virus napadol svchost.com

[Skaler.x.]

Zdravim, nedavno som tu riesil problem a ja blbec som tu znova.Na novej instalacke winu som spustil pri instalovani softu nieco co som nemal...AV mi sice hlasil vir, ale povazoval som to za falosnu detekciu.Po spusteni mi zmazalo asociaciu s .exe, aj AV sa choval divne.Pouzil som na vlastnu past combofix, ktory mi sice pomohol, ale virus sa vzdy po niakom case vrati.

Rsit po combofixe:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Jozifek at 2013-01-10 16:13:48
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 136 GB (89%) free of 153 GB
Total RAM: 1527 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:13:53, on 10. 1. 2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\explorer.exe
D:\Download\RSIT.exe
C:\DOCUME~1\Jozifek\LOCALS~1\Temp\3582-490\RSIT.exe
C:\WINDOWS\svchost.com
C:\PROGRA~1\TRENDM~1\Jozifek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\PROGRA~1\DAEMON~1\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 5025 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "about:home"
prefs.js - "extensions.enabledItems" - "{4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2, {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6, {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10, FasterFox_Lite@BigRedBrent:3.9.9Lite, artur.dubovoy@gmail.com:3.8.2, {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"
prefs.js - "keyword.URL" - "true"

"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.146 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38]
"Description"=
"Path"=C:\WINDOWS\system32\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsILegitCheckPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npLegitCheckPlugin.dll
NPOFF12.DLL
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
vyhladavanie.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\extensions\
artur.dubovoy@gmail.com
FasterFox_Lite@BigRedBrent
{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

C:\Documents and Settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\searchplugins\
google-slovensko---slovensko.xml
google-slovensko.xml
hadaj-video.xml
hellspy.xml
sfd.xml
stahujcz.xml
vyhledvn-vide-ve-slub-youtube.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12 194432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2013-01-02 329712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2013-01-02 59376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2013-01-02 79856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-02-07 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-02-07 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-02-07 118784]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-07-21 86016]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2006-05-04 2808832]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2012-11-30 1263512]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-09-17 254896]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2012-12-10 2254768]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2012-11-08 6756048]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\PROGRA~1\DAEMON~1\DTLite.exe [2012-11-06 3673728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-02-07 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-08-08 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\EA GAMES\Need for Speed Underground 2\speed2.exe"="C:\Program Files\EA GAMES\Need for Speed Underground 2\speed2.exe:*:Enabled:speed2"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\ioQuake3&TA\ioquake3.x86-TA.exe"="C:\Program Files\ioQuake3&TA\ioquake3.x86-TA.exe:*:Enabled:ioquake3.x86-TA"
"C:\Program Files\ioQuake3&TA\ioquake3.x86.exe"="C:\Program Files\ioQuake3&TA\ioquake3.x86.exe:*:Enabled:ioquake3.x86"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=l3codeca.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.l3codecp"=l3codecp.acm
"MSVideo8"=VfWWDM32.dll

======File associations======

.exe - open - C:\WINDOWS\svchost.com "%1" %*

======List of files/folders created in the last 1 month======

2013-01-10 16:13:51 ----A---- C:\WINDOWS\directx.sys
2013-01-10 16:13:43 ----A---- C:\WINDOWS\svchost.com
2013-01-10 16:13:32 ----D---- C:\WINDOWS\temp
2013-01-10 16:13:30 ----A---- C:\ComboFix.txt
2013-01-09 02:35:51 ----D---- C:\WINDOWS\pss
2013-01-09 01:55:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2757638$
2013-01-08 18:13:36 ----A---- C:\WINDOWS\system32\drivers\MSTEE.sys
2013-01-08 18:13:20 ----A---- C:\WINDOWS\system32\drivers\NdisIP.sys
2013-01-08 18:13:08 ----A---- C:\WINDOWS\system32\drivers\StreamIP.sys
2013-01-08 18:12:53 ----A---- C:\WINDOWS\system32\drivers\SLIP.sys
2013-01-08 18:12:39 ----A---- C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2013-01-08 18:12:25 ----A---- C:\WINDOWS\system32\drivers\NABTSFEC.sys
2013-01-08 18:12:13 ----A---- C:\WINDOWS\system32\drivers\CCDECODE.sys
2013-01-08 18:11:15 ----A---- C:\WINDOWS\system32\drivers\msdv.sys
2013-01-08 18:11:14 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2013-01-08 18:11:00 ----A---- C:\WINDOWS\system32\drivers\avc.sys
2013-01-08 18:10:46 ----A---- C:\WINDOWS\system32\drivers\61883.sys
2013-01-08 16:27:52 ----D---- C:\Program Files\trend micro
2013-01-08 16:27:51 ----D---- C:\rsit
2013-01-08 12:31:42 ----D---- C:\WINDOWS\Minidump
2013-01-07 20:37:02 ----A---- C:\Boot.bak
2013-01-07 20:36:59 ----RASHD---- C:\cmdcons
2013-01-07 20:23:10 ----A---- C:\WINDOWS\zip.exe
2013-01-07 20:23:10 ----A---- C:\WINDOWS\SWXCACLS.exe
2013-01-07 20:23:10 ----A---- C:\WINDOWS\SWSC.exe
2013-01-07 20:23:10 ----A---- C:\WINDOWS\SWREG.exe
2013-01-07 20:23:10 ----A---- C:\WINDOWS\sed.exe
2013-01-07 20:23:10 ----A---- C:\WINDOWS\PEV.exe
2013-01-07 20:23:10 ----A---- C:\WINDOWS\NIRCMD.exe
2013-01-07 20:23:10 ----A---- C:\WINDOWS\MBR.exe
2013-01-07 20:23:10 ----A---- C:\WINDOWS\grep.exe
2013-01-07 20:14:58 ----D---- C:\WINDOWS\ERDNT
2013-01-07 20:14:31 ----D---- C:\Qoobox
2013-01-06 12:45:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\Comodo Downloader
2013-01-06 12:42:17 ----HD---- C:\WINDOWS\PIF
2013-01-05 23:55:24 ----D---- C:\Program Files\Shutter
2013-01-05 20:29:25 ----A---- C:\WINDOWS\system32\cmdcsr.dll
2013-01-05 06:08:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2013-01-04 15:44:32 ----D---- C:\Documents and Settings\Jozifek\Data aplikací\COWON
2013-01-04 13:43:48 ----D---- C:\Program Files\Common Files\COWON
2013-01-04 13:43:47 ----HD---- C:\Program Files\InstallShield Installation Information
2013-01-04 13:43:47 ----D---- C:\Program Files\JetAudio
2013-01-04 12:21:31 ----D---- C:\VritualRoot
2013-01-03 19:55:14 ----A---- C:\WINDOWS\system32\drivers\sfi.dat
2013-01-03 19:52:54 ----D---- C:\Program Files\COMODO
2013-01-03 19:52:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Comodo
2013-01-03 18:59:41 ----D---- C:\Program Files\Microsoft Works
2013-01-03 18:59:32 ----D---- C:\Program Files\Microsoft Visual Studio
2013-01-03 18:59:32 ----D---- C:\Program Files\Common Files\DESIGNER
2013-01-03 18:57:47 ----D---- C:\WINDOWS\SHELLNEW
2013-01-03 18:57:27 ----D---- C:\Program Files\Microsoft Office
2013-01-03 18:57:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2013-01-03 18:57:11 ----RD---- C:\MSOCache
2013-01-02 22:40:56 ----D---- C:\NFS Underground 2
2013-01-02 21:36:59 ----D---- C:\Program Files\Common Files\DirectX
2013-01-02 21:33:34 ----D---- C:\Program Files\EA GAMES
2013-01-02 20:55:42 ----AH---- C:\WINDOWS\system32\hamachi.sys
2013-01-02 20:55:38 ----D---- C:\Program Files\LogMeIn Hamachi
2013-01-02 20:46:50 ----D---- C:\Documents and Settings\Jozifek\Data aplikací\Quake3
2013-01-02 20:36:16 ----D---- C:\Program Files\ioQuake3&TA
2013-01-02 20:01:17 ----D---- C:\Program Files\Common Files\InstallShield
2013-01-02 17:05:07 ----SHD---- C:\WINDOWS\CSC
2013-01-02 17:05:00 ----A---- C:\WINDOWS\ntbtlog.txt
2013-01-02 16:52:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2013-01-02 16:52:34 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2013-01-02 16:48:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2013-01-02 16:48:18 ----A---- C:\WINDOWS\system32\npdeployJava1.dll
2013-01-02 16:48:18 ----A---- C:\WINDOWS\system32\deployJava1.dll
2013-01-02 16:45:49 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2013-01-02 16:45:49 ----A---- C:\WINDOWS\system32\xvidcore.dll
2013-01-02 16:45:49 ----A---- C:\WINDOWS\system32\unrar.dll
2013-01-02 16:45:49 ----A---- C:\WINDOWS\system32\lagarith.dll
2013-01-02 16:45:46 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2013-01-02 16:45:43 ----D---- C:\Program Files\K-Lite Codec Pack
2013-01-02 16:40:51 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-01-02 16:40:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Mozilla
2013-01-02 16:38:39 ----ASH---- C:\pagefile.sys
2013-01-02 12:51:43 ----A---- C:\WINDOWS\system32\javaws.exe
2013-01-02 12:51:43 ----A---- C:\WINDOWS\system32\javaw.exe
2013-01-02 12:51:43 ----A---- C:\WINDOWS\system32\java.exe
2013-01-02 12:51:27 ----D---- C:\Program Files\Java
2013-01-02 12:51:27 ----D---- C:\Program Files\Common Files\Java
2013-01-02 12:51:14 ----D---- C:\Documents and Settings\Jozifek\Data aplikací\Sun
2013-01-02 12:50:02 ----D---- C:\Program Files\Common Files\Adobe
2013-01-02 12:50:02 ----D---- C:\Program Files\Adobe
2013-01-02 12:49:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2013-01-02 09:17:14 ----D---- C:\Documents and Settings\Jozifek\Data aplikací\WinRAR
2013-01-02 09:16:30 ----D---- C:\Program Files\WinRAR
2013-01-02 00:04:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2013-01-02 00:04:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2013-01-02 00:04:08 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2013-01-02 00:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2013-01-02 00:02:10 ----D---- C:\WINDOWS\ie8updates
2013-01-02 00:00:29 ----HDC---- C:\WINDOWS\ie8
2013-01-01 23:53:03 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2013-01-01 23:52:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2013-01-01 23:52:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2712808$
2013-01-01 23:52:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2013-01-01 23:52:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2013-01-01 23:52:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2659262$
2013-01-01 23:52:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2013-01-01 23:52:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2013-01-01 23:51:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2758857$
2013-01-01 23:51:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893-v2$
2013-01-01 23:51:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2013-01-01 23:51:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2646524$
2013-01-01 23:51:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2779030$
2013-01-01 23:51:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2585542$
2013-01-01 23:50:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2631813$
2013-01-01 23:50:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2013-01-01 23:50:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2691442$
2013-01-01 23:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2013-01-01 23:50:12 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2013-01-01 23:50:07 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2013-01-01 23:49:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2779562$
2013-01-01 23:49:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2013-01-01 23:49:35 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2013-01-01 23:49:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2013-01-01 23:49:17 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2013-01-01 23:49:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2013-01-01 23:48:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2655992$
2013-01-01 23:48:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2724197$
2013-01-01 23:48:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2013-01-01 23:48:28 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2013-01-01 23:48:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2013-01-01 23:48:10 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2013-01-01 23:48:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2485663$
2013-01-01 23:47:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2598479$
2013-01-01 23:47:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2013-01-01 23:47:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2736233$
2013-01-01 23:47:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2686509$
2013-01-01 23:47:17 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2013-01-01 23:47:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2013-01-01 23:47:00 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2013-01-01 23:46:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2013-01-01 23:46:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2013-01-01 23:46:39 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2013-01-01 23:46:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2510581$
2013-01-01 23:46:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2013-01-01 23:46:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2476490$
2013-01-01 23:46:03 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2013-01-01 23:45:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2013-01-01 23:45:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2013-01-01 23:45:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2013-01-01 23:45:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2013-01-01 23:45:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2624667$
2013-01-01 23:45:04 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2013-01-01 23:44:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2013-01-01 23:44:46 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2013-01-01 23:44:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2719985$
2013-01-01 23:44:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2013-01-01 23:44:18 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2013-01-01 23:44:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
2013-01-01 23:44:01 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2013-01-01 23:43:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2753842-v2$
2013-01-01 23:43:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2013-01-01 23:43:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2770660$
2013-01-01 23:43:24 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2013-01-01 23:43:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2535512$
2013-01-01 23:42:55 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2013-01-01 23:42:47 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2013-01-01 23:42:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2570947$
2013-01-01 23:42:20 ----D---- C:\WINDOWS\ie7updates
2013-01-01 23:42:08 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2013-01-01 23:42:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2013-01-01 23:41:51 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2013-01-01 23:41:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2603381$
2013-01-01 23:41:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2013-01-01 23:41:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2013-01-01 23:41:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2013-01-01 23:41:12 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2013-01-01 23:40:51 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2013-01-01 23:40:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2508429$
2013-01-01 23:40:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2653956$
2013-01-01 23:40:09 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2013-01-01 23:40:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2749655$
2013-01-01 23:39:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
2013-01-01 23:39:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2506212$
2013-01-01 23:39:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2013-01-01 23:39:25 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2013-01-01 23:39:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2698365$
2013-01-01 23:39:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2619339$
2013-01-01 23:38:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2705219-v2$
2013-01-01 23:38:46 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2013-01-01 23:38:38 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2013-01-01 23:38:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2727528$
2013-01-01 23:38:21 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2013-01-01 23:38:13 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2013-01-01 23:38:04 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2013-01-01 23:37:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2723135-v2$
2013-01-01 23:37:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2013-01-01 23:37:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2013-01-01 23:37:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2618451$
2013-01-01 23:37:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2661254-v2$
2013-01-01 23:37:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2013-01-01 23:37:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2509553$
2013-01-01 23:36:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2676562$
2013-01-01 23:36:43 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2013-01-01 23:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2013-01-01 23:36:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2013-01-01 23:36:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2013-01-01 23:36:09 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2013-01-01 23:36:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2620712$
2013-01-01 23:35:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2013-01-01 23:35:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2013-01-01 23:35:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2584146$
2013-01-01 23:34:42 ----A---- C:\WINDOWS\system32\MRT.exe
2013-01-01 23:34:35 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2013-01-01 23:34:25 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2013-01-01 23:34:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2013-01-01 23:34:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2013-01-01 22:58:20 ----A---- C:\WINDOWS\d3dx.dat
2013-01-01 22:56:04 ----A---- C:\WINDOWS\system32\drivers\dtsoftbus01.sys
2013-01-01 22:55:58 ----D---- C:\Documents and Settings\Jozifek\Data aplikací\DAEMON Tools Lite
2013-01-01 22:55:55 ----D---- C:\Program Files\DAEMON Tools Lite
2013-01-01 22:54:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2013-01-01 22:34:17 ----D---- C:\Documents and Settings\Jozifek\Data aplikací\DDMSettings
2013-01-01 22:27:27 ----N---- C:\WINDOWS\system32\drivers\bthport.sys
2013-01-01 22:12:33 ----D---- C:\Program Files\Common Files\DivX Shared
2013-01-01 22:10:29 ----D---- C:\Program Files\DivX
2013-01-01 22:09:10 ----N---- C:\WINDOWS\system32\browserchoice.exe
2013-01-01 22:07:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\DivX
2013-01-01 21:54:36 ----A---- C:\WINDOWS\system32\h323log.txt
2013-01-01 21:52:29 ----D---- C:\Documents and Settings\Jozifek\Data aplikací\Mozilla
2013-01-01 21:52:25 ----D---- C:\Program Files\Mozilla Firefox
2013-01-01 21:48:17 ----D---- C:\Documents and Settings\Jozifek\Data aplikací\Macromedia
2013-01-01 21:48:10 ----D---- C:\Documents and Settings\Jozifek\Data aplikací\Adobe
2013-01-01 21:43:14 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2013-01-01 21:43:12 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2013-01-01 21:43:11 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2013-01-01 21:43:09 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2013-01-01 21:43:07 ----A---- C:\WINDOWS\system32\drivers\DMusic.sys
2013-01-01 21:43:04 ----A---- C:\WINDOWS\system32\drivers\MSKSSRV.sys
2013-01-01 21:43:02 ----A---- C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2013-01-01 21:43:00 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2013-01-01 21:42:58 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2013-01-01 21:42:57 ----A---- C:\WINDOWS\system32\drivers\MSPQM.sys
2013-01-01 21:42:55 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2013-01-01 21:42:51 ----A---- C:\WINDOWS\system32\drivers\audstub.sys
2013-01-01 21:42:18 ----A---- C:\WINDOWS\system32\hidserv.dll
2013-01-01 21:42:08 ----D---- C:\WINDOWS\system32\ReinstallBackups
2013-01-01 21:41:18 ----D---- C:\WINDOWS\system32\RTCOM
2013-01-01 21:41:16 ----A---- C:\WINDOWS\system32\ksuser.dll
2013-01-01 21:41:16 ----A---- C:\WINDOWS\system32\drivers\portcls.sys
2013-01-01 21:41:16 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2013-01-01 21:40:40 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2013-01-01 21:40:27 ----A---- C:\WINDOWS\system32\drivers\enum1394.sys
2013-01-01 21:39:43 ----A---- C:\WINDOWS\system32\usbui.dll
2013-01-01 21:37:27 ----N---- C:\WINDOWS\system32\iacenc.dll
2013-01-01 21:37:17 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-01-01 21:35:41 ----A---- C:\WINDOWS\imsins.BAK
2013-01-01 21:35:38 ----SHD---- C:\WINDOWS\Installer
2013-01-01 21:35:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-01-01 21:35:37 ----D---- C:\Program Files\Common Files\ODBC
2013-01-01 21:35:37 ----A---- C:\WINDOWS\ODBCINST.INI
2013-01-01 21:35:33 ----D---- C:\Program Files\Common Files\SpeechEngines
2013-01-01 21:35:32 ----RD---- C:\Program Files
2013-01-01 21:35:32 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-01-01 21:35:32 ----D---- C:\Program Files\Common Files
2013-01-01 21:35:29 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2013-01-01 21:35:29 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2013-01-01 21:35:29 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2013-01-01 21:35:27 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2013-01-01 21:35:27 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2013-01-01 21:35:27 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2013-01-01 21:35:27 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2013-01-01 21:35:27 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2013-01-01 21:35:27 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2013-01-01 21:35:26 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2013-01-01 21:35:26 ----RA---- C:\WINDOWS\system32\kbdur.dll
2013-01-01 21:35:26 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2013-01-01 21:35:26 ----RA---- C:\WINDOWS\system32\kbdru.dll
2013-01-01 21:35:26 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2013-01-01 21:35:26 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2013-01-01 21:35:24 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2013-01-01 21:35:24 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2013-01-01 21:35:24 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2013-01-01 21:35:24 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2013-01-01 21:35:24 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2013-01-01 21:35:24 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2013-01-01 21:35:24 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2013-01-01 21:35:23 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2013-01-01 21:35:23 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2013-01-01 21:35:23 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2013-01-01 21:35:23 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2013-01-01 21:35:23 ----RA---- C:\WINDOWS\system32\kbdest.dll
2013-01-01 21:35:17 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2013-01-01 21:35:17 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2013-01-01 21:35:17 ----RA---- C:\WINDOWS\system32\kbdro.dll
2013-01-01 21:35:17 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2013-01-01 21:35:17 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2013-01-01 21:35:16 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2013-01-01 21:35:16 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2013-01-01 21:35:16 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2013-01-01 21:35:16 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2013-01-01 21:35:16 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2013-01-01 21:35:14 ----A---- C:\WINDOWS\system32\irclass.dll
2013-01-01 21:35:14 ----A---- C:\WINDOWS\system32\dgsetup.dll
2013-01-01 21:35:14 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2013-01-01 21:35:13 ----A---- C:\WINDOWS\system32\spxcoins.dll
2013-01-01 21:35:13 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2013-01-01 21:35:11 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2013-01-01 21:35:11 ----A---- C:\WINDOWS\TASKMAN.EXE
2013-01-01 21:35:10 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2013-01-01 21:35:10 ----A---- C:\WINDOWS\system32\batt.dll
2013-01-01 21:35:10 ----A---- C:\WINDOWS\NOTEPAD.EXE
2013-01-01 21:35:09 ----A---- C:\WINDOWS\system32\storprop.dll
2013-01-01 21:35:01 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2013-01-01 21:34:57 ----RA---- C:\WINDOWS\SET8.tmp
2013-01-01 21:34:54 ----RA---- C:\WINDOWS\SET4.tmp
2013-01-01 21:34:53 ----RA---- C:\WINDOWS\SET3.tmp
2013-01-01 21:34:47 ----D---- C:\WINDOWS\system32\CatRoot2
2013-01-01 21:34:47 ----D---- C:\WINDOWS\system32\CatRoot
2013-01-01 21:34:42 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2013-01-01 21:34:23 ----A---- C:\WINDOWS\setuplog.txt
2013-01-01 21:30:03 ----N---- C:\WINDOWS\system32\spmsg.dll
2013-01-01 21:30:03 ----D---- C:\WINDOWS\system32\PreInstall
2013-01-01 21:30:03 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2013-01-01 21:30:02 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2013-01-01 21:30:02 ----HD---- C:\WINDOWS\$hf_mig$
2013-01-01 21:26:18 ----A---- C:\WINDOWS\system32\drivers\point32.sys
2013-01-01 21:26:18 ----A---- C:\WINDOWS\system32\drivers\LUsbKbd.sys
2013-01-01 21:25:11 ----D---- C:\WINDOWS\system32\Lang
2013-01-01 21:25:06 ----A---- C:\WINDOWS\system32\igfxres.dll
2013-01-01 21:24:47 ----D---- C:\Documents and Settings\Jozifek\Data aplikací\Identities
2013-01-01 21:24:43 ----HD---- C:\Program Files\Uninstall Information
2013-01-01 21:23:48 ----A---- C:\WINDOWS\system32\drivers\RtkHDAud.sys
2013-01-01 21:23:40 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2013-01-01 21:23:40 ----A---- C:\WINDOWS\RtlUpd.exe
2013-01-01 21:23:40 ----A---- C:\WINDOWS\RTLCPL.EXE
2013-01-01 21:23:39 ----A---- C:\WINDOWS\RTHDCPL.EXE
2013-01-01 21:23:38 ----A---- C:\WINDOWS\MicCal.exe
2013-01-01 21:23:38 ----A---- C:\WINDOWS\ALCWZRD.EXE
2013-01-01 21:23:38 ----A---- C:\WINDOWS\ALCMTR.EXE
2013-01-01 21:22:32 ----A---- C:\WINDOWS\system32\drivers\e100b325.sys
2013-01-01 21:22:30 ----A---- C:\WINDOWS\system32\NicInst.dll
2013-01-01 21:22:30 ----A---- C:\WINDOWS\system32\NicCo2.dll
2013-01-01 21:22:30 ----A---- C:\WINDOWS\system32\e100bmsg.dll
2013-01-01 21:21:09 ----A---- C:\WINDOWS\system32\drivers\ialmnt5.sys
2013-01-01 21:21:06 ----A---- C:\WINDOWS\system32\igfxzoom.exe
2013-01-01 21:21:06 ----A---- C:\WINDOWS\system32\igfxtray.exe
2013-01-01 21:21:06 ----A---- C:\WINDOWS\system32\igfxsrvc.exe
2013-01-01 21:21:06 ----A---- C:\WINDOWS\system32\igfxpers.exe
2013-01-01 21:21:06 ----A---- C:\WINDOWS\system32\igfxext.exe
2013-01-01 21:21:06 ----A---- C:\WINDOWS\system32\igfxcfg.exe
2013-01-01 21:21:06 ----A---- C:\WINDOWS\system32\ialmudlg.exe
2013-01-01 21:21:06 ----A---- C:\WINDOWS\system32\hkcmd.exe
2013-01-01 21:20:42 ----A---- C:\WINDOWS\system32\iglicd32.dll
2013-01-01 21:20:42 ----A---- C:\WINDOWS\system32\igldev32.dll
2013-01-01 21:20:41 ----A---- C:\WINDOWS\system32\igfxsrvc.dll
2013-01-01 21:20:41 ----A---- C:\WINDOWS\system32\igfxress.dll
2013-01-01 21:20:41 ----A---- C:\WINDOWS\system32\igfxpph.dll
2013-01-01 21:20:41 ----A---- C:\WINDOWS\system32\igfxexps.dll
2013-01-01 21:20:41 ----A---- C:\WINDOWS\system32\igfxdo.dll
2013-01-01 21:20:41 ----A---- C:\WINDOWS\system32\igfxdev.dll
2013-01-01 21:20:40 ----A---- C:\WINDOWS\system32\ialmuTRK.dll
2013-01-01 21:20:40 ----A---- C:\WINDOWS\system32\ialmuTHA.dll
2013-01-01 21:20:40 ----A---- C:\WINDOWS\system32\ialmuSVE.dll
2013-01-01 21:20:40 ----A---- C:\WINDOWS\system32\ialmuRUS.dll
2013-01-01 21:20:40 ----A---- C:\WINDOWS\system32\ialmuPTG.dll
2013-01-01 21:20:40 ----A---- C:\WINDOWS\system32\ialmuPTB.dll
2013-01-01 21:20:40 ----A---- C:\WINDOWS\system32\ialmuPLK.dll
2013-01-01 21:20:40 ----A---- C:\WINDOWS\system32\ialmuNOR.dll
2013-01-01 21:20:40 ----A---- C:\WINDOWS\system32\ialmuNLD.dll
2013-01-01 21:20:40 ----A---- C:\WINDOWS\system32\ialmuKOR.dll
2013-01-01 21:20:40 ----A---- C:\WINDOWS\system32\ialmuJPN.dll
2013-01-01 21:20:40 ----A---- C:\WINDOWS\system32\ialmuITA.dll
2013-01-01 21:20:40 ----A---- C:\WINDOWS\system32\ialmuCHT.dll
2013-01-01 21:20:40 ----A---- C:\WINDOWS\system32\ialmuCHS.dll
2013-01-01 21:20:40 ----A---- C:\WINDOWS\system32\ialmuHUN.dll
2013-01-01 21:20:40 ----A---- C:\WINDOWS\system32\ialmuHEB.dll
2013-01-01 21:20:40 ----A---- C:\WINDOWS\system32\ialmuFRC.dll
2013-01-01 21:20:40 ----A---- C:\WINDOWS\system32\ialmuFRA.dll
2013-01-01 21:20:40 ----A---- C:\WINDOWS\system32\ialmuFIN.dll
2013-01-01 21:20:40 ----A---- C:\WINDOWS\system32\ialmuESP.dll
2013-01-01 21:20:40 ----A---- C:\WINDOWS\system32\ialmuENG.dll
2013-01-01 21:20:40 ----A---- C:\WINDOWS\system32\ialmuELL.dll
2013-01-01 21:20:40 ----A---- C:\WINDOWS\system32\ialmuDEU.dll
2013-01-01 21:20:40 ----A---- C:\WINDOWS\system32\ialmuDAN.dll
2013-01-01 21:20:40 ----A---- C:\WINDOWS\system32\ialmuCSY.dll
2013-01-01 21:20:39 ----A---- C:\WINDOWS\system32\ialmuARB.dll
2013-01-01 21:20:39 ----A---- C:\WINDOWS\system32\ialmuARA.dll
2013-01-01 21:20:39 ----A---- C:\WINDOWS\system32\ialmrnt5.dll
2013-01-01 21:20:39 ----A---- C:\WINDOWS\system32\ialmrem.dll
2013-01-01 21:20:39 ----A---- C:\WINDOWS\system32\ialmdnt5.dll
2013-01-01 21:20:39 ----A---- C:\WINDOWS\system32\ialmdev5.dll
2013-01-01 21:20:39 ----A---- C:\WINDOWS\system32\ialmdd5.dll
2013-01-01 21:20:39 ----A---- C:\WINDOWS\system32\iAlmCoIn_v4497.dll
2013-01-01 21:20:38 ----A---- C:\WINDOWS\system32\hccutils.dll
2013-01-01 21:16:50 ----D---- C:\WINDOWS\DriverPacks
2013-01-01 21:16:39 ----D---- C:\Documents and Settings
2013-01-01 21:16:38 ----SHD---- C:\System Volume Information
2013-01-01 21:16:38 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2013-01-01 21:15:46 ----RASH---- C:\boot.ini
2013-01-01 21:11:48 ----SD---- C:\WINDOWS\Downloaded Program Files
2013-01-01 21:11:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-01-01 21:11:48 ----RSD---- C:\WINDOWS\Fonts
2013-01-01 21:11:48 ----RD---- C:\WINDOWS\Web
2013-01-01 21:11:48 ----HD---- C:\WINDOWS\inf
2013-01-01 21:11:48 ----D---- C:\WINDOWS\WinSxS
2013-01-01 21:11:48 ----D---- C:\WINDOWS\WBEM
2013-01-01 21:11:48 ----D---- C:\WINDOWS\twain_32
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\wins
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\wbem
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\usmt
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\spool
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\ShellExt
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\Setup
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\ras
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\oobe
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\npp
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\mui
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\inetsrv
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\IME
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\icsxml
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\ias
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\export
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\drivers\UMDF
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\drivers\etc
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\drivers\disdn
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\drivers
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\dhcp
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\cs-cz
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\cs
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\config
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\3com_dmi
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\3076
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\2052
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\1054
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\1042
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\1041
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\1037
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\1033
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\1031
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\1029
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\1028
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32\1025
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system32
2013-01-01 21:11:48 ----D---- C:\WINDOWS\system
2013-01-01 21:11:48 ----D---- C:\WINDOWS\security
2013-01-01 21:11:48 ----D---- C:\WINDOWS\Resources
2013-01-01 21:11:48 ----D---- C:\WINDOWS\repair
2013-01-01 21:11:48 ----D---- C:\WINDOWS\Provisioning
2013-01-01 21:11:48 ----D---- C:\WINDOWS\pchealth
2013-01-01 21:11:48 ----D---- C:\WINDOWS\PeerNet
2013-01-01 21:11:48 ----D---- C:\WINDOWS\Offline Web Pages
2013-01-01 21:11:48 ----D---- C:\WINDOWS\Network Diagnostic
2013-01-01 21:11:48 ----D---- C:\WINDOWS\mui
2013-01-01 21:11:48 ----D---- C:\WINDOWS\msapps
2013-01-01 21:11:48 ----D---- C:\WINDOWS\msagent
2013-01-01 21:11:48 ----D---- C:\WINDOWS\Media
2013-01-01 21:11:48 ----D---- C:\WINDOWS\L2Schemas
2013-01-01 21:11:48 ----D---- C:\WINDOWS\java
2013-01-01 21:11:48 ----D---- C:\WINDOWS\ime
2013-01-01 21:11:48 ----D---- C:\WINDOWS\Help
2013-01-01 21:11:48 ----D---- C:\WINDOWS\ehome
2013-01-01 21:11:48 ----D---- C:\WINDOWS\Driver Cache
2013-01-01 21:11:48 ----D---- C:\WINDOWS\Debug
2013-01-01 21:11:48 ----D---- C:\WINDOWS\Cursors
2013-01-01 21:11:48 ----D---- C:\WINDOWS\Connection Wizard
2013-01-01 21:11:48 ----D---- C:\WINDOWS\Config
2013-01-01 21:11:48 ----D---- C:\WINDOWS\AppPatch
2013-01-01 21:11:48 ----D---- C:\WINDOWS\addins
2013-01-01 21:11:48 ----D---- C:\WINDOWS
2013-01-01 21:07:56 ----ASH---- C:\Documents and Settings\Jozifek\Data aplikací\desktop.ini
2013-01-01 21:07:55 ----SD---- C:\Documents and Settings\Jozifek\Data aplikací\Microsoft
2013-01-01 21:06:40 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2013-01-01 21:05:03 ----D---- C:\WINDOWS\SoftwareDistribution
2013-01-01 21:04:54 ----SD---- C:\WINDOWS\system32\Microsoft
2013-01-01 21:04:54 ----D---- C:\WINDOWS\Prefetch
2013-01-01 21:04:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-01-01 21:03:31 ----AS---- C:\WINDOWS\bootstat.dat
2013-01-01 21:01:38 ----D---- C:\WINDOWS\system32\xircom
2013-01-01 21:01:38 ----D---- C:\Program Files\xerox
2013-01-01 21:01:38 ----D---- C:\Program Files\microsoft frontpage
2013-01-01 21:01:21 ----RASH---- C:\MSDOS.SYS
2013-01-01 21:01:21 ----RASH---- C:\IO.SYS
2013-01-01 21:01:21 ----A---- C:\WINDOWS\control.ini
2013-01-01 21:01:21 ----A---- C:\CONFIG.SYS
2013-01-01 21:01:21 ----A---- C:\AUTOEXEC.BAT
2013-01-01 21:01:07 ----A---- C:\WINDOWS\OEWABLog.txt
2013-01-01 21:01:02 ----A---- C:\WINDOWS\system32\mapi32.dll
2013-01-01 20:59:56 ----HD---- C:\Program Files\WindowsUpdate
2013-01-01 20:59:52 ----D---- C:\Program Files\Online Services
2013-01-01 20:59:36 ----D---- C:\WINDOWS\system32\DirectX
2013-01-01 20:59:26 ----A---- C:\WINDOWS\system32\atrace.dll
2013-01-01 20:59:24 ----A---- C:\WINDOWS\system32\desktop.ini
2013-01-01 20:59:24 ----A---- C:\WINDOWS\desktop.ini
2013-01-01 20:59:16 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2013-01-01 20:59:15 ----A---- C:\WINDOWS\system32\acctres.dll
2013-01-01 20:59:14 ----D---- C:\Program Files\Common Files\Services
2013-01-01 20:59:11 ----SD---- C:\WINDOWS\Tasks
2013-01-01 20:59:11 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2013-01-01 20:59:10 ----D---- C:\Program Files\Common Files\MSSoap
2013-01-01 20:59:05 ----D---- C:\WINDOWS\srchasst
2013-01-01 20:59:04 ----D---- C:\WINDOWS\system32\Macromed
2013-01-01 20:59:02 ----A---- C:\WINDOWS\system32\wuweb.dll
2013-01-01 20:59:02 ----A---- C:\WINDOWS\system32\wucltui.dll
2013-01-01 20:59:02 ----A---- C:\WINDOWS\system32\wuauserv.dll
2013-01-01 20:59:02 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2013-01-01 20:59:01 ----A---- C:\WINDOWS\system32\wups.dll
2013-01-01 20:59:01 ----A---- C:\WINDOWS\system32\wuaueng.dll
2013-01-01 20:59:01 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2013-01-01 20:59:01 ----A---- C:\WINDOWS\system32\wuauclt.exe
2013-01-01 20:59:01 ----A---- C:\WINDOWS\system32\wuapi.dll
2013-01-01 20:59:01 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2013-01-01 20:59:01 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2013-01-01 20:59:01 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2013-01-01 20:59:01 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2013-01-01 20:59:00 ----A---- C:\WINDOWS\system32\qmgr.dll
2013-01-01 20:58:56 ----D---- C:\Program Files\Movie Maker
2013-01-01 20:58:36 ----A---- C:\WINDOWS\system32\safrslv.dll
2013-01-01 20:58:36 ----A---- C:\WINDOWS\system32\safrdm.dll
2013-01-01 20:58:36 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2013-01-01 20:58:36 ----A---- C:\WINDOWS\system32\racpldlg.dll
2013-01-01 20:58:31 ----D---- C:\WINDOWS\system32\Restore
2013-01-01 20:58:31 ----A---- C:\WINDOWS\system32\srrstr.dll
2013-01-01 20:58:31 ----A---- C:\WINDOWS\system32\fltMc.exe
2013-01-01 20:58:31 ----A---- C:\WINDOWS\system32\fltlib.dll
2013-01-01 20:58:31 ----A---- C:\WINDOWS\system32\drivers\fltMgr.sys
2013-01-01 20:58:30 ----A---- C:\WINDOWS\system32\srsvc.dll
2013-01-01 20:58:30 ----A---- C:\WINDOWS\system32\srclient.dll
2013-01-01 20:58:30 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2013-01-01 20:58:30 ----A---- C:\WINDOWS\system32\ils.dll
2013-01-01 20:58:30 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2013-01-01 20:58:29 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2013-01-01 20:58:29 ----A---- C:\WINDOWS\system32\msconf.dll
2013-01-01 20:58:29 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2013-01-01 20:58:29 ----A---- C:\WINDOWS\system32\mnmdd.dll
2013-01-01 20:58:26 ----D---- C:\Program Files\NetMeeting
2013-01-01 20:58:26 ----A---- C:\WINDOWS\system32\msoert2.dll
2013-01-01 20:58:26 ----A---- C:\WINDOWS\system32\msoeacct.dll
2013-01-01 20:58:24 ----A---- C:\WINDOWS\system32\inetres.dll
2013-01-01 20:58:24 ----A---- C:\WINDOWS\system32\inetcomm.dll
2013-01-01 20:58:22 ----D---- C:\Program Files\Outlook Express
2013-01-01 20:58:21 ----A---- C:\WINDOWS\system32\schedsvc.dll
2013-01-01 20:58:21 ----A---- C:\WINDOWS\system32\mstinit.exe
2013-01-01 20:58:21 ----A---- C:\WINDOWS\system32\mstask.dll
2013-01-01 20:58:21 ----A---- C:\WINDOWS\system32\isign32.dll
2013-01-01 20:58:21 ----A---- C:\WINDOWS\system32\icwphbk.dll
2013-01-01 20:58:21 ----A---- C:\WINDOWS\system32\icwdial.dll
2013-01-01 20:58:20 ----A---- C:\WINDOWS\system32\inetcfg.dll
2013-01-01 20:58:14 ----D---- C:\Program Files\Common Files\System
2013-01-01 20:58:13 ----D---- C:\Program Files\Internet Explorer
2013-01-01 20:57:41 ----A---- C:\WINDOWS\system32\emptyregdb.dat
2013-01-01 20:57:33 ----D---- C:\Program Files\ComPlus Applications
2013-01-01 20:57:31 ----A---- C:\WINDOWS\vbaddin.ini
2013-01-01 20:57:31 ----A---- C:\WINDOWS\vb.ini
2013-01-01 20:57:26 ----D---- C:\WINDOWS\Registration
2013-01-01 20:57:04 ----D---- C:\Program Files\Windows Media Connect 2
2013-01-01 20:57:03 ----D---- C:\Program Files\Windows Media Player
2013-01-01 20:57:01 ----D---- C:\Program Files\Messenger
2013-01-01 20:56:58 ----D---- C:\Program Files\MSN Gaming Zone
2013-01-01 20:56:58 ----A---- C:\WINDOWS\system32\write.exe
2013-01-01 20:56:48 ----A---- C:\WINDOWS\system32\sndvol32.exe
2013-01-01 20:56:48 ----A---- C:\WINDOWS\system32\hticons.dll
2013-01-01 20:56:47 ----A---- C:\WINDOWS\system32\winchat.exe
2013-01-01 20:56:47 ----A---- C:\WINDOWS\system32\avwav.dll
2013-01-01 20:56:47 ----A---- C:\WINDOWS\system32\avtapi.dll
2013-01-01 20:56:47 ----A---- C:\WINDOWS\system32\avmeter.dll
2013-01-01 20:56:39 ----A---- C:\WINDOWS\system32\charmap.exe
2013-01-01 20:56:39 ----A---- C:\WINDOWS\system32\getuname.dll
2013-01-01 20:56:39 ----A---- C:\WINDOWS\system32\calc.exe
2013-01-01 20:56:38 ----A---- C:\WINDOWS\system32\winmine.exe
2013-01-01 20:56:38 ----A---- C:\WINDOWS\system32\sol.exe
2013-01-01 20:56:38 ----A---- C:\WINDOWS\system32\mshearts.exe
2013-01-01 20:56:38 ----A---- C:\WINDOWS\system32\freecell.exe
2013-01-01 20:56:37 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2013-01-01 20:56:37 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2013-01-01 20:56:37 ----A---- C:\WINDOWS\system32\tslabels.ini
2013-01-01 20:56:37 ----A---- C:\WINDOWS\system32\tskill.exe
2013-01-01 20:56:37 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2013-01-01 20:56:37 ----A---- C:\WINDOWS\system32\tscon.exe
2013-01-01 20:56:37 ----A---- C:\WINDOWS\system32\shadow.exe
2013-01-01 20:56:37 ----A---- C:\WINDOWS\system32\rwinsta.exe
2013-01-01 20:56:37 ----A---- C:\WINDOWS\system32\reset.exe
2013-01-01 20:56:37 ----A---- C:\WINDOWS\system32\regini.exe
2013-01-01 20:56:36 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2013-01-01 20:56:36 ----A---- C:\WINDOWS\system32\qwinsta.exe
2013-01-01 20:56:36 ----A---- C:\WINDOWS\system32\qappsrv.exe
2013-01-01 20:56:36 ----A---- C:\WINDOWS\system32\msg.exe
2013-01-01 20:56:36 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2013-01-01 20:56:36 ----A---- C:\WINDOWS\system32\logoff.exe
2013-01-01 20:56:36 ----A---- C:\WINDOWS\system32\cdmodem.dll
2013-01-01 20:56:30 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2013-01-01 20:56:29 ----A---- C:\WINDOWS\system32\accwiz.exe
2013-01-01 20:56:28 ----D---- C:\Program Files\Windows NT
2013-01-01 20:56:28 ----A---- C:\WINDOWS\system32\sndrec32.exe
2013-01-01 20:56:28 ----A---- C:\WINDOWS\system32\mplay32.exe
2013-01-01 20:56:28 ----A---- C:\WINDOWS\system32\hypertrm.dll
2013-01-01 20:56:27 ----A---- C:\WINDOWS\system32\spider.exe
2013-01-01 20:56:27 ----A---- C:\WINDOWS\system32\mspaint.exe
2013-01-01 20:56:27 ----A---- C:\WINDOWS\system32\clipbrd.exe
2013-01-01 20:56:26 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2013-01-01 20:56:26 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2013-01-01 20:56:26 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2013-01-01 20:56:26 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2013-01-01 20:56:25 ----A---- C:\WINDOWS\system32\tsgqec.dll
2013-01-01 20:56:25 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2013-01-01 20:56:25 ----A---- C:\WINDOWS\system32\aaclient.dll
2013-01-01 20:56:24 ----A---- C:\WINDOWS\system32\remotepg.dll
2013-01-01 20:56:24 ----A---- C:\WINDOWS\system32\rdshost.exe
2013-01-01 20:56:24 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2013-01-01 20:56:24 ----A---- C:\WINDOWS\system32\mstscax.dll
2013-01-01 20:56:24 ----A---- C:\WINDOWS\system32\mstsc.exe
2013-01-01 20:56:23 ----A---- C:\WINDOWS\system32\termsrv.dll
2013-01-01 20:56:23 ----A---- C:\WINDOWS\system32\sessmgr.exe
2013-01-01 20:56:23 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2013-01-01 20:56:23 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2013-01-01 20:56:23 ----A---- C:\WINDOWS\system32\rdpclip.exe
2013-01-01 20:56:23 ----A---- C:\WINDOWS\system32\rdchost.dll
2013-01-01 20:56:23 ----A---- C:\WINDOWS\system32\qprocess.exe
2013-01-01 20:56:23 ----A---- C:\WINDOWS\system32\icaapi.dll
2013-01-01 20:56:22 ----D---- C:\WINDOWS\system32\MsDtc
2013-01-01 20:56:22 ----A---- C:\WINDOWS\system32\mtxoci.dll
2013-01-01 20:56:22 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2013-01-01 20:56:22 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2013-01-01 20:56:22 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2013-01-01 20:56:21 ----A---- C:\WINDOWS\system32\xolehlp.dll
2013-01-01 20:56:21 ----A---- C:\WINDOWS\system32\msdtctm.dll
2013-01-01 20:56:21 ----A---- C:\WINDOWS\system32\msdtclog.dll
2013-01-01 20:56:21 ----A---- C:\WINDOWS\system32\msdtc.exe
2013-01-01 20:56:20 ----D---- C:\WINDOWS\system32\Com
2013-01-01 20:56:20 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2013-01-01 20:56:20 ----A---- C:\WINDOWS\system32\mtxex.dll
2013-01-01 20:56:20 ----A---- C:\WINDOWS\system32\mtxdm.dll
2013-01-01 20:56:20 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2013-01-01 20:56:20 ----A---- C:\WINDOWS\system32\comrepl.dll
2013-01-01 20:56:20 ----A---- C:\WINDOWS\system32\comaddin.dll
2013-01-01 20:56:20 ----A---- C:\WINDOWS\system32\colbact.dll
2013-01-01 20:56:19 ----A---- C:\WINDOWS\system32\stclient.dll
2013-01-01 20:56:19 ----A---- C:\WINDOWS\system32\clbcatex.dll
2013-01-01 20:56:19 ----A---- C:\WINDOWS\system32\catsrvut.dll
2013-01-01 20:56:19 ----A---- C:\WINDOWS\system32\catsrvps.dll
2013-01-01 20:56:19 ----A---- C:\WINDOWS\system32\catsrv.dll
2013-01-01 20:56:18 ----A---- C:\WINDOWS\system32\comuid.dll
2013-01-01 20:56:18 ----A---- C:\WINDOWS\system32\comsvcs.dll
2013-01-01 20:56:18 ----A---- C:\WINDOWS\system32\comsnap.dll
2013-01-01 20:56:17 ----A---- C:\WINDOWS\system32\clbcatq.dll
2013-01-01 20:56:10 ----A---- C:\WINDOWS\system32\servdeps.dll
2013-01-01 20:56:10 ----A---- C:\WINDOWS\system32\mmfutil.dll
2013-01-01 20:56:10 ----A---- C:\WINDOWS\system32\licwmi.dll
2013-01-01 20:56:08 ----A---- C:\WINDOWS\system32\cmprops.dll
2013-01-01 20:56:05 ----A---- C:\WINDOWS\system32\drivers\termdd.sys
2013-01-01 20:56:05 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys

======List of files/folders modified in the last 1 month======

2013-01-10 16:12:15 ----A---- C:\WINDOWS\system.ini
2013-01-09 02:37:37 ----A---- C:\WINDOWS\win.ini
2013-01-01 21:00:49 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2012-12-16 13:23:59 ----A---- C:\WINDOWS\system32\atmfd.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2012-11-08 99080]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\WINDOWS\System32\DRIVERS\cmderd.sys [2012-11-08 18096]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2012-11-08 32640]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2013-01-01 242240]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 catchme;catchme; \??\C:\DOCUME~1\Jozifek\LOCALS~1\Temp\catchme.sys []
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-11-16 165496]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 LUsbKbd;SetPoint USB Filter Driver; C:\WINDOWS\system32\drivers\LUsbKbd.sys [2006-07-19 14848]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-07 21760]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2012-11-08 497952]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-14 48128]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-14 38912]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-02-07 1399615]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-17 4707328]
S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-14 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-08-08 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-08-08 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 1435568]
S2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2012-11-08 1990464]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2013-01-02 153584]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-09 251400]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-01-04 115168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

[Skaler.x.]

Combofix

ComboFix 13-01-06.01 - Jozifek . 01. 2013 16:06:44.4.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.1527.1151 [GMT 1:00]
Running from: c:\docume~1\Jozifek\LOCALS~1\Temp\3582-490\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\directx.sys
c:\windows\msmqinst.log
c:\windows\svchost.com
.
.
((((((((((((((((((((((((( Files Created from 2012-12-10 to 2013-01-10 )))))))))))))))))))))))))))))))
.
.
2013-01-08 15:27 . 2013-01-08 15:28 -------- d-----w- C:\rsit
2013-01-04 11:21 . 2013-01-04 11:21 -------- d-----w- C:\VritualRoot
2013-01-03 17:57 . 2013-01-03 17:57 -------- d-----r- C:\MSOCache
2013-01-02 21:40 . 2013-01-02 21:40 -------- d-----w- C:\NFS Underground 2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2008-04-14 06:37 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2012-11-13 11:55 . 2008-04-14 05:45 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-07 23:38 . 2010-09-10 22:40 99080 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-11-07 23:38 . 2010-09-10 22:40 32640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 23:38 . 2010-09-10 22:40 497952 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 23:38 . 2010-09-10 22:40 18096 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-07 23:37 . 2010-09-10 22:41 301264 ----a-w- c:\windows\system32\guard32.dll
2012-11-06 02:00 . 2008-04-14 06:51 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:03 . 2008-04-14 06:51 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2008-08-08 15:43 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2008-08-08 15:43 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2008-08-08 15:43 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2008-08-08 15:43 385024 ------w- c:\windows\system32\html.iec
2013-01-04 15:19 . 2013-01-02 15:40 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-08-08 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\progra~1\DAEMON~1\DTLite.exe" [2012-11-06 3673728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\ioQuake3&TA\\ioquake3.x86-TA.exe"=
"c:\\Program Files\\ioQuake3&TA\\ioquake3.x86.exe"=
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [10. 9. 2010 23:40 18096]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10. 9. 2010 23:40 32640]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1. 1. 2013 22:56 242240]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [10. 12. 2012 17:29 1435568]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10. 9. 2010 23:40 497952]
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-01 14:52]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.16.0.2 195.168.1.4 62.168.96.4
FF - ProfilePath - c:\documents and settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\
FF - prefs.js: browser.search.selectedEngine - Vyhledávání videí ve službě YouTube
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - true
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-01-01 22:03; {4BBDD651-70CF-4821-84F8-2B918CF89CA3}; c:\documents and settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF - ExtSQL: 2013-01-01 22:07; artur.dubovoy@gmail.com; c:\documents and settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\extensions\artur.dubovoy@gmail.com
FF - ExtSQL: 2013-01-01 22:07; FasterFox_Lite@BigRedBrent; c:\documents and settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\extensions\FasterFox_Lite@BigRedBrent
FF - ExtSQL: 2013-01-01 22:07; {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}; c:\documents and settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - ExtSQL: 2013-01-01 22:07; {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}; c:\documents and settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - ExtSQL: 2013-01-01 22:12; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - ExtSQL: 2013-01-02 16:48; jqs@sun.com; c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - ExtSQL: 2013-01-02 16:48; {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-10 16:12
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\guard32.dll
.
Completion time: 2013-01-10 16:13:30
ComboFix-quarantined-files.txt 2013-01-10 15:13
ComboFix2.txt 2013-01-08 11:57
ComboFix3.txt 2013-01-07 20:53
ComboFix4.txt 2013-01-07 19:44
.
Pre-Run: Volných bajtů: 142 125 920 256
Post-Run: Volných bajtů: 142 122 401 792
.

[Skaler.x.]

Nasiel som aj tie txtcka, mam ich sem dat, alebo kde je problem?

[Skaler.x.]

Vedel som ze pouzitie CF ma rizika, nevedel som vsak, ze nezaznamena vsetky akcie do logu a tym vam stazi robotu.Vzdy si vsetko v pc snazim robit sam.

dirext.sys bez nalezu.
svchost.com je zmazany.

momentalne problem zase pretrvava, .exe sa daju spustit, len obklukou, cez spustit ako spravca a tam dam moj ucet.

CF 02

ComboFix 13-01-06.01 - Jozifek . 01. 2013 12:51:56.3.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.1527.1102 [GMT 1:00]
Running from: c:\documents and settings\Jozifek\Plocha\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\directx.sys
c:\windows\svchost.com
.
.
((((((((((((((((((((((((( Files Created from 2012-12-08 to 2013-01-08 )))))))))))))))))))))))))))))))
.
.
2013-01-04 11:21 . 2013-01-04 11:21 -------- d-----w- C:\VritualRoot
2013-01-03 17:57 . 2013-01-03 17:57 -------- d-----r- C:\MSOCache
2013-01-02 21:40 . 2013-01-02 21:40 -------- d-----w- C:\NFS Underground 2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2008-04-14 06:37 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2012-11-13 11:55 . 2008-04-14 05:45 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-07 23:38 . 2010-09-10 22:40 99080 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-11-07 23:38 . 2010-09-10 22:40 32640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 23:38 . 2010-09-10 22:40 497952 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 23:38 . 2010-09-10 22:40 18096 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-07 23:37 . 2010-09-10 22:41 301264 ----a-w- c:\windows\system32\guard32.dll
2012-11-02 02:03 . 2008-04-14 06:51 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2008-08-08 15:43 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2008-08-08 15:43 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2008-08-08 15:43 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2008-08-08 15:43 385024 ------w- c:\windows\system32\html.iec
2013-01-04 15:19 . 2013-01-02 15:40 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-08-08 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\progra~1\DAEMON~1\DTLite.exe" [2012-11-06 3673728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\ioQuake3&TA\\ioquake3.x86-TA.exe"=
"c:\\Program Files\\ioQuake3&TA\\ioquake3.x86.exe"=
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [10. 9. 2010 23:40 18096]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10. 9. 2010 23:40 32640]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1. 1. 2013 22:56 242240]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [10. 12. 2012 17:29 1435568]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10. 9. 2010 23:40 497952]
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-01 21:44]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.16.0.2 195.168.1.4 62.168.96.4
FF - ProfilePath - c:\documents and settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\
FF - prefs.js: browser.search.selectedEngine - Vyhledávání videí ve službě YouTube
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - true
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-01-01 22:03; {4BBDD651-70CF-4821-84F8-2B918CF89CA3}; c:\documents and settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF - ExtSQL: 2013-01-01 22:07; artur.dubovoy@gmail.com; c:\documents and settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\extensions\artur.dubovoy@gmail.com
FF - ExtSQL: 2013-01-01 22:07; FasterFox_Lite@BigRedBrent; c:\documents and settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\extensions\FasterFox_Lite@BigRedBrent
FF - ExtSQL: 2013-01-01 22:07; {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}; c:\documents and settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - ExtSQL: 2013-01-01 22:07; {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}; c:\documents and settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - ExtSQL: 2013-01-01 22:12; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - ExtSQL: 2013-01-02 16:48; jqs@sun.com; c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - ExtSQL: 2013-01-02 16:48; {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-08 12:56
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(732)
c:\windows\system32\guard32.dll
.
Completion time: 2013-01-08 12:57:51
ComboFix-quarantined-files.txt 2013-01-08 11:57
ComboFix2.txt 2013-01-07 20:53
ComboFix3.txt 2013-01-07 19:44
.
Pre-Run: Volných bajtů: 141 091 143 680
Post-Run: Volných bajtů: 143 879 446 528
.
- - End Of File - - 5073CD0018D582237696A6213403AEB5

[Skaler.x.]

CF 03

ComboFix 13-01-06.01 - Jozifek . 01. 2013 21:48:17.2.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.1527.1253 [GMT 1:00]
Running from: d:\download\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\directx.sys
c:\windows\svchost.com
.
.
((((((((((((((((((((((((( Files Created from 2012-12-07 to 2013-01-07 )))))))))))))))))))))))))))))))
.
.
2013-01-04 11:21 . 2013-01-04 11:21 -------- d-----w- C:\VritualRoot
2013-01-03 17:57 . 2013-01-03 17:57 -------- d-----r- C:\MSOCache
2013-01-02 21:40 . 2013-01-02 21:40 -------- d-----w- C:\NFS Underground 2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2008-04-14 06:37 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2012-11-13 11:55 . 2008-04-14 05:45 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-07 23:38 . 2010-09-10 22:40 99080 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-11-07 23:38 . 2010-09-10 22:40 32640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 23:38 . 2010-09-10 22:40 497952 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 23:38 . 2010-09-10 22:40 18096 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-07 23:37 . 2010-09-10 22:41 301264 ----a-w- c:\windows\system32\guard32.dll
2012-11-02 02:03 . 2008-04-14 06:51 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2008-08-08 15:43 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2008-08-08 15:43 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2008-08-08 15:43 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2008-08-08 15:43 385024 ------w- c:\windows\system32\html.iec
2013-01-04 15:19 . 2013-01-02 15:40 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-08-08 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\progra~1\DAEMON~1\DTLite.exe" [2012-11-06 3673728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\ioQuake3&TA\\ioquake3.x86-TA.exe"=
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [10. 9. 2010 23:40 18096]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10. 9. 2010 23:40 32640]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1. 1. 2013 22:56 242240]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [10. 12. 2012 17:29 1435568]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10. 9. 2010 23:40 497952]
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-01 21:44]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.16.0.2 195.168.1.4 62.168.96.4
FF - ProfilePath - c:\documents and settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\
FF - prefs.js: browser.search.selectedEngine - Google Slovensko
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - true
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-01-01 22:03; {4BBDD651-70CF-4821-84F8-2B918CF89CA3}; c:\documents and settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF - ExtSQL: 2013-01-01 22:07; artur.dubovoy@gmail.com; c:\documents and settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\extensions\artur.dubovoy@gmail.com
FF - ExtSQL: 2013-01-01 22:07; FasterFox_Lite@BigRedBrent; c:\documents and settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\extensions\FasterFox_Lite@BigRedBrent
FF - ExtSQL: 2013-01-01 22:07; {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}; c:\documents and settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - ExtSQL: 2013-01-01 22:07; {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}; c:\documents and settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - ExtSQL: 2013-01-01 22:12; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - ExtSQL: 2013-01-02 16:48; jqs@sun.com; c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - ExtSQL: 2013-01-02 16:48; {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-07 21:52
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\guard32.dll
.
Completion time: 2013-01-07 21:53:57
ComboFix-quarantined-files.txt 2013-01-07 20:53
ComboFix2.txt 2013-01-07 19:44
.
Pre-Run: Volných bajtů: 140 813 926 400
Post-Run: Volných bajtů: 140 808 335 360
.
- - End Of File - - FFF3E9B3858C2D5FF97A2269D99F372D

[Skaler.x.]

CF 04

ComboFix 13-01-06.01 - Jozifek . 01. 2013 20:38:18.1.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.1527.1234 [GMT 1:00]
Running from: c:\documents and settings\Jozifek\Plocha\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\directx.sys
c:\windows\msmqinst.log
c:\windows\regopt.log
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Files Created from 2012-12-07 to 2013-01-07 )))))))))))))))))))))))))))))))
.
.
2013-01-04 11:21 . 2013-01-04 11:21 -------- d-----w- C:\VritualRoot
2013-01-03 17:57 . 2013-01-03 17:57 -------- d-----r- C:\MSOCache
2013-01-02 21:40 . 2013-01-02 21:40 -------- d-----w- C:\NFS Underground 2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2008-04-14 06:37 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2012-11-13 11:55 . 2008-04-14 05:45 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-07 23:38 . 2010-09-10 22:40 99080 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-11-07 23:38 . 2010-09-10 22:40 32640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 23:38 . 2010-09-10 22:40 497952 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 23:38 . 2010-09-10 22:40 18096 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-07 23:37 . 2010-09-10 22:41 301264 ----a-w- c:\windows\system32\guard32.dll
2012-11-02 02:03 . 2008-04-14 06:51 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2008-08-08 15:43 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2008-08-08 15:43 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2008-08-08 15:43 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2008-08-08 15:43 385024 ------w- c:\windows\system32\html.iec
2013-01-04 15:19 . 2013-01-02 15:40 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-08-08 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\progra~1\DAEMON~1\DTLite.exe" [2012-11-06 3673728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\ioQuake3&TA\\ioquake3.x86-TA.exe"=
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [10. 9. 2010 23:40 18096]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10. 9. 2010 23:40 32640]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1. 1. 2013 22:56 242240]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [10. 12. 2012 17:29 1435568]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10. 9. 2010 23:40 497952]
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-01 21:44]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.16.0.2 195.168.1.4 62.168.96.4
FF - ProfilePath - c:\documents and settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\
FF - prefs.js: browser.search.selectedEngine - Google Slovensko
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - true
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-01-01 22:03; {4BBDD651-70CF-4821-84F8-2B918CF89CA3}; c:\documents and settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF - ExtSQL: 2013-01-01 22:07; artur.dubovoy@gmail.com; c:\documents and settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\extensions\artur.dubovoy@gmail.com
FF - ExtSQL: 2013-01-01 22:07; FasterFox_Lite@BigRedBrent; c:\documents and settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\extensions\FasterFox_Lite@BigRedBrent
FF - ExtSQL: 2013-01-01 22:07; {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}; c:\documents and settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - ExtSQL: 2013-01-01 22:07; {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}; c:\documents and settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - ExtSQL: 2013-01-01 22:12; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - ExtSQL: 2013-01-02 16:48; jqs@sun.com; c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - ExtSQL: 2013-01-02 16:48; {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-DivX Setup - c:\documents and settings\All Users\Data aplikací\DivX\Setup\DivXSetup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-07 20:42
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-01-07 20:44:13
ComboFix-quarantined-files.txt 2013-01-07 19:44
.
Pre-Run: Volných bajtů: 140 653 133 824
Post-Run: Volných bajtů: 140 883 120 128
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 222796F13FA64318A04C14DA5D7AD0C8

[Skaler.x.]

ComboFix quarantined files


2013-01-10 15:05:10 . 2013-01-10 15:05:10 57 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\directx.sys.vir
2013-01-10 15:04:51 . 2013-01-10 15:04:51 41,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\svchost.com.vir
2013-01-09 00:55:47 . 2013-01-09 01:28:57 3,780 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\msmqinst.log.vir
2013-01-07 19:43:57 . 2013-01-07 19:43:57 1,164 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-DivX Setup.reg.dat
2013-01-07 19:41:18 . 2013-01-10 15:10:44 8,646 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-01-07 19:14:58 . 2013-01-10 15:05:40 306 ----a-w- C:\Qoobox\Quarantine\catchme.log
2013-01-01 22:49:57 . 2013-01-01 22:50:01 6,326 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\TZLog.log.vir
2013-01-01 20:35:20 . 2013-01-01 20:51:43 1,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\regopt.log.vir

[Skaler.x.]

Virus total:
dirext.sys bez nalezu (0/48)
svchost.com je zmazany.

Bol to crack (hambim sa), z pc je vymazany.

[Skaler.x.]

Qubox: http://czshare.com/4614841/Qoobox.rar

Winrar hlasil:
Cannot read contents of qoobox/backenv/*
Pristup bol odopreny.

Idem otl

[Skaler.x.]

OTL logfile created on: 10. 1. 2013 17:53:13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Jozifek\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovensko | Language: SKY | Date Format: d. M. yyyy

1,49 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,71% Memory free
4,35 Gb Paging File | 3,92 Gb Available in Paging File | 90,31% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 130,89 Gb Free Space | 87,82% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 4,22 Gb Free Space | 1,41% Space Free | Partition Type: NTFS

Computer Name: EMIL | User Name: Jozifek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2013.01.10 17:51:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jozifek\Plocha\OTL.com
PRC - [2013.01.04 16:19:28 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.12.10 17:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012.11.08 00:37:37 | 001,990,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013.01.09 08:07:34 | 014,586,888 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2013.01.04 16:19:27 | 002,397,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.10.05 01:33:28 | 000,070,352 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav


========== Services (SafeList) ==========

SRV - [2013.01.09 15:52:33 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.04 16:19:27 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.10 17:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.11.08 00:37:37 | 001,990,464 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Jozifek\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013.01.01 22:56:04 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.11.08 00:38:17 | 000,099,080 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012.11.08 00:38:16 | 000,032,640 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012.11.08 00:38:14 | 000,497,952 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012.11.08 00:38:13 | 000,018,096 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.04.17 15:33:26 | 004,707,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2006.07.19 12:28:12 | 000,014,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbKbd.sys -- (LUsbKbd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={ ... rer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 90 EE 4A 01 E9 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={ ... orm=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google Slovensko - Slovensko"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.2
FF - prefs.js..extensions.enabledAddons: FasterFox_Lite%40BigRedBrent:3.9.9Lite
FF - prefs.js..extensions.enabledAddons: %7B1A2D0EC4-75F5-4c91-89C4-3656F6E44B68%7D:0.4.6
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0038-ABCDEFFEDCBA%7D:6.0.38
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.9.9Lite
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:3.8.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..keyword.URL: "true"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.01.01 22:12:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.04 16:19:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.09 16:11:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2013.01.01 21:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jozifek\Data aplikací\Mozilla\Extensions
[2013.01.03 17:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\extensions
[2013.01.01 22:07:45 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2013.01.03 17:31:40 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2013.01.01 22:07:45 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2013.01.01 22:07:45 | 000,000,000 | ---D | M] ("Flash Video Downloader Youtube Downloader") -- C:\Documents and Settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\extensions\artur.dubovoy@gmail.com
[2013.01.01 22:07:45 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Documents and Settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\extensions\FasterFox_Lite@BigRedBrent
[2008.11.17 17:14:06 | 000,001,362 | ---- | M] () (No name found) -- C:\Documents and Settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\chrome\skin\xpinstallItemGeneric.png
[2013.01.09 01:59:40 | 000,001,473 | ---- | M] () -- C:\Documents and Settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\searchplugins\google-slovensko---slovensko.xml
[2013.01.09 01:59:41 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\searchplugins\google-slovensko.xml
[2011.02.15 12:56:04 | 000,001,974 | ---- | M] () -- C:\Documents and Settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\searchplugins\hadaj-video.xml
[2010.05.06 10:18:04 | 000,002,388 | ---- | M] () -- C:\Documents and Settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\searchplugins\hellspy.xml
[2009.01.08 15:30:58 | 000,001,692 | ---- | M] () -- C:\Documents and Settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\searchplugins\sfd.xml
[2010.09.13 12:11:50 | 000,002,476 | ---- | M] () -- C:\Documents and Settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\searchplugins\stahujcz.xml
[2009.01.15 06:50:58 | 000,002,143 | ---- | M] () -- C:\Documents and Settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\ywf1h3dx.default\searchplugins\vyhledvn-vide-ve-slub-youtube.xml
[2013.01.02 16:48:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.01.02 16:48:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JOZIFEK\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\YWF1H3DX.DEFAULT\EXTENSIONS\{1A2D0EC4-75F5-4C91-89C4-3656F6E44B68}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JOZIFEK\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\YWF1H3DX.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JOZIFEK\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\YWF1H3DX.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JOZIFEK\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\YWF1H3DX.DEFAULT\EXTENSIONS\FASTERFOX_LITE@BIGREDBRENT
[2013.01.01 22:12:49 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013.01.02 16:48:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2013.01.04 16:19:28 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.01.04 16:19:23 | 000,001,583 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\atlas-sk.xml
[2013.01.04 16:19:23 | 000,001,380 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\azet-sk.xml
[2013.01.04 16:19:23 | 000,001,479 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\dunaj-sk.xml
[2013.01.04 16:19:23 | 000,001,473 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slovnik-sk.xml
[2012.07.06 17:54:44 | 000,002,004 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\vyhladavanie.xml
[2013.01.04 16:19:23 | 000,001,104 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sk.xml
[2013.01.04 16:19:23 | 000,000,830 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\zoznam-sk.xml

O1 HOSTS File: ([2013.01.10 16:12:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_38)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8269F3EA-0360-4919-B475-5E07A2F2717E}: DhcpNameServer = 172.16.0.2 195.168.1.4 62.168.96.4
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.01.01 21:01:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- C:\WINDOWS\svchost.com "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- C:\WINDOWS\svchost.com "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.LAGS - C:\WINDOWS\System32\lagarith.dll ( )
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2013.01.10 17:52:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jozifek\Plocha\OTL.com
[2013.01.10 17:43:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.01.10 17:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jozifek\Plocha\Qoobox
[2013.01.10 16:13:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013.01.10 16:01:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jozifek\Local Settings\Data aplikací\COMODO
[2013.01.09 02:35:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013.01.08 18:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jozifek\Local Settings\Data aplikací\WMTools Downloaded Files
[2013.01.08 18:13:36 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2013.01.08 18:13:20 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2013.01.08 18:13:08 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2013.01.08 18:13:07 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2013.01.08 18:13:07 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2013.01.08 18:12:53 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2013.01.08 18:12:39 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2013.01.08 18:12:25 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2013.01.08 18:12:13 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2013.01.08 18:11:16 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2013.01.08 18:11:16 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax
[2013.01.08 18:11:15 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2013.01.08 18:11:15 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2013.01.08 18:11:15 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2013.01.08 18:11:15 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2013.01.08 18:11:15 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2013.01.08 18:11:14 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2013.01.08 18:11:14 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2013.01.08 18:11:14 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2013.01.08 18:11:14 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2013.01.08 18:11:00 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2013.01.08 18:10:46 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2013.01.08 16:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013.01.08 16:27:51 | 000,000,000 | ---D | C] -- C:\rsit
[2013.01.08 12:31:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013.01.07 20:36:59 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.01.07 20:23:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.01.07 20:23:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.01.07 20:23:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.01.07 20:23:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.01.07 20:14:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2013.01.07 20:14:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.07 20:13:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jozifek\Nabídka Start\Programy\Nástroje pro správu
[2013.01.07 19:16:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Bethesda Softworks
[2013.01.06 12:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Comodo Downloader
[2013.01.06 12:42:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2013.01.05 23:55:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Shutter
[2013.01.05 23:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Shutter
[2013.01.05 20:29:25 | 000,034,024 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2013.01.05 06:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
[2013.01.04 15:44:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jozifek\Data aplikací\COWON
[2013.01.04 13:43:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\jetAudio
[2013.01.04 13:43:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\COWON
[2013.01.04 13:43:47 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2013.01.04 13:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\JetAudio
[2013.01.04 12:21:31 | 000,000,000 | ---D | C] -- C:\VritualRoot
[2013.01.03 22:34:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jozifek\Plocha\Vec - Stereo farbo slepo (2012)
[2013.01.03 19:53:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\COMODO
[2013.01.03 19:52:54 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2013.01.03 19:52:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Comodo
[2013.01.03 19:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Microsoft Office
[2013.01.03 18:59:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2013.01.03 18:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2013.01.03 18:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013.01.03 18:57:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2013.01.03 18:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jozifek\Local Settings\Data aplikací\Microsoft Help
[2013.01.03 18:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013.01.03 18:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
[2013.01.03 18:57:11 | 000,000,000 | R--D | C] -- C:\MSOCache
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2013.01.10 17:54:54 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.01.10 17:51:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jozifek\Plocha\OTL.com
[2013.01.10 17:50:19 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.01.10 17:50:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.10 17:49:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.10 17:49:50 | 1601,622,016 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.10 17:47:33 | 000,038,251 | ---- | M] () -- C:\Qoobox.rar
[2013.01.10 17:45:29 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2013.01.10 16:32:07 | 000,000,050 | ---- | M] () -- C:\WINDOWS\directx.sys
[2013.01.10 16:30:53 | 000,311,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.10 16:30:53 | 000,309,832 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2013.01.10 16:30:53 | 000,046,156 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2013.01.10 16:30:53 | 000,040,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.10 16:12:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.01.10 15:59:26 | 005,060,656 | R--- | M] () -- C:\Documents and Settings\Jozifek\Plocha\ComboFix.exe
[2013.01.09 15:52:31 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.01.09 15:52:31 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.01.09 02:37:37 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013.01.09 01:55:50 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.01.08 18:43:58 | 161,001,147 | ---- | M] () -- C:\Documents and Settings\Jozifek\Plocha\mia 2.wmv
[2013.01.08 18:43:58 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Jozifek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.08 18:26:51 | 105,887,869 | ---- | M] () -- C:\Documents and Settings\Jozifek\Plocha\mia .wmv
[2013.01.07 21:46:43 | 000,000,498 | ---- | M] () -- C:\Documents and Settings\Jozifek\Plocha\Zástupce - ComboFix.lnk
[2013.01.06 12:52:26 | 000,001,656 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Team Arena.lnk
[2013.01.06 12:49:35 | 000,001,601 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Quake Arena.lnk
[2013.01.05 23:55:27 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\Jozifek\Plocha\Shutter.lnk
[2013.01.04 13:44:05 | 000,001,496 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\jetAudio.lnk
[2013.01.03 19:55:18 | 000,139,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.03 19:53:00 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\Jozifek\Plocha\COMODO Internet Security.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.01.10 17:54:54 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.01.10 17:49:50 | 1601,622,016 | -HS- | C] () -- C:\hiberfil.sys
[2013.01.10 17:43:25 | 000,038,251 | ---- | C] () -- C:\Qoobox.rar
[2013.01.10 16:13:51 | 000,000,050 | ---- | C] () -- C:\WINDOWS\directx.sys
[2013.01.08 18:27:51 | 161,001,147 | ---- | C] () -- C:\Documents and Settings\Jozifek\Plocha\mia 2.wmv
[2013.01.08 18:14:40 | 105,887,869 | ---- | C] () -- C:\Documents and Settings\Jozifek\Plocha\mia .wmv
[2013.01.07 21:46:43 | 000,000,498 | ---- | C] () -- C:\Documents and Settings\Jozifek\Plocha\Zástupce - ComboFix.lnk
[2013.01.07 21:44:45 | 005,060,656 | R--- | C] () -- C:\Documents and Settings\Jozifek\Plocha\ComboFix.exe
[2013.01.07 20:37:02 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013.01.07 20:37:00 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013.01.07 20:23:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.01.07 20:23:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.01.07 20:23:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.01.07 20:23:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.01.07 20:23:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.01.05 23:55:27 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\Jozifek\Plocha\Shutter.lnk
[2013.01.04 19:29:39 | 1133,200,100 | ---- | C] () -- C:\Documents and Settings\Jozifek\Plocha\bila.vdova.2000.dvdrip.divx.ac3.czdab.avi
[2013.01.04 13:44:05 | 000,001,496 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\jetAudio.lnk
[2013.01.03 19:55:14 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2013.01.03 19:53:00 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\Jozifek\Plocha\COMODO Internet Security.lnk
[2013.01.02 16:45:49 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013.01.02 16:45:49 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013.01.02 16:45:49 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2013.01.02 16:45:49 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2013.01.02 16:45:46 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013.01.02 13:34:38 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Jozifek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.01 22:58:20 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2013.01.01 21:37:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013.01.01 21:35:37 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013.01.01 21:16:38 | 000,139,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.01 21:03:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013.01.01 20:57:41 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 07:51:56 | 001,499,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 07:52:06 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST3160023AS
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: SAMSUNG HD321KJ
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic USB SD Reader USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic USB CF Reader USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic USB SM Reader USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE5 -
Interface type: USB
Media Type:
Model: Generic USB MS Reader USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 149,00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 298,00GB
Starting Offset: 31744
Hidden sectors: 0


========== Base Services ==========
SRV - [2008.04.14 07:52:10 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008.04.14 07:52:10 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008.04.14 07:51:56 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012.07.06 14:58:55 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008.04.14 07:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008.04.14 07:51:40 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009.04.20 18:19:42 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009.02.09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008.04.14 07:51:42 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009.07.28 00:19:06 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008.04.14 07:52:06 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008.04.14 09:51:44 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008.04.14 07:52:28 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008.04.14 07:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008.04.14 07:51:40 | 000,024,064 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008.04.14 07:52:20 | 000,225,280 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008.04.14 07:52:20 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008.04.14 07:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008.04.14 07:51:52 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008.06.20 17:04:19 | 000,247,296 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009.02.09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010.08.17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008.04.14 07:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008.04.14 07:51:56 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008.04.14 07:51:56 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009.02.09 11:56:06 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008.04.14 07:51:52 | 000,435,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008.04.14 07:51:56 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008.04.14 07:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008.04.14 07:52:08 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010.08.27 06:54:10 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)
SRV - [2009.07.28 00:19:06 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008.04.14 07:52:04 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008.04.14 07:51:56 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008.04.14 07:51:46 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008.04.14 07:52:04 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008.04.14 07:52:04 | 000,295,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009.07.28 00:19:06 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008.04.14 07:52:52 | 000,290,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008.04.14 07:51:38 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008.04.14 07:51:46 | 000,329,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008.04.14 07:52:06 | 000,334,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008.04.14 07:52:36 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008.04.14 07:52:06 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009.02.09 11:56:05 | 000,684,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008.04.14 07:51:40 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008.04.14 08:10:02 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009.06.10 07:16:20 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< >

< MD5 for: ACPI.SYS >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:acpi.sys
[2008.04.14 06:35:42 | 000,188,288 | ---- | M] (Microsoft Corporation) MD5=4FE34F1F3126B61FCC6B2043AA8112C9 -- C:\WINDOWS\system32\drivers\acpi.sys

< MD5 for: ADP3132.SYS >
[2007.07.09 09:00:26 | 000,313,856 | ---- | M] (Adaptec, Inc.) MD5=103D0B6150D2ECD127122E359C2B4A0E -- C:\WINDOWS\DriverPacks\M\ADA\ADP3132.sys

< MD5 for: AFD.SYS >
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\SoftwareDistribution\Download\6a56fd9294415a1a220e891069400e0e\SP3GDR\afd.sys
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008.04.13 23:49:24 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2008.10.16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008.10.16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\SoftwareDistribution\Download\fe608cd8d2b8f77abaee7a69a696bcf7\sp3qfe\afd.sys
[2008.10.16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008.10.16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\SoftwareDistribution\Download\fe608cd8d2b8f77abaee7a69a696bcf7\sp3gdr\afd.sys
[2011.08.17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
[2011.08.17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\SoftwareDistribution\Download\6a56fd9294415a1a220e891069400e0e\SP3QFE\afd.sys

< MD5 for: AGP440.SYS >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: AHCIX86.SYS >
[2007.03.07 11:47:30 | 000,119,808 | ---- | M] (ATI Technologies Inc.) MD5=F1B9E3A223CA684D98BB91FD82157601 -- C:\WINDOWS\DriverPacks\M\AT\ahcix86.sys

< MD5 for: ATAPI.SYS >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 07:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 07:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2008.04.14 07:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\dllcache\autochk.exe

< MD5 for: CDROM.SYS >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.13 23:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CMD.EXE >
[2008.04.14 07:52:16 | 000,390,144 | ---- | M] (Microsoft Corporation) MD5=58A4129B7AB2CF2E7F00256F7EDAEAC2 -- C:\WINDOWS\system32\cmd.exe
[2008.04.14 07:52:16 | 000,390,144 | ---- | M] (Microsoft Corporation) MD5=58A4129B7AB2CF2E7F00256F7EDAEAC2 -- C:\WINDOWS\system32\dllcache\cmd.exe

< MD5 for: CRYPTSVC.DLL >
[2008.04.14 07:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 07:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 07:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: CSRSS.EXE >
[2008.04.14 07:52:18 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=628CE66E3FD35BFC7969DBAC245DC069 -- C:\WINDOWS\system32\csrss.exe
[2008.04.14 07:52:18 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=628CE66E3FD35BFC7969DBAC245DC069 -- C:\WINDOWS\system32\dllcache\csrss.exe

< MD5 for: EVENTLOG.DLL >
[2008.04.14 07:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 07:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 07:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: FASTFAT.SYS >
[2008.04.13 23:44:30 | 000,143,744 | ---- | M] (Microsoft Corporation) MD5=38D332A6D56AF32635675F132548343E -- C:\WINDOWS\system32\dllcache\fastfat.sys
[2008.04.13 23:44:30 | 000,143,744 | ---- | M] (Microsoft Corporation) MD5=38D332A6D56AF32635675F132548343E -- C:\WINDOWS\system32\drivers\fastfat.sys

< MD5 for: HAL.DLL >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.13 23:01:30 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys

< MD5 for: I8042PRT.SYS >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:i8042prt.sys
[2008.04.14 06:51:16 | 000,052,096 | ---- | M] (Microsoft Corporation) MD5=C528E27945367191E7BAE364930B6932 -- C:\WINDOWS\system32\drivers\i8042prt.sys

< MD5 for: IASTOR.SYS >
[2007.09.29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\DriverPacks\M\I3\IaStor.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 08:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: KBDCLASS.SYS >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:kbdclass.sys
[2008.04.14 08:59:08 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=1B6162FE7F66B1A71A4B70F941C4AA9B -- C:\WINDOWS\ERDNT\cache\kbdclass.sys
[2008.04.14 08:59:08 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=1B6162FE7F66B1A71A4B70F941C4AA9B -- C:\WINDOWS\system32\drivers\kbdclass.sys
[2008.04.14 08:59:08 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=1B6162FE7F66B1A71A4B70F941C4AA9B -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\kbdclass.sys

< MD5 for: LSASS.EXE >
[2008.04.14 07:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 07:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 07:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: MV61XX.SYS >
[2007.10.18 21:22:02 | 000,143,360 | ---- | M] (Marvell Semiconductor, Inc.) MD5=72580605F36048262C674EE925031C3C -- C:\WINDOWS\DriverPacks\M\M\MV61XX.SYS

< MD5 for: NDIS.SYS >
[2008.04.13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 07:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 07:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 07:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NTFS.SYS >
[2008.04.13 23:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ERDNT\cache\ntfs.sys
[2008.04.13 23:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\dllcache\ntfs.sys
[2008.04.13 23:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004.08.03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS

< MD5 for: NTKRNLPA.EXE >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:ntkrnlpa.exe
[2012.08.23 07:27:29 | 002,071,808 | ---- | M] (Microsoft Corporation) MD5=0CE36EEAE97C51DDEFF08BF17570657D -- C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
[2012.08.23 07:27:29 | 002,071,808 | ---- | M] (Microsoft Corporation) MD5=0CE36EEAE97C51DDEFF08BF17570657D -- C:\WINDOWS\ERDNT\cache\ntkrnlpa.exe
[2012.08.23 07:27:29 | 002,071,808 | ---- | M] (Microsoft Corporation) MD5=0CE36EEAE97C51DDEFF08BF17570657D -- C:\WINDOWS\SoftwareDistribution\Download\8c7f8b15b3df1ced71363573f3384e03\sp3gdr\ntkrnlpa.exe
[2012.08.23 07:27:29 | 002,071,808 | ---- | M] (Microsoft Corporation) MD5=0CE36EEAE97C51DDEFF08BF17570657D -- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
[2012.08.23 07:27:29 | 002,071,808 | ---- | M] (Microsoft Corporation) MD5=0CE36EEAE97C51DDEFF08BF17570657D -- C:\WINDOWS\system32\ntkrnlpa.exe
[2012.04.11 14:55:21 | 002,071,296 | ---- | M] (Microsoft Corporation) MD5=1425572D094BF586C6898F90B2956A21 -- C:\WINDOWS\$NtUninstallKB2724197$\ntkrnlpa.exe
[2012.04.11 14:55:21 | 002,071,296 | ---- | M] (Microsoft Corporation) MD5=1425572D094BF586C6898F90B2956A21 -- C:\WINDOWS\SoftwareDistribution\Download\491cb576c5065ef182ff20f18654e8f4\sp3gdr\ntkrnlpa.exe
[2010.12.09 20:44:36 | 002,071,552 | ---- | M] (Microsoft Corporation) MD5=40D176442F70573DBA0E05A7E40D3EBB -- C:\WINDOWS\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[2010.12.09 20:44:36 | 002,071,552 | ---- | M] (Microsoft Corporation) MD5=40D176442F70573DBA0E05A7E40D3EBB -- C:\WINDOWS\SoftwareDistribution\Download\12a74340a66b7d58c4c319d3d76434da\SP3QFE\ntkrnlpa.exe
[2008.04.14 08:10:02 | 002,067,968 | ---- | M] (Microsoft Corporation) MD5=4DEE41C45E803DB91A72FD1BA69C05EE -- C:\WINDOWS\$NtUninstallKB2393802$\ntkrnlpa.exe
[2010.12.09 16:14:04 | 002,071,552 | ---- | M] (Microsoft Corporation) MD5=4FE7B81BEDE8D37C9E3D95C99A56A34E -- C:\WINDOWS\$NtUninstallKB2676562$\ntkrnlpa.exe
[2010.12.09 16:14:04 | 002,071,552 | ---- | M] (Microsoft Corporation) MD5=4FE7B81BEDE8D37C9E3D95C99A56A34E -- C:\WINDOWS\SoftwareDistribution\Download\12a74340a66b7d58c4c319d3d76434da\SP3GDR\ntkrnlpa.exe
[2009.02.09 12:52:19 | 002,059,904 | ---- | M] (Microsoft Corporation) MD5=73A13AA10E146A3E2B4AC6D007953A74 -- C:\WINDOWS\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP2GDR\ntkrnlpa.exe
[2012.04.11 14:51:42 | 002,071,296 | ---- | M] (Microsoft Corporation) MD5=A016212FC91A7E9BA251D3C8BCFB4791 -- C:\WINDOWS\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe
[2012.04.11 14:51:42 | 002,071,296 | ---- | M] (Microsoft Corporation) MD5=A016212FC91A7E9BA251D3C8BCFB4791 -- C:\WINDOWS\SoftwareDistribution\Download\491cb576c5065ef182ff20f18654e8f4\sp3qfe\ntkrnlpa.exe
[2012.08.23 07:26:12 | 002,071,808 | ---- | M] (Microsoft Corporation) MD5=A818179E96B92BAA91203CE32D89136A -- C:\WINDOWS\$hf_mig$\KB2724197\SP3QFE\ntkrnlpa.exe
[2012.08.23 07:26:12 | 002,071,808 | ---- | M] (Microsoft Corporation) MD5=A818179E96B92BAA91203CE32D89136A -- C:\WINDOWS\SoftwareDistribution\Download\8c7f8b15b3df1ced71363573f3384e03\sp3qfe\ntkrnlpa.exe
[2009.02.09 12:44:58 | 002,065,152 | ---- | M] (Microsoft Corporation) MD5=BB64DC108F8C4EE4D4B7998AA19E5FA7 -- C:\WINDOWS\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP2QFE\ntkrnlpa.exe
[2009.02.10 19:09:12 | 002,068,224 | ---- | M] (Microsoft Corporation) MD5=D721665942F74CA7FF4162A0761CBB0A -- C:\WINDOWS\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP3GDR\ntkrnlpa.exe
[2009.02.09 12:19:06 | 002,068,352 | ---- | M] (Microsoft Corporation) MD5=FF8A3F180A224AA27EBAB937CA027F4D -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[2009.02.09 12:19:06 | 002,068,352 | ---- | M] (Microsoft Corporation) MD5=FF8A3F180A224AA27EBAB937CA027F4D -- C:\WINDOWS\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP3QFE\ntkrnlpa.exe

< MD5 for: NTOSKRNL.EXE >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:ntoskrnl.exe
[2012.04.11 14:55:02 | 002,194,816 | ---- | M] (Microsoft Corporation) MD5=4F74AF900C37B74B87D1167D2B09756B -- C:\WINDOWS\$NtUninstallKB2724197$\ntoskrnl.exe
[2012.04.11 14:55:02 | 002,194,816 | ---- | M] (Microsoft Corporation) MD5=4F74AF900C37B74B87D1167D2B09756B -- C:\WINDOWS\SoftwareDistribution\Download\491cb576c5065ef182ff20f18654e8f4\sp3gdr\ntoskrnl.exe
[2012.08.23 07:26:12 | 002,195,200 | ---- | M] (Microsoft Corporation) MD5=6AEE8673A323577F0553ECFE363510DD -- C:\WINDOWS\$hf_mig$\KB2724197\SP3QFE\ntoskrnl.exe
[2012.08.23 07:26:12 | 002,195,200 | ---- | M] (Microsoft Corporation) MD5=6AEE8673A323577F0553ECFE363510DD -- C:\WINDOWS\SoftwareDistribution\Download\8c7f8b15b3df1ced71363573f3384e03\sp3qfe\ntoskrnl.exe
[2012.08.23 07:27:29 | 002,195,072 | ---- | M] (Microsoft Corporation) MD5=7605C57E06E90011C80D74C246BD21AB -- C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
[2012.08.23 07:27:29 | 002,195,072 | ---- | M] (Microsoft Corporation) MD5=7605C57E06E90011C80D74C246BD21AB -- C:\WINDOWS\ERDNT\cache\ntoskrnl.exe
[2012.08.23 07:27:29 | 002,195,072 | ---- | M] (Microsoft Corporation) MD5=7605C57E06E90011C80D74C246BD21AB -- C:\WINDOWS\SoftwareDistribution\Download\8c7f8b15b3df1ced71363573f3384e03\sp3gdr\ntoskrnl.exe
[2012.08.23 07:27:29 | 002,195,072 | ---- | M] (Microsoft Corporation) MD5=7605C57E06E90011C80D74C246BD21AB -- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
[2012.08.23 07:27:29 | 002,195,072 | ---- | M] (Microsoft Corporation) MD5=7605C57E06E90011C80D74C246BD21AB -- C:\WINDOWS\system32\ntoskrnl.exe
[2012.04.11 14:51:40 | 002,194,816 | ---- | M] (Microsoft Corporation) MD5=818751F31F07EA8723E17B017113BED8 -- C:\WINDOWS\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe
[2012.04.11 14:51:40 | 002,194,816 | ---- | M] (Microsoft Corporation) MD5=818751F31F07EA8723E17B017113BED8 -- C:\WINDOWS\SoftwareDistribution\Download\491cb576c5065ef182ff20f18654e8f4\sp3qfe\ntoskrnl.exe
[2010.12.09 16:14:39 | 002,194,944 | ---- | M] (Microsoft Corporation) MD5=8D222D8EF9B1951296F822583A044542 -- C:\WINDOWS\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[2010.12.09 16:14:39 | 002,194,944 | ---- | M] (Microsoft Corporation) MD5=8D222D8EF9B1951296F822583A044542 -- C:\WINDOWS\SoftwareDistribution\Download\12a74340a66b7d58c4c319d3d76434da\SP3QFE\ntoskrnl.exe
[2009.02.10 19:18:42 | 002,191,360 | ---- | M] (Microsoft Corporation) MD5=97480EBFE1D4B547657BAD75AAAB1325 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[2009.02.10 19:18:42 | 002,191,360 | ---- | M] (Microsoft Corporation) MD5=97480EBFE1D4B547657BAD75AAAB1325 -- C:\WINDOWS\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP3QFE\ntoskrnl.exe
[2010.12.09 16:14:08 | 002,194,944 | ---- | M] (Microsoft Corporation) MD5=B6C5D4CBB22EEF31FAFBB76C2C6F3D99 -- C:\WINDOWS\$NtUninstallKB2676562$\ntoskrnl.exe
[2010.12.09 16:14:08 | 002,194,944 | ---- | M] (Microsoft Corporation) MD5=B6C5D4CBB22EEF31FAFBB76C2C6F3D99 -- C:\WINDOWS\SoftwareDistribution\Download\12a74340a66b7d58c4c319d3d76434da\SP3GDR\ntoskrnl.exe
[2008.04.14 07:07:10 | 002,191,104 | ---- | M] (Microsoft Corporation) MD5=C1536014AC1CB1D5397E31D9735E6571 -- C:\WINDOWS\$NtUninstallKB2393802$\ntoskrnl.exe
[2009.02.09 12:44:53 | 002,188,288 | ---- | M] (Microsoft Corporation) MD5=C424407DDD99223BF3248044CBBE91F6 -- C:\WINDOWS\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP2QFE\ntoskrnl.exe
[2009.02.09 12:52:17 | 002,182,656 | ---- | M] (Microsoft Corporation) MD5=DF530FCAD41349C92945DF52EBA9F3E4 -- C:\WINDOWS\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP2GDR\ntoskrnl.exe
[2009.02.09 12:26:15 | 002,191,232 | ---- | M] (Microsoft Corporation) MD5=F48662F55CD8DDD4DBBBCB69DE197725 -- C:\WINDOWS\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP3GDR\ntoskrnl.exe

< MD5 for: NVATABUS.SYS >
[2006.02.26 16:21:18 | 000,089,856 | ---- | M] (NVIDIA Corporation) MD5=83F0275A21D9772B51CEF57E35AFAE61 -- C:\WINDOWS\DriverPacks\M\N\123\NVATABUS.sys
[2006.04.24 16:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\DriverPacks\M\N\TM\NVATABUS.sys

< MD5 for: NVGTS.SYS >
[2007.07.27 21:16:02 | 000,105,984 | ---- | M] (NVIDIA Corporation) MD5=4BC4BAAED05161E0D331627E90A10745 -- C:\WINDOWS\DriverPacks\M\N\6\nvgts.sys

< MD5 for: NVRAID.SYS >
[2006.04.24 16:52:36 | 000,082,944 | ---- | M] (NVIDIA Corporation) MD5=B65CE56C36F573113FF2F6D0F07B7563 -- C:\WINDOWS\DriverPacks\M\N\TM\NVRAID.sys
[2006.02.26 16:21:18 | 000,063,232 | ---- | M] (NVIDIA Corporation) MD5=B95B5FB53245D6C7AD5696CE71360EED -- C:\WINDOWS\DriverPacks\M\N\123\NVRAID.sys

[Skaler.x.]

< MD5 for: NVRD32.SYS >
[2007.07.27 21:15:56 | 000,116,736 | ---- | M] (NVIDIA Corporation) MD5=77AC69AC4F07BD9D29528B8FCC71FB49 -- C:\WINDOWS\DriverPacks\M\N\6\nvrd32.sys

< MD5 for: REGEDIT.EXE >
[2008.04.14 07:52:44 | 000,147,968 | ---- | M] (Microsoft Corporation) MD5=FDEB1D02CAE38665CBF114F44E6B997E -- C:\WINDOWS\ERDNT\cache\regedit.exe
[2008.04.14 07:52:44 | 000,147,968 | ---- | M] (Microsoft Corporation) MD5=FDEB1D02CAE38665CBF114F44E6B997E -- C:\WINDOWS\regedit.exe
[2008.04.14 07:52:44 | 000,147,968 | ---- | M] (Microsoft Corporation) MD5=FDEB1D02CAE38665CBF114F44E6B997E -- C:\WINDOWS\system32\dllcache\regedit.exe

< MD5 for: SCECLI.DLL >
[2008.04.14 07:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 07:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 07:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.02.09 10:54:36 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=33081FED75032291EE0E008D5385E86F -- C:\WINDOWS\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP2QFE\services.exe
[2009.02.09 12:18:56 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=3D107D45CCFDB266E91D84B52CD7F430 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009.02.09 12:18:56 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=3D107D45CCFDB266E91D84B52CD7F430 -- C:\WINDOWS\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP3QFE\services.exe
[2009.02.09 11:11:38 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=4F9F7B567970B524F31D9970A23F7C24 -- C:\WINDOWS\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP2GDR\services.exe
[2009.02.09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009.02.09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP3GDR\services.exe
[2009.02.09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\system32\dllcache\services.exe
[2009.02.09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\system32\services.exe
[2008.04.14 07:52:46 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe

< MD5 for: SMSS.EXE >
[2008.04.14 07:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 07:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
[2004.08.04 00:56:58 | 000,152,576 | ---- | M] (Microsoft Corporation) MD5=DA5CF1C368B33D75602FD6B3A7F5E0C6 -- C:\cmdcons\SYSTEM32\SMSS.EXE

< MD5 for: SPOOLSV.EXE >
[2010.08.17 14:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010.08.17 14:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\SoftwareDistribution\Download\f6c525d95e98af6721a0244324b98925\sp3qfe\spoolsv.exe
[2010.08.17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\ERDNT\cache\spoolsv.exe
[2010.08.17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\SoftwareDistribution\Download\f6c525d95e98af6721a0244324b98925\sp3gdr\spoolsv.exe
[2010.08.17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010.08.17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2008.04.14 07:52:50 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=CB1090BCA0E7B40D0B5B4E4D66531809 -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: SYMMPI.SYS >
[2006.01.27 09:26:58 | 000,093,056 | ---- | M] (LSI Logic) MD5=164FCA8F1489278A6D5A41F8CF99D295 -- C:\WINDOWS\DriverPacks\M\L4\SYMMPI.sys
[2007.02.10 00:05:00 | 000,104,496 | ---- | M] (LSI Logic) MD5=4CCED1D8EC90FC7008EA8C742F1278F2 -- C:\WINDOWS\DriverPacks\M\D2\SYMMPI.SYS
[2007.02.10 00:06:00 | 000,100,096 | ---- | M] (LSI Logic) MD5=A42F863305943869BA00A613C8EE8C7E -- C:\WINDOWS\DriverPacks\M\D1\symmpi.sys

< MD5 for: TCPIP.SYS >
[2008.04.13 23:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB2509553$\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\SoftwareDistribution\Download\fe608cd8d2b8f77abaee7a69a696bcf7\sp3gdr\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\SoftwareDistribution\Download\fe608cd8d2b8f77abaee7a69a696bcf7\sp3qfe\tcpip.sys

< MD5 for: USER32.DLL >
[2008.04.14 07:52:06 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=E16E0990967374E76F3E40CACAFD3D53 -- C:\WINDOWS\ERDNT\cache\user32.dll
[2008.04.14 07:52:06 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=E16E0990967374E76F3E40CACAFD3D53 -- C:\WINDOWS\system32\dllcache\user32.dll
[2008.04.14 07:52:06 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=E16E0990967374E76F3E40CACAFD3D53 -- C:\WINDOWS\system32\user32.dll

< MD5 for: USERINIT.EXE >
[2008.04.14 07:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 07:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 07:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VIAMRAID.SYS >
[2008.01.22 19:02:24 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=3A82A61E312ADDB3BE8F1FE3481842B1 -- C:\WINDOWS\DriverPacks\M\V\viamraid.sys

< MD5 for: VIPRT.SYS >
[2008.04.03 20:42:34 | 000,053,248 | ---- | M] (VIA Technologies, Inc.) MD5=682D704CA5B1FEDE6C4BEF0E2188745C -- C:\WINDOWS\DriverPacks\M\V4\VIPRT.SYS

< MD5 for: WIN32K.SYS >
[2012.04.11 14:51:55 | 001,871,360 | ---- | M] (Microsoft Corporation) MD5=0681A76F05AB800360DBBAB8CD2F8444 -- C:\WINDOWS\$hf_mig$\KB2676562\SP3QFE\win32k.sys
[2012.04.11 14:51:55 | 001,871,360 | ---- | M] (Microsoft Corporation) MD5=0681A76F05AB800360DBBAB8CD2F8444 -- C:\WINDOWS\SoftwareDistribution\Download\491cb576c5065ef182ff20f18654e8f4\sp3qfe\win32k.sys
[2008.04.14 06:45:36 | 001,845,632 | ---- | M] (Microsoft Corporation) MD5=16AA352EC7D8E6D9DE50265BF0F9E016 -- C:\WINDOWS\$NtUninstallKB2676562$\win32k.sys
[2012.11.13 12:55:10 | 001,866,368 | ---- | M] (Microsoft Corporation) MD5=32FD45D6C42F15B888BA9E4840B26BE6 -- C:\WINDOWS\SoftwareDistribution\Download\76ee41d52e9d05b11ee907012337e49d\sp3gdr\win32k.sys
[2012.11.13 12:55:10 | 001,866,368 | ---- | M] (Microsoft Corporation) MD5=32FD45D6C42F15B888BA9E4840B26BE6 -- C:\WINDOWS\system32\dllcache\win32k.sys
[2012.11.13 12:55:10 | 001,866,368 | ---- | M] (Microsoft Corporation) MD5=32FD45D6C42F15B888BA9E4840B26BE6 -- C:\WINDOWS\system32\win32k.sys
[2012.11.13 12:56:25 | 001,875,456 | ---- | M] (Microsoft Corporation) MD5=755B5172821684A6FE41461599783A5B -- C:\WINDOWS\$hf_mig$\KB2779030\SP3QFE\win32k.sys
[2012.11.13 12:56:25 | 001,875,456 | ---- | M] (Microsoft Corporation) MD5=755B5172821684A6FE41461599783A5B -- C:\WINDOWS\SoftwareDistribution\Download\76ee41d52e9d05b11ee907012337e49d\sp3qfe\win32k.sys
[2012.04.11 14:55:17 | 001,862,272 | ---- | M] (Microsoft Corporation) MD5=DF47E6DE09590695502B96797845259C -- C:\WINDOWS\$NtUninstallKB2779030$\win32k.sys
[2012.04.11 14:55:17 | 001,862,272 | ---- | M] (Microsoft Corporation) MD5=DF47E6DE09590695502B96797845259C -- C:\WINDOWS\SoftwareDistribution\Download\491cb576c5065ef182ff20f18654e8f4\sp3gdr\win32k.sys

< MD5 for: WINLOGON.EXE >
[2008.04.14 07:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 07:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 07:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINSRV.DLL >
[2011.04.26 12:02:48 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=169D34A85EC9E415C4C3A03AA62A34B6 -- C:\WINDOWS\$hf_mig$\KB2507938\SP3QFE\winsrv.dll
[2011.04.26 12:02:48 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=169D34A85EC9E415C4C3A03AA62A34B6 -- C:\WINDOWS\SoftwareDistribution\Download\2e4e2d830d34a8f10fe9a29038f2b2b8\sp3qfe\winsrv.dll
[2011.04.26 12:07:50 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=43B8BD54F87BFFFE5C560B2965E13C26 -- C:\WINDOWS\$NtUninstallKB2646524$\winsrv.dll
[2011.04.26 12:07:50 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=43B8BD54F87BFFFE5C560B2965E13C26 -- C:\WINDOWS\SoftwareDistribution\Download\2e4e2d830d34a8f10fe9a29038f2b2b8\sp3gdr\winsrv.dll
[2011.11.25 22:56:35 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=4FC123A5B7D8F5A9511CFF7B98F9596B -- C:\WINDOWS\$hf_mig$\KB2646524\SP3QFE\winsrv.dll
[2011.11.25 22:56:35 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=4FC123A5B7D8F5A9511CFF7B98F9596B -- C:\WINDOWS\SoftwareDistribution\Download\907dc433378484ac04c266d3427c68e1\sp3qfe\winsrv.dll
[2008.04.14 07:52:06 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=77A41C497ADB0C96D1E8DF6F71D843C0 -- C:\WINDOWS\$NtUninstallKB2507938$\winsrv.dll
[2011.11.25 22:57:27 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=F3FA14A297BC687D0B51289D034033C9 -- C:\WINDOWS\SoftwareDistribution\Download\907dc433378484ac04c266d3427c68e1\sp3gdr\winsrv.dll
[2011.11.25 22:57:27 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=F3FA14A297BC687D0B51289D034033C9 -- C:\WINDOWS\system32\dllcache\winsrv.dll
[2011.11.25 22:57:27 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=F3FA14A297BC687D0B51289D034033C9 -- C:\WINDOWS\system32\winsrv.dll

< MD5 for: WS2_32.DLL >
[2008.04.14 07:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 07:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 07:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< MD5 for: WSCRIPT.EXE >
[2008.04.14 07:52:56 | 000,155,648 | ---- | M] (Microsoft Corporation) MD5=279C5962E62940A62C7DC4EEA707CD5D -- C:\WINDOWS\$NtUninstallKB951978$\wscript.exe
[2008.05.08 12:24:44 | 000,155,648 | ---- | M] (Microsoft Corporation) MD5=CEA8F7E45B7B098F5FB085BB6A6A4432 -- C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wscript.exe
[2008.05.08 12:24:44 | 000,155,648 | ---- | M] (Microsoft Corporation) MD5=CEA8F7E45B7B098F5FB085BB6A6A4432 -- C:\WINDOWS\SoftwareDistribution\Download\e1aa6fbca7e86b0284ae501d942ee678\sp3gdr\wscript.exe
[2008.05.08 12:24:44 | 000,155,648 | ---- | M] (Microsoft Corporation) MD5=CEA8F7E45B7B098F5FB085BB6A6A4432 -- C:\WINDOWS\SoftwareDistribution\Download\e1aa6fbca7e86b0284ae501d942ee678\sp3qfe\wscript.exe
[2008.05.08 12:24:44 | 000,155,648 | ---- | M] (Microsoft Corporation) MD5=CEA8F7E45B7B098F5FB085BB6A6A4432 -- C:\WINDOWS\system32\dllcache\wscript.exe
[2008.05.08 12:24:44 | 000,155,648 | ---- | M] (Microsoft Corporation) MD5=CEA8F7E45B7B098F5FB085BB6A6A4432 -- C:\WINDOWS\system32\wscript.exe

< >

< >

< %systemroot%\system32\drivers\*.sys /10 >
[2013.01.01 22:56:04 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys

< %systemroot%\system32\drivers\*.sys /X >
[2001.10.25 13:00:00 | 003,440,660 | ---- | M] () -- C:\WINDOWS\system32\drivers\gm.dls
[2001.10.25 13:00:00 | 000,000,646 | ---- | M] () -- C:\WINDOWS\system32\drivers\gmreadme.txt
[2013.01.10 17:59:47 | 001,474,832 | ---- | M] () -- C:\WINDOWS\system32\drivers\sfi.dat

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.* /10 >
[2013.01.01 21:03:31 | 000,000,866 | ---- | M] () -- C:\WINDOWS\system32\$winnt$.inf
[2013.01.01 21:01:13 | 000,016,832 | ---- | M] () -- C:\WINDOWS\system32\amcompat.tlb
[2013.01.01 21:00:01 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\system32\cdplayer.exe.manifest
[2013.01.01 21:01:21 | 000,002,504 | ---- | M] () -- C:\WINDOWS\system32\CONFIG.NT
[2013.01.02 16:48:10 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\deployJava1.dll
[2013.01.01 20:57:41 | 000,021,812 | ---- | M] () -- C:\WINDOWS\system32\emptyregdb.dat
[2013.01.09 15:52:31 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\FlashPlayerApp.exe
[2013.01.09 15:52:31 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
[2013.01.03 19:55:18 | 000,139,648 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2013.01.01 21:54:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system32\h323log.txt
[2013.01.02 16:48:10 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
[2013.01.02 16:48:10 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javacpl.cpl
[2013.01.02 16:48:10 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javaw.exe
[2013.01.02 16:48:10 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javaws.exe
[2013.01.02 12:51:43 | 000,004,027 | ---- | M] () -- C:\WINDOWS\system32\jupdate-1.6.0_01-b06.log
[2013.01.01 21:00:05 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\system32\logonui.exe.manifest
[2013.01.09 01:52:10 | 065,273,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MRT.exe
[2013.01.01 21:00:01 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\system32\ncpa.cpl.manifest
[2013.01.02 16:48:10 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\npdeployJava1.dll
[2013.01.01 21:01:13 | 000,023,392 | ---- | M] () -- C:\WINDOWS\system32\nscompat.tlb
[2013.01.01 21:00:01 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\system32\nwc.cpl.manifest
[2013.01.10 16:30:53 | 000,046,156 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2013.01.10 16:30:53 | 000,040,128 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2013.01.10 16:30:53 | 000,309,832 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2013.01.10 16:30:53 | 000,311,740 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2013.01.10 16:30:53 | 000,714,754 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2013.01.01 21:35:42 | 000,004,444 | ---- | M] () -- C:\WINDOWS\system32\pid.PNF
[2013.01.01 21:00:01 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\system32\sapi.cpl.manifest
[2013.01.01 21:00:05 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\system32\WindowsLogon.manifest
[2013.01.10 17:50:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[2013.01.01 21:00:01 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\system32\wuaucpl.cpl.manifest
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.* /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\config\*.sav >
[2013.01.01 21:15:45 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2013.01.01 21:15:45 | 001,093,632 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2013.01.01 21:15:45 | 000,495,616 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< >

< >

< >

< %systemroot%\Tasks\*.job >
[2013.01.10 17:50:19 | 000,000,914 | ---- | M] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

< %systemroot%\*.* /U /s >
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[9 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\Installer\{FD8E178D-8B4E-42DA-B434-EFF270329B1C}\*.tmp files -> C:\WINDOWS\Installer\{FD8E178D-8B4E-42DA-B434-EFF270329B1C}\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\*. /rp /s >

< %ALLUSERSPROFILE%\Data Aplikací\*.* >
[2013.01.01 21:35:01 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\desktop.ini

< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >

< %ALLUSERSPROFILE%\Nabídka Start\*.lnk /x >
[2013.01.01 21:01:26 | 000,000,315 | -HS- | M] () -- C:\Documents and Settings\All Users\Nabídka Start\desktop.ini

< %ALLUSERSPROFILE%\Data Aplikácií\*.* >

< %ALLUSERSPROFILE%\Data Aplikácií\*.exe /s >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %APPDATA%\*. >
[2013.01.02 12:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozifek\Data aplikací\Adobe
[2013.01.04 15:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozifek\Data aplikací\COWON
[2013.01.02 21:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozifek\Data aplikací\DAEMON Tools Lite
[2013.01.01 22:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozifek\Data aplikací\DDMSettings
[2013.01.01 21:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozifek\Data aplikací\Identities
[2013.01.01 21:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozifek\Data aplikací\Macromedia
[2013.01.03 19:53:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Jozifek\Data aplikací\Microsoft
[2013.01.01 21:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozifek\Data aplikací\Mozilla
[2013.01.02 21:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozifek\Data aplikací\Quake3
[2013.01.02 12:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozifek\Data aplikací\Sun
[2013.01.02 09:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozifek\Data aplikací\WinRAR

< %APPDATA%\*.* >
[2013.01.01 21:35:01 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Jozifek\Data aplikací\desktop.ini

< %APPDATA%\*.exe /s >

< %SYSTEMDRIVE%\*.exe >

< >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"DAEMON Tools Lite" = "C:\PROGRA~1\DAEMON~1\DTLite.exe" -autorun -- [2012.11.06 11:46:46 | 003,673,728 | ---- | M] (DT Soft Ltd)

< End of report >

[Skaler.x.]

OTL Extras logfile created on: 10. 1. 2013 17:53:13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Jozifek\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovensko | Language: SKY | Date Format: d. M. yyyy

1,49 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,71% Memory free
4,35 Gb Paging File | 3,92 Gb Available in Paging File | 90,31% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 130,89 Gb Free Space | 87,82% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 4,22 Gb Free Space | 1,41% Space Free | Partition Type: NTFS

Computer Name: EMIL | User Name: Jozifek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- C:\WINDOWS\svchost.com "%1" %*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- C:\WINDOWS\svchost.com "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\EA GAMES\Need for Speed Underground 2\speed2.exe" = C:\Program Files\EA GAMES\Need for Speed Underground 2\speed2.exe:*:Enabled:speed2 -- ()
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\ioQuake3&TA\ioquake3.x86-TA.exe" = C:\Program Files\ioQuake3&TA\ioquake3.x86-TA.exe:*:Enabled:ioquake3.x86-TA -- ()
"C:\Program Files\ioQuake3&TA\ioquake3.x86.exe" = C:\Program Files\ioQuake3&TA\ioquake3.x86.exe:*:Enabled:ioquake3.x86 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055A1919-3BBA-4BD5-8B3C-3851879AC185}" = Morrowind
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{26A24AE4-039D-4CA4-87B4-2F83216038FF}" = Java(TM) 6 Update 38
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{605333A6-963F-480C-A358-1301CAA6CFF6}" = TES Construction Set
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{90120000-0010-041B-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Slovak) 12
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2007
"{90120000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2007
"{90120000-001A-041B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovak) 2007
"{90120000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2007
"{90120000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2007
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{AC76BA86-7AD7-1051-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Slovak
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic VX
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"DAEMON Tools Lite" = DAEMON Tools Lite
"ie8" = Windows Internet Explorer 8
"jetAudio 8.0.x Czech Language Pack" = jetAudio 8.0.x Czech Language Pack
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.6.5
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox 17.0.1 (x86 sk)" = Mozilla Firefox 17.0.1 (x86 sk)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Quake III Arena & datadisk Quake III Team Arena (ioquake3 1.36 engine)" = Quake III Arena & datadisk Quake III Team Arena (ioquake3 1.36 engine)
"Shutter_is1" = Shutter
"STANDARD" = Microsoft Office Standard 2007
"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1. 1. 2013 16:47:11 | Computer Name = EMIL | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 7.0.5730.13, chybující modul
mshtml.dll, verze 7.0.5730.13, adresa chyby 0x0007d82c.

Error - 2. 1. 2013 18:02:05 | Computer Name = EMIL | Source = Application Error | ID = 1000
Description = Chybující aplikace egui.exe, verze 6.0.115.0, chybující modul msvcr80.dll,
verze 8.0.50727.6195, adresa chyby 0x000149d1.

Error - 7. 1. 2013 14:47:51 | Computer Name = EMIL | Source = EventSystem | ID = 4609
Description = Systém událostí modelu COM+ zjistil při vnitřním zpracovávání chybný
návratový kód. Hodnota HRESULT byla 800706BF z řádku 44 v d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.Obraťte
se na služby odborné pomoci společnosti Microsoft a informujte je o této chyb

[ System Events ]
Error - 7. 1. 2013 16:57:35 | Computer Name = EMIL | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7. 1. 2013 18:15:31 | Computer Name = EMIL | Source = BROWSER | ID = 8032
Description = Službě Browser se při přenosu \Device\NetBT_Tcpip_{3280F7A5-9CE6-48E7-8101-0E84588193D6}
příliš často nezdařilo načíst záložní seznam. Záložní prohledávač bude ukončen.

Error - 7. 1. 2013 18:19:51 | Computer Name = EMIL | Source = BROWSER | ID = 8032
Description = Službě Browser se při přenosu \Device\NetBT_Tcpip_{8269F3EA-0360-4919-B475-5E07A2F2717E}
příliš často nezdařilo načíst záložní seznam. Záložní prohledávač bude ukončen.

Error - 8. 1. 2013 17:09:29 | Computer Name = EMIL | Source = MRxSmb | ID = 8003
Description = Hlavní prohledávač přijal oznámení serveru od počítače IGOR, který
se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{3280F7A5-9CE6-48E7-8101.
Hlavní
prohledávač bude ukončen nebo bude vyvolána volba.

Error - 9. 1. 2013 12:28:47 | Computer Name = EMIL | Source = MRxSmb | ID = 8003
Description = Hlavní prohledávač přijal oznámení serveru od počítače IGOR, který
se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{3280F7A5-9CE6-48E7-8101.
Hlavní
prohledávač bude ukončen nebo bude vyvolána volba.

Error - 9. 1. 2013 17:51:15 | Computer Name = EMIL | Source = MRxSmb | ID = 8003
Description = Hlavní prohledávač přijal oznámení serveru od počítače IGOR, který
se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{3280F7A5-9CE6-48E7-8101.
Hlavní
prohledávač bude ukončen nebo bude vyvolána volba.

Error - 10. 1. 2013 11:04:15 | Computer Name = EMIL | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10. 1. 2013 11:05:10 | Computer Name = EMIL | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: cmdGuard Fips intelppm

Error - 10. 1. 2013 11:24:38 | Computer Name = EMIL | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10. 1. 2013 11:29:30 | Computer Name = EMIL | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

[Skaler.x.]

Vdaka, vyzera ze pomohlo.Av nasiel niake hrozby aj v bode obnovy, tak som vypol vytvaranie.Nasiel som o tom vire cosi http://www.viruskasino.com/2011/05/win32neshta.html
Odporucas nieco z toho navodu, ci tvoj skript je dostacujuci?
Idem sa pustit do zmeny hesiel.

[Skaler.x.]

Vraciam spat.Pri spusteny aplikacie ktora mi doteraz sla vzdy korektne, vyhodilo chybu, a hned nato antivir opat zdetekoval svchost.com.

[Skaler.x.]

V priecinku aplikacie som nasiel aplikaciu, ktorej cas zmeny sa zhodoval cca s casom kedy mi napadlo pc.
Scan cez virus total pozitivny
https://www.virustotal.com/file/fd457ac ... 357850139/

Ak sa takto virus nakopiroval do viacerych aplikacii, ma vobec zmysel ho stale rucne mazat?Ci bude opat rozumnejsi reinstal?