:08:59 on 04/18/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

A zpráva z Rouge Killer

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v: Normální režim
Uživatel: datasoft [Práva správce]
Mód: Kontrola -- Datum: 04/18/2012 09:11:50

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrů: 3 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST3160815AS ATA Device +++++
--- User ---
[MBR] 96ba84db390858adbdb70e93b5e17367
[BSP] 6bbb16e9ce19a0a51a2ddec2f257f88d : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1].txt >>
RKreport[1].txt

Fajn, nastala nejaka zmena?

Ještě jsem raději nechtěl mazat to co ukázal Rouge Killer.

Mám to tedy smazat ?

Problém přetrvává

Spustte znovu RogueKiller

Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte

Provedl jsem níže jsou požadované logy,

Mimochodem PC teď není připojené k síti nerad bych aby se šířil vir na další počítače.

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v: Normální režim
Uživatel: datasoft [Práva správce]
Mód: Odebrat -- Datum: 04/19/2012 06:51:04

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrů: 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST3160815AS ATA Device +++++
--- User ---
[MBR] 96ba84db390858adbdb70e93b5e17367
[BSP] 6bbb16e9ce19a0a51a2ddec2f257f88d : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt

a další

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v: Normální režim
Uživatel: datasoft [Práva správce]
Mód: Oprava HOSTS -- Datum: 04/19/2012 06:52:36

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost

¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončeno : << RKreport[8].txt >>

Sirit se nebude, resp. nemel by

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

Tak tady je OTL

OTL logfile created on: 19.4.2012 8:03:17 - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\PC14\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,49 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 53,01% Memory free
2,98 Gb Paging File | 2,21 Gb Available in Paging File | 74,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 115,04 Gb Free Space | 77,19% Space Free | Partition Type: NTFS
Drive D: | 2,11 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 1,87 Gb Total Space | 1,34 Gb Free Space | 71,77% Space Free | Partition Type: FAT

Computer Name: PC14 | User Name: datasoft | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012.04.19 07:55:48 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\PC14\Desktop\OTL.exe
PRC - [2012.03.19 10:51:36 | 000,217,256 | ---- | M] (Panda Security) -- C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
PRC - [2011.07.29 19:22:16 | 001,659,512 | ---- | M] (Netop Business Solutions A/S) -- C:\Program Files\Netop\Vision\XL\MeSuAx.exe
PRC - [2011.07.29 19:22:16 | 000,569,464 | ---- | M] (Netop Business Solutions A/S) -- C:\Program Files\Netop\Vision\Plugins\Chat\MChat.exe
PRC - [2011.07.29 19:22:16 | 000,213,624 | ---- | M] (Netop Business Solutions A/S) -- C:\Program Files\Netop\Vision\XL\MeUiHlp.exe
PRC - [2011.07.29 19:22:16 | 000,177,272 | ---- | M] (Netop Business Solutions A/S) -- C:\Program Files\Netop\Vision\XL\mesuwts.exe
PRC - [2011.04.28 15:01:20 | 000,439,616 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2011.04.28 14:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - [2011.07.29 19:22:16 | 000,177,272 | ---- | M] (Netop Business Solutions A/S) [Auto | Running] -- C:\Program Files\Netop\Vision\XL\mesuwts.exe -- (MeSuWTS)
SRV - [2011.04.28 14:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2011.01.28 11:48:54 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2012.01.05 14:10:13 | 000,144,136 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2011.11.30 19:37:27 | 000,112,904 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2011.11.23 10:59:43 | 000,126,216 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2011.09.23 10:43:10 | 000,018,040 | ---- | M] (Netop Business Solutions) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mekbd.sys -- (mekbd)
DRV - [2011.09.23 10:43:10 | 000,017,016 | ---- | M] (Netop Business Solutions) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\memice.sys -- (memice)
DRV - [2011.07.29 19:22:16 | 000,074,360 | ---- | M] (Netop Business Solutions A/S) [Kernel | System | Running] -- C:\Windows\System32\drivers\MeNet.sys -- (MENET)
DRV - [2011.04.28 14:57:21 | 000,111,176 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2011.04.28 14:57:20 | 000,099,400 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.07.16 18:27:06 | 000,011,384 | ---- | M] (Netop Business Solutions) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\meddmrr.sys -- (meddmrr)
DRV - [2009.07.14 00:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3485430762-3757679750-2235622661-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-3485430762-3757679750-2235622661-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3485430762-3757679750-2235622661-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-3485430762-3757679750-2235622661-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3485430762-3757679750-2235622661-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-3485430762-3757679750-2235622661-1001\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-3485430762-3757679750-2235622661-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-3485430762-3757679750-2235622661-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo.com/search?fr=chr-p ... PCAFSI1190
IE - HKU\S-1-5-21-3485430762-3757679750-2235622661-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{71A44B6B-42B9-4111-BD15-E67572E92A4C}: C:\Program Files\Netop\Vision\Plugins\Surf-Lock\ff [2011.09.23 10:43:05 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012.04.19 06:52:36 | 000,000,843 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Surf-Lock2 Internet Explorer Extension) - {8D1BB7F3-F92A-40C1-93B9-15893C2FA4A4} - C:\Program Files\Netop\Vision\Plugins\Surf-Lock\sl2iebho.dll (Netop Business Solutions A/S)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O4 - HKLM..\Run: [MeUiHelper] C:\Program Files\Netop\Vision\XL\MeUiHlp.exe (Netop Business Solutions A/S)
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\glsphost.dll (Netop Business Solutions A/S)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\glsphost.dll (Netop Business Solutions A/S)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFEB60D8-1210-4E80-A23C-C8856059FDA4}: DhcpNameServer = 192.168.100.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {F911591F-D659-40ed-B048-EB8F8E48AB00} - C:\Windows\System32\MeAMHook.dll (Netop Business Solutions A/S)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.07.14 12:21:35 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2012.04.18 09:10:07 | 000,000,000 | ---D | C] -- C:\Users\datasoft\Desktop\RK_Quarantine
[2012.04.18 08:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.04.18 08:30:04 | 000,000,000 | ---D | C] -- C:\rsit
[2012.04.18 03:05:41 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.18 03:05:40 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.04.18 03:05:39 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.04.18 03:05:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.18 03:05:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.18 03:05:37 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.04.13 09:04:04 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.04.13 09:04:03 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

========== Files - Modified Within 7 Days ==========

[2012.04.19 08:05:48 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.04.19 08:01:13 | 000,634,994 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012.04.19 08:01:13 | 000,619,952 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.19 08:01:13 | 000,123,768 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012.04.19 08:01:13 | 000,108,134 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.19 07:59:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.19 06:53:54 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.19 06:53:54 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.19 06:46:03 | 1201,217,536 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.17 08:35:17 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012.04.17 08:35:17 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012.04.17 08:34:56 | 000,002,752 | ---- | M] () -- C:\Users\datasoft\Desktop\Soubor Windows Compatibility Report.htm

========== Files Created - No Company Name ==========

[2012.04.19 08:05:48 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.04.17 08:34:57 | 000,002,752 | ---- | C] () -- C:\Users\datasoft\Desktop\Soubor Windows Compatibility Report.htm
[2012.04.17 08:32:04 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012.04.17 08:32:04 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2011.12.02 10:02:35 | 000,000,264 | ---- | C] () -- C:\Windows\System32\PSUNCpl.dat
[2011.06.21 09:36:04 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.01.28 11:17:16 | 000,000,346 | ---- | C] () -- C:\Windows\DIDAKTA.INI

========== LOP Check ==========

[2011.12.02 10:06:48 | 000,000,000 | ---D | M] -- C:\Users\datasoft\AppData\Roaming\Panda Security
[2011.03.15 11:15:33 | 000,000,000 | ---D | M] -- C:\Users\PC14\AppData\Roaming\Foxit Software
[2012.04.18 06:43:24 | 000,000,000 | ---D | M] -- C:\Users\PC14\AppData\Roaming\Panda Security
[2012.02.29 11:49:52 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< >

< >

< MD5 for: ATAPI.SYS >
[2002.09.23 14:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp1.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\Windows.old\Windows\ServicePackFiles\i386\sp3.cab:atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2002.09.23 14:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\Windows.old\Windows\$NtServicePackUninstall$\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\system32\drivers\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2002.09.23 14:00:00 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=82CD2AA659D68781D29BA87421BE0E40 -- C:\Windows.old\Windows\$NtServicePackUninstall$\autochk.exe
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\Windows.old\Windows\ServicePackFiles\i386\autochk.exe
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\Windows.old\Windows\system32\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2002.09.23 14:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp1.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\Windows.old\Windows\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\Windows.old\Windows\ServicePackFiles\i386\cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\Windows.old\Windows\system32\drivers\cdrom.sys
[2002.09.23 14:00:00 | 000,047,488 | ---- | M] (Microsoft Corporation) MD5=6506E033AD04CFEC9EE56DBEFD1083DD -- C:\Windows.old\Windows\$NtServicePackUninstall$\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2002.09.23 14:00:00 | 001,004,544 | ---- | M] (Microsoft Corporation) MD5=11D80755545CFB5EB9659EE88440EAE2 -- C:\Windows.old\Windows\$NtServicePackUninstall$\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\Windows.old\Windows\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\Windows.old\Windows\ServicePackFiles\i386\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\datasoft\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\datasoft\AppData\Local\Temp\RarSFX1\procs\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\datasoft\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\datasoft\AppData\Local\Temp\RarSFX1\h\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: HAL.DLL >
[2002.09.23 14:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp1.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\Windows.old\Windows\ServicePackFiles\i386\sp3.cab:hal.dll
[2010.11.20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010.11.20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2008.04.14 00:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\Windows.old\Windows\ServicePackFiles\i386\hal.dll
[2008.04.14 00:01:30 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\Windows.old\Windows\system32\HAL.DLL
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
[2002.09.23 14:00:00 | 000,127,872 | ---- | M] (Microsoft Corporation) MD5=E8D2B5D5186A9B93D7019D7A74D77A1E -- C:\Windows.old\Windows\$NtServicePackUninstall$\hal.dll

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\Windows.old\Windows\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\Windows.old\Windows\system32\scecli.dll
[2002.09.23 14:00:00 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B2666CAB5E8C8A741D63F18D551A47FB -- C:\Windows.old\Windows\$NtServicePackUninstall$\scecli.dll

< MD5 for: SVCHOST.EXE >
[2002.09.23 14:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=329945887A0C684C38A4845330BC9100 -- C:\Windows.old\Windows\$NtServicePackUninstall$\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\Windows.old\Windows\ServicePackFiles\i386\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\Windows.old\Windows\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2011.04.25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011.06.21 07:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466\tcpip.sys
[2011.09.29 18:02:44 | 001,301,872 | ---- | M] (Microsoft Corporation) MD5=22F7E7CBCA308DEE3428B097D4F8A61C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys
[2011.04.25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2002.09.23 14:00:00 | 000,332,928 | ---- | M] (Microsoft Corporation) MD5=244A2F9816BC9B593957281EF577D976 -- C:\Windows.old\Windows\$NtServicePackUninstall$\tcpip.sys
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010.11.20 14:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011.09.29 18:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
[2011.09.29 17:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys
[2011.09.29 18:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\System32\drivers\tcpip.sys
[2011.09.29 18:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
[2011.04.25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2011.04.25 06:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2011.06.21 07:30:45 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=93C444D118B184452132357C322124CD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_b3703df4e0e237e0\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\Windows.old\Windows\$NtUninstallKB951748$\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\Windows.old\Windows\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\Windows.old\Windows\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\Windows.old\Windows\system32\drivers\tcpip.sys
[2010.06.14 08:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\Windows.old\Windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2010.06.14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys
[2011.06.21 07:39:53 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=C2DAAEB48F3A47C410B041A0D2382EE1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_b32e82b7c78da1d1\tcpip.sys
[2011.06.21 08:54:00 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=DEC4940487050AE13C60C86F40E07E75 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\Windows.old\Windows\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\Windows.old\Windows\system32\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\datasoft\AppData\Local\Temp\RarSFX0\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\datasoft\AppData\Local\Temp\RarSFX1\userinit.exe
[2002.09.23 14:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B26871B5CE92F9D95AE6E62119799EB9 -- C:\Windows.old\Windows\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\datasoft\AppData\Local\Temp\RarSFX0\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\datasoft\AppData\Local\Temp\RarSFX1\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\Windows.old\Windows\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\Windows.old\Windows\system32\winlogon.exe
[2002.09.23 14:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=FF8857D1AF59071F172C0FAD0FD33E87 -- C:\Windows.old\Windows\$NtServicePackUninstall$\winlogon.exe

< >

< %systemroot%*.* /U /s >
[12 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\dc5785e9c8b3c9af476ade166b57dd6e\*.tmp files -> C:\Windows\SoftwareDistribution\Download\dc5785e9c8b3c9af476ade166b57dd6e\*.tmp -> ]
[65 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.03.24 16:14:06 | 000,000,000 | ---D | M] -- C:\Users\datasoft\AppData\Roaming\Adobe
[2011.03.24 15:55:58 | 000,000,000 | ---D | M] -- C:\Users\datasoft\AppData\Roaming\Identities
[2011.03.24 16:14:06 | 000,000,000 | ---D | M] -- C:\Users\datasoft\AppData\Roaming\Macromedia
[2009.07.14 10:47:27 | 000,000,000 | ---D | M] -- C:\Users\datasoft\AppData\Roaming\Media Center Programs
[2012.03.16 12:16:44 | 000,000,000 | --SD | M] -- C:\Users\datasoft\AppData\Roaming\Microsoft
[2011.12.02 10:06:48 | 000,000,000 | ---D | M] -- C:\Users\datasoft\AppData\Roaming\Panda Security

< %APPDATA%\*.exe /s >
[2011.02.18 11:49:36 | 000,018,902 | R--- | M] () -- C:\Users\datasoft\AppData\Roaming\Microsoft\Installer\{172A56D1-67C5-4D56-A9AA-A6B4A03573D8}\ARPPRODUCTICON.exe
[2011.02.18 11:49:36 | 000,057,344 | R--- | M] (InstallShield Software Corp.) -- C:\Users\datasoft\AppData\Roaming\Microsoft\Installer\{172A56D1-67C5-4D56-A9AA-A6B4A03573D8}\NewShortcut11_172A56D167C54D56A9AAA6B4A03573D8.exe
[2011.02.18 11:49:36 | 000,057,344 | R--- | M] (InstallShield Software Corp.) -- C:\Users\datasoft\AppData\Roaming\Microsoft\Installer\{172A56D1-67C5-4D56-A9AA-A6B4A03573D8}\NewShortcut1_172A56D167C54D56A9AAA6B4A03573D8.exe
[2011.02.18 11:46:17 | 000,057,344 | R--- | M] (InstallShield Software Corp.) -- C:\Users\datasoft\AppData\Roaming\Microsoft\Installer\{41E66465-053A-45D6-81ED-3B7F7D76300B}\ARPPRODUCTICON.exe
[2011.02.18 11:46:18 | 000,057,344 | R--- | M] (InstallShield Software Corp.) -- C:\Users\datasoft\AppData\Roaming\Microsoft\Installer\{41E66465-053A-45D6-81ED-3B7F7D76300B}\NewShortcut11_41E66465053A45D681ED3B7F7D76300B.exe
[2011.02.18 11:46:18 | 000,057,344 | R--- | M] (InstallShield Software Corp.) -- C:\Users\datasoft\AppData\Roaming\Microsoft\Installer\{41E66465-053A-45D6-81ED-3B7F7D76300B}\NewShortcut1_41E66465053A45D681ED3B7F7D76300B.exe
[2011.02.18 11:51:45 | 000,018,902 | R--- | M] () -- C:\Users\datasoft\AppData\Roaming\Microsoft\Installer\{4D3CE45B-F511-48D3-94B7-F734C50BED81}\ARPPRODUCTICON.exe
[2011.02.18 11:51:45 | 000,018,902 | R--- | M] () -- C:\Users\datasoft\AppData\Roaming\Microsoft\Installer\{4D3CE45B-F511-48D3-94B7-F734C50BED81}\NewShortcut111_4D3CE45BF51148D394B7F734C50BED81.exe
[2011.02.18 11:51:45 | 000,018,902 | R--- | M] () -- C:\Users\datasoft\AppData\Roaming\Microsoft\Installer\{4D3CE45B-F511-48D3-94B7-F734C50BED81}\NewShortcut11_4D3CE45BF51148D394B7F734C50BED81.exe
[2011.02.18 11:43:12 | 000,041,542 | R--- | M] () -- C:\Users\datasoft\AppData\Roaming\Microsoft\Installer\{996E2196-AAAE-457D-814C-5A0375AADF2C}\ARPPRODUCTICON.exe
[2011.02.18 11:43:12 | 000,041,542 | R--- | M] () -- C:\Users\datasoft\AppData\Roaming\Microsoft\Installer\{996E2196-AAAE-457D-814C-5A0375AADF2C}\NewShortcut11_996E2196AAAE457D814C5A0375AADF2C.exe
[2011.02.18 11:43:12 | 000,041,542 | R--- | M] () -- C:\Users\datasoft\AppData\Roaming\Microsoft\Installer\{996E2196-AAAE-457D-814C-5A0375AADF2C}\NewShortcut1_996E2196AAAE457D814C5A0375AADF2C.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2012.04.19 06:53:54 | 000,015,168 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.19 06:53:54 | 000,015,168 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.18 03:03:45 | 055,154,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\MRT.exe
[2012.04.19 08:01:13 | 000,123,768 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2012.04.19 08:01:13 | 000,108,134 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2012.04.19 08:01:13 | 000,634,994 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2012.04.19 08:01:13 | 000,619,952 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2012.04.19 08:01:13 | 001,482,364 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2011.03.24 16:01:06 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.04.19 08:05:48 | 000,000,512 | ---- | M] () MD5=96BA84DB390858ADBDB70E93B5E17367 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2011.01.18 11:26:53 | 000,007,759 | ---- | M] () -- \Windows.old\Documents and Settings\PC 14\Local Settings\Temporary Internet Files\Content.IE5\3VX0Y3Y9\Prop_Xmas_Nutcracker[1].swf

< *keygen* /s >

< *loader* /s >
[2010.10.07 05:36:40 | 000,265,552 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2010.10.07 05:36:40 | 000,018,264 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2011.04.28 14:58:55 | 000,132,416 | ---- | M] () -- \Program Files\Panda Security\Panda Cloud Antivirus\PSANLiveDownloader.dll
[2011.04.29 12:00:12 | 000,001,047 | ---- | M] () -- \Users\PC14\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0IMR97KH\logoloader[2].js
[2011.06.24 10:59:25 | 000,000,000 | ---- | M] () -- \Users\PC14\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5B4F7526\gameloader[1].dcr
[2012.03.27 08:52:13 | 000,039,392 | ---- | M] () -- \Users\PC14\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GFFZ37EF\lesnikuv-ucen-loader[1].swf
[2012.03.27 11:04:46 | 000,004,487 | ---- | M] () -- \Users\PC14\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NBYIZMN0\Advert.Advantage.Reloader[1].js
[2011.11.21 08:38:32 | 000,001,416 | ---- | M] () -- \Users\PC14\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YH2347BG\loader[1].js
[2011.04.27 11:02:45 | 000,001,047 | ---- | M] () -- \Users\PC14\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3MU2YTX1\logoloader[1].js
[2011.04.27 11:02:45 | 000,002,004 | ---- | M] () -- \Users\PC14\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FRFLL4WI\loader[1].js
[2011.12.05 13:54:21 | 000,010,913 | ---- | M] () -- \Users\PC14\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\Z867L7EU\Loader[1].swf
[2012.01.19 12:20:52 | 000,000,060 | ---- | M] () -- \Users\PC14\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9GZEBNC6\1000her.cz\loading\load.swf\MiniclipLoaderAd.sol
[2012.01.19 10:02:27 | 000,339,609 | ---- | M] () -- \Users\PC14\Downloads\Downloader_Metin2_cz.exe
[2010.09.10 09:40:55 | 000,001,787 | ---- | M] () -- \Windows.old\Documents and Settings\datasoft\Local Settings\Temporary Internet Files\Content.IE5\49MFG1AZ\CSSLoader[1].css
[2010.09.10 09:41:00 | 000,000,818 | ---- | M] () -- \Windows.old\Documents and Settings\datasoft\Local Settings\Temporary Internet Files\Content.IE5\89U70D2B\CSSLoader[1].css
[2010.09.10 09:41:05 | 000,003,697 | ---- | M] () -- \Windows.old\Documents and Settings\datasoft\Local Settings\Temporary Internet Files\Content.IE5\89U70D2B\CSSLoader[2].css
[2010.09.10 09:40:55 | 000,000,775 | ---- | M] () -- \Windows.old\Documents and Settings\datasoft\Local Settings\Temporary Internet Files\Content.IE5\SHMF0X6R\CSSLoader[1].css
[2010.09.10 09:40:57 | 000,000,775 | ---- | M] () -- \Windows.old\Documents and Settings\datasoft\Local Settings\Temporary Internet Files\Content.IE5\SHMF0X6R\CSSLoader[2].css
[2010.09.10 09:41:04 | 000,000,410 | ---- | M] () -- \Windows.old\Documents and Settings\datasoft\Local Settings\Temporary Internet Files\Content.IE5\WTIVCXQB\CSSLoader[1].css
[2010.09.07 09:31:41 | 000,000,060 | ---- | M] () -- \Windows.old\Documents and Settings\PC 14\Data aplikací\Macromedia\Flash Player\#SharedObjects\F75H89TA\1000her.cz\loading\load.swf\MiniclipLoaderAd.sol
[2010.03.16 12:49:41 | 000,000,054 | ---- | M] () -- \Windows.old\Documents and Settings\PC 14\Data aplikací\Macromedia\Flash Player\#SharedObjects\F75H89TA\media.mtvnservices.com\player\loader\loaderLogging.sol
[2010.06.02 08:28:27 | 000,000,060 | ---- | M] () -- \Windows.old\Documents and Settings\PC 14\Data aplikací\Macromedia\Flash Player\#SharedObjects\F75H89TA\miniclip.com\games\bush-shoot-out\en\bushshootout_game.swf\MiniclipLoaderAd.sol
[2009.02.03 08:52:53 | 000,000,060 | ---- | M] () -- \Windows.old\Documents and Settings\PC 14\Data aplikací\Macromedia\Flash Player\onlinovky.cz\games\hostile-skies.swf\MiniclipLoaderAd.sol
[2009.01.22 08:24:28 | 000,000,060 | ---- | M] () -- \Windows.old\Documents and Settings\PC 14\Data aplikací\Macromedia\Flash Player\superhry.cz\HSO_40e1f9z\heliattack.swf\MiniclipLoaderAd.sol
[2011.01.24 11:31:03 | 000,003,574 | ---- | M] () -- \Windows.old\Documents and Settings\PC 14\Local Settings\Temporary Internet Files\Content.IE5\3VX0Y3Y9\preloader[1].gif
[2010.05.14 08:16:46 | 000,003,574 | ---- | M] () -- \Windows.old\Documents and Settings\PC 14\Local Settings\Temporary Internet Files\Content.IE5\9QCPZ0VR\preloader[1].gif
[2010.06.10 13:58:39 | 000,000,000 | ---- | M] () -- \Windows.old\Documents and Settings\PC 14\Local Settings\Temporary Internet Files\Content.IE5\A7Z9U0IQ\swfloader[1].swf
[2011.01.25 11:14:54 | 000,003,208 | ---- | M] () -- \Windows.old\Documents and Settings\PC 14\Local Settings\Temporary Internet Files\Content.IE5\B1OT8UIG\loader[1].gif
[2010.12.21 14:15:14 | 000,014,426 | ---- | M] () -- \Windows.old\Documents and Settings\PC 14\Local Settings\Temporary Internet Files\Content.IE5\G28TFVX7\23082010_aloader[1].jpg
[2010.10.15 12:47:01 | 000,000,002 | ---- | M] () -- \Windows.old\Documents and Settings\PC 14\Local Settings\Temporary Internet Files\Content.IE5\H02QP0RA\Special_BannerListLoader[1]
[2010.11.04 14:58:40 | 000,000,124 | ---- | M] () -- \Windows.old\Documents and Settings\PC 14\Local Settings\Temporary Internet Files\Content.IE5\H3I8R0OT\iframes_api_loader[1].html
[2010.11.01 15:34:06 | 000,010,819 | ---- | M] () -- \Windows.old\Documents and Settings\PC 14\Local Settings\Temporary Internet Files\Content.IE5\LESOFRE6\loader-big2[1].gif
[2011.01.24 09:16:16 | 000,026,968 | ---- | M] () -- \Windows.old\Documents and Settings\PC 14\Local Settings\Temporary Internet Files\Content.IE5\LESOFRE6\PID_1518717_milka_yt_masthead_Loader[1].swf
[2010.05.31 11:11:53 | 000,003,720 | ---- | M] () -- \Windows.old\Documents and Settings\PC 14\Local Settings\Temporary Internet Files\Content.IE5\VELRVXGQ\ajax-loader[1].gif
[2011.01.18 14:27:32 | 000,000,673 | ---- | M] () -- \Windows.old\Documents and Settings\PC 14\Local Settings\Temporary Internet Files\Content.IE5\VSM0Y66Z\loader[1].gif
[2011.01.18 11:25:58 | 000,032,531 | ---- | M] () -- \Windows.old\Documents and Settings\PC 14\Local Settings\Temporary Internet Files\Content.IE5\VSM0Y66Z\preloader[1].swf
[2002.09.23 14:00:00 | 000,031,744 | ---- | M] () -- \Windows.old\Windows\$NtServicePackUninstall$\dmloader.dll
[2008.04.14 08:51:40 | 000,035,840 | ---- | M] () -- \Windows.old\Windows\ServicePackFiles\i386\dmloader.dll
[2008.04.14 00:01:48 | 000,230,912 | ---- | M] () -- \Windows.old\Windows\ServicePackFiles\i386\osloader.exe
[2008.04.14 00:01:50 | 000,278,528 | ---- | M] () -- \Windows.old\Windows\ServicePackFiles\i386\osloader.ntd
[2008.04.14 08:51:40 | 000,035,840 | ---- | M] () -- \Windows.old\Windows\system32\dmloader.dll
[1 \Windows.old\Windows\system32\*.tmp files -> \Windows.old\Windows\system32\*.tmp -> ]
[2010.03.24 21:12:34 | 000,018,264 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109210000000000000000F01FEC\14.0.4763\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951
[2010.03.24 21:12:34 | 000,249,680 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109210000000000000000F01FEC\14.0.4763\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951
[2011.07.16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.07.14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009.07.14 10:37:01 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 10:37:01 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winload.exe.mui_3bc5b827
[2009.07.14 10:37:01 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winresume.exe.mui_ff8b5358
[2011.09.02 11:04:07 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2011.09.02 11:04:07 | 000,508,904 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winload.exe_75835076
[2011.09.02 11:04:07 | 000,442,720 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winresume.exe_85cd1215
[2009.07.14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009.07.14 10:35:47 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 03:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.08.19 09:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009.08.19 09:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2010.11.20 05:02:40 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2009.07.14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:19:58 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll

< End of report >

Tady je Extras

OTL Extras logfile created on: 19.4.2012 8:03:17 - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\PC14\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,49 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 53,01% Memory free
2,98 Gb Paging File | 2,21 Gb Available in Paging File | 74,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 115,04 Gb Free Space | 77,19% Space Free | Partition Type: NTFS
Drive D: | 2,11 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 1,87 Gb Total Space | 1,34 Gb Free Space | 71,77% Space Free | Partition Type: FAT

Computer Name: PC14 | User Name: datasoft | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{172A56D1-67C5-4D56-A9AA-A6B4A03573D8}" = Messages 3
"{1E895E60-0AC5-11DD-97E2-000A94026593}" = Vision7
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E66465-053A-45D6-81ED-3B7F7D76300B}" = Messages 2
"{4D3CE45B-F511-48D3-94B7-F734C50BED81}" = Messages4
"{56C081B6-5FB8-407F-AB4C-41D243BCEE26}" = NIQES - testování
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2010
"{90140000-0016-0405-0000-0000000FF1CE}_Office14.STANDARD_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2010
"{90140000-0018-0405-0000-0000000FF1CE}_Office14.STANDARD_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2010
"{90140000-0019-0405-0000-0000000FF1CE}_Office14.STANDARD_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2010
"{90140000-001A-0405-0000-0000000FF1CE}_Office14.STANDARD_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2010
"{90140000-001B-0405-0000-0000000FF1CE}_Office14.STANDARD_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0405-0000-0000000FF1CE}_Office14.STANDARD_{2304F942-79D2-46F7-A512-269A7F5B7EFC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARD_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-001F-041B-0000-0000000FF1CE}_Office14.STANDARD_{A162C5E6-7778-4D5B-9F0A-38F0122DD859}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2010
"{90140000-002C-0405-0000-0000000FF1CE}_Office14.STANDARD_{8148DB19-71B1-4415-8B26-DF5B9E873FC3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2010
"{90140000-006E-0405-0000-0000000FF1CE}_Office14.STANDARD_{EEF3E2C0-135B-44DC-BEDD-7F01CFBEFF46}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2010
"{90140000-00A1-0405-0000-0000000FF1CE}_Office14.STANDARD_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{996E2196-AAAE-457D-814C-5A0375AADF2C}" = Messages 1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{FEB2D0CA-9912-4AA1-8FBE-CFD852F9F1FC}" = Panda Cloud Antivirus
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Anglictina do ucha sit" = Angličtina do ucha síť
"Atf" = All Ten Fingers
"Foxit Reader" = Foxit Reader
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Office14.STANDARD" = Microsoft Office Standard 2010
"Panda Cloud Antivirus" = Panda Cloud Antivirus
"Panda Security URL Filtering" = Panda Security URL Filtering
"pandasecuritytb" = Panda Security Toolbar
"ST6UNST #1" = Didakta - Dějepis
"ST6UNST #2" = Didakta - Fyzika
"ST6UNST #3" = Didakta - Zeměpis
"Toolbar Cleaner" = Toolbar Cleaner 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3485430762-3757679750-2235622661-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5.12.2011 9:19:08 | Computer Name = PC14 | Source = Application Hang | ID = 1002
Description = Program WINWORD.EXE verze 14.0.6024.1000 přestal spolupracovat se
systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací
o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID
procesu: cdc Čas spuštění: 01ccb350562e0447 Čas ukončení: 172 Cesta k aplikaci: C:\Program
Files\Microsoft Office\Office14\WINWORD.EXE ID hlášení: ad81cd83-1f43-11e1-8b2c-00142a41f0a9

Error - 19.1.2012 4:12:44 | Computer Name = PC14 | Source = VSS | ID = 8194
Description =

Error - 20.2.2012 7:35:51 | Computer Name = PC14 | Source = Application Error | ID = 1000
Description = Název chybující aplikace: wmplayer.exe, verze: 12.0.7601.17514, časové
razítko: 0x4ce7a485 Název chybujícího modulu: wmp.dll, verze: 12.0.7601.17514, časové
razítko: 0x4ce7ba7f Kód výjimky: 0xc0000005 Posun chyby: 0x001dc254 ID chybujícího
procesu: 0x3c0 Čas spuštění chybující aplikace: 0x01ccefc3c94c33bf Cesta k chybující
aplikaci: C:\Program Files\Windows Media Player\wmplayer.exe Cesta k chybujícímu
modulu: C:\Windows\system32\wmp.dll ID zprávy: 0a25e7a1-5bb7-11e1-b192-00142a41f0a9

Error - 21.3.2012 7:18:05 | Computer Name = PC14 | Source = Application Error | ID = 1000
Description = Název chybující aplikace: iexplore.exe, verze: 9.0.8112.16421, časové
razítko: 0x4d76255d Název chybujícího modulu: Flash10o.ocx, verze: 10.2.153.1, časové
razítko: 0x4d79ae94 Kód výjimky: 0xc0000005 Posun chyby: 0x00103b2c ID chybujícího
procesu: 0x850 Čas spuštění chybující aplikace: 0x01cd0750f279f28e Cesta k chybující
aplikaci: C:\Program Files\Internet Explorer\iexplore.exe Cesta k chybujícímu modulu:
C:\Windows\system32\Macromed\Flash\Flash10o.ocx ID zprávy: 87552975-7347-11e1-b2f7-00142a41f0a9

Error - 29.3.2012 5:49:29 | Computer Name = PC14 | Source = Application Hang | ID = 1002
Description = Program ehshell.exe verze 6.1.7600.16385 přestal spolupracovat se
systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací
o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID
procesu: 9b0 Čas spuštění: 01cd0d9103fe5612 Čas ukončení: 0 Cesta k aplikaci: C:\Windows\eHome\ehshell.exe

ID
hlášení:

Error - 2.4.2012 1:37:34 | Computer Name = PC14 | Source = Windows Search Service | ID = 3084
Description =

Error - 18.4.2012 2:35:21 | Computer Name = PC14 | Source = Application Hang | ID = 1002
Description = Program RSIT.exe verze 3.3.6.1 přestal spolupracovat se systémem Windows
a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému,
vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu: 614 Čas
spuštění: 01cd1d2cad815234 Čas ukončení: 0 Cesta k aplikaci: E:\RSIT.exe ID hlášení:

Error - 18.4.2012 3:05:55 | Computer Name = PC14 | Source = System Restore | ID = 8210
Description =

Error - 18.4.2012 3:07:01 | Computer Name = PC14 | Source = Application Error | ID = 1000
Description = Název chybující aplikace: iexplore.exe, verze: 0.0.0.0, časové razítko:
0x4d334d98 Název chybujícího modulu: iexplore.exe, verze: 0.0.0.0, časové razítko:
0x4d334d98 Kód výjimky: 0x40000015 Posun chyby: 0x0008cb40 ID chybujícího procesu:
0x414 Čas spuštění chybující aplikace: 0x01cd1d31d866654f Cesta k chybující aplikaci:
C:\Users\datasoft\AppData\Local\Temp\RarSFX1\procs\iexplore.exe Cesta k chybujícímu
modulu: C:\Users\datasoft\AppData\Local\Temp\RarSFX1\procs\iexplore.exe ID zprávy:
180077ef-8925-11e1-aba5-00142a41f0a9

Error - 18.4.2012 3:07:02 | Computer Name = PC14 | Source = Application Error | ID = 1000
Description = Název chybující aplikace: iexplore.exe, verze: 0.0.0.0, časové razítko:
0x4d334d98 Název chybujícího modulu: iexplore.exe, verze: 0.0.0.0, časové razítko:
0x4d334d98 Kód výjimky: 0x40000015 Posun chyby: 0x0008cb40 ID chybujícího procesu:
0xdf4 Čas spuštění chybující aplikace: 0x01cd1d31d997924f Cesta k chybující aplikaci:
C:\Users\datasoft\AppData\Local\Temp\RarSFX1\procs\iexplore.exe Cesta k chybujícímu
modulu: C:\Users\datasoft\AppData\Local\Temp\RarSFX1\procs\iexplore.exe ID zprávy:
18623859-8925-11e1-aba5-00142a41f0a9

[ Media Center Events ]
Error - 17.4.2012 2:04:30 | Computer Name = PC14 | Source = MCUpdate | ID = 0
Description = 8:04:30 - Chyba při připojování k Internetu 8:04:30 - Nelze kontaktovat
server..

Error - 17.4.2012 2:04:39 | Computer Name = PC14 | Source = MCUpdate | ID = 0
Description = 8:04:35 - Chyba při připojování k Internetu 8:04:35 - Nelze kontaktovat
server..

Error - 17.4.2012 3:06:44 | Computer Name = PC14 | Source = MCUpdate | ID = 0
Description = 9:06:34 - Chyba při připojování k Internetu 9:06:42 - Nelze kontaktovat
server..

Error - 17.4.2012 3:07:59 | Computer Name = PC14 | Source = MCUpdate | ID = 0
Description = 9:06:56 - Chyba při připojování k Internetu 9:06:57 - Nelze kontaktovat
server..

Error - 17.4.2012 7:00:30 | Computer Name = PC14 | Source = MCUpdate | ID = 0
Description = 13:00:24 - Chyba při připojování k Internetu 13:00:29 - Nelze kontaktovat
server..

Error - 17.4.2012 7:03:03 | Computer Name = PC14 | Source = MCUpdate | ID = 0
Description = 13:00:41 - Chyba při připojování k Internetu 13:00:42 - Nelze kontaktovat
server..

Error - 17.4.2012 9:09:37 | Computer Name = PC14 | Source = MCUpdate | ID = 0
Description = 15:09:30 - Chyba při připojování k Internetu 15:09:36 - Nelze kontaktovat
server..

Error - 17.4.2012 9:13:04 | Computer Name = PC14 | Source = MCUpdate | ID = 0
Description = 15:09:46 - Chyba při připojování k Internetu 15:09:46 - Nelze kontaktovat
server..

Error - 19.4.2012 0:50:49 | Computer Name = PC14 | Source = MCUpdate | ID = 0
Description = 6:50:48 - Chyba při připojování k Internetu 6:50:49 - Nelze kontaktovat
server..

Error - 19.4.2012 0:51:08 | Computer Name = PC14 | Source = MCUpdate | ID = 0
Description = 6:50:56 - Chyba při připojování k Internetu 6:50:56 - Nelze kontaktovat
server..

[ System Events ]
Error - 17.1.2012 12:07:43 | Computer Name = PC14 | Source = Service Control Manager | ID = 7038
Description = Služba WdiServiceHost se nemohla přihlásit jako NT AUTHORITY\LocalService
s aktuálně konfigurovaným heslem z důvodu následující chyby: %%50 Chcete-li zajistit
správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management
Console (MMC).

Error - 17.1.2012 12:07:43 | Computer Name = PC14 | Source = Service Control Manager | ID = 7000
Description = Služba Hostitel diagnostické služby neuspěla při spuštění v důsledku
následující chyby: %%1069

Error - 17.1.2012 12:07:43 | Computer Name = PC14 | Source = Service Control Manager | ID = 7000
Description = Služba Služba Výčet přenosných zařízení neuspěla při spuštění v důsledku
následující chyby: %%1115

Error - 19.1.2012 3:49:53 | Computer Name = PC14 | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 19.1.2012 7:04:57 | Computer Name = PC14 | Source = BROWSER | ID = 8032
Description =

Error - 20.1.2012 11:55:11 | Computer Name = PC14 | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby lmhosts bylo dosaženo časového
limitu (30000 ms).

Error - 20.1.2012 11:55:11 | Computer Name = PC14 | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby Netman bylo dosaženo časového
limitu (30000 ms).

Error - 23.1.2012 2:35:23 | Computer Name = PC14 | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 25.1.2012 4:59:56 | Computer Name = PC14 | Source = BROWSER | ID = 8032
Description =

Error - 1.2.2012 7:30:57 | Computer Name = PC14 | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby lmhosts bylo dosaženo časového
limitu (30000 ms).

< End of report >

Stahnete tohle http://www.sevenforums.com/attachments/ ... folder.reg a nechte naimportovat

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3485430762-3757679750-2235622661-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3485430762-3757679750-2235622661-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3485430762-3757679750-2235622661-1001\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-3485430762-3757679750-2235622661-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3485430762-3757679750-2235622661-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo.com/search?fr=chr-panda&q={searchTerms}&ei=UTF-8&type=PCAFSI1190
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[12 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\dc5785e9c8b3c9af476ade166b57dd6e\*.tmp files -> C:\Windows\SoftwareDistribution\Download\dc5785e9c8b3c9af476ade166b57dd6e\*.tmp -> ]

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Napiste co PC

Zdravím, ten Default_Folder.reg nejde naimportovat, píše to Do registru se nepodařilo úspěšně zadat všechna data. Některé klíče jsou otevřeny systémem nebo jinými procesy.

Mám to zkusit v režimu nouze ?

Ano, zkuste to v nouzaku, pripadne to pak vezmem nasilne pres skript

A udelejte pak i to OTL

DObrý den, dříve jsem se ke kompu nedostal. Ten reg jsem spustil poté to OTL. Tady je ten log co mi vyjel ještě v pátek.
PC zatím pořád stejný, tzn problém přetrvává.

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\S-1-5-21-3485430762-3757679750-2235622661-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3485430762-3757679750-2235622661-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\S-1-5-21-3485430762-3757679750-2235622661-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3485430762-3757679750-2235622661-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3485430762-3757679750-2235622661-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP13D3.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1423.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP403B.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP496.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5BED.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5C95.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E64.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8545.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAB9E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPBF20.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEA64.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEB7B.tmp folder deleted successfully.
C:\Windows\Installer\MSI715E.tmp deleted successfully.
C:\Windows\Installer\MSI7BED.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\dc5785e9c8b3c9af476ade166b57dd6e\BIT346B.tmp deleted successfully.
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: datasoft
->Temp folder emptied: 51043271 bytes
->Temporary Internet Files folder emptied: 70895329 bytes
->Flash cache emptied: 620 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: PC14
->Temp folder emptied: 143408762 bytes
->Temporary Internet Files folder emptied: 256456712 bytes
->Flash cache emptied: 59113 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 119735100 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 6843 bytes

Total Files Cleaned = 612,00 mb

[EMPTYFLASH]

User: All Users

User: datasoft
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: PC14
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.40.0 log created on 04202012_082417

VIRY.CZ

Zřejmě vir - Windows media center

Zřejmě vir - Windows media center

Re: Zřejmě vir - Windows media center

Re: Zřejmě vir - Windows media center

Re: Zřejmě vir - Windows media center

Re: Zřejmě vir - Windows media center

Re: Zřejmě vir - Windows media center

Re: Zřejmě vir - Windows media center

Re: Zřejmě vir - Windows media center

Re: Zřejmě vir - Windows media center

Re: Zřejmě vir - Windows media center

Re: Zřejmě vir - Windows media center

Re: Zřejmě vir - Windows media center

Re: Zřejmě vir - Windows media center

Re: Zřejmě vir - Windows media center

Re: Zřejmě vir - Windows media center