VIRY.CZ

Zdravim.
natahl se me do PC falešnej antivir,hned jak se zapne PC začne skenovat,nejdou pustit jine aplikace
log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by XXXX at 2013-07-07 20:00:15
Microsoft Windows 7 Ultimate
System drive C: has 25 GB (21%) free of 120 GB
Total RAM: 2557 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:00:17, on 7.7.2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Users\XXXX\AppData\Roaming\tdefender.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files\trend micro\XXXX.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [Onoxb] C:\Users\XXXX\AppData\Roaming\Byehl\regy.exe
O4 - HKCU\..\Run: [Internet Security] C:\Users\XXXX\AppData\Roaming\tdefender.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1367775511-2981498823-283862049-1003\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User 'petr')
O4 - Startup: ctfmon.lnk = C:\ProgramData\lsass.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8023 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe"
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe"
"C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-08f5aedc-d262-412a-b937-b873bf9dc1dd -SystemEventPortName:HostProcess-f5552137-dc85-44bc-ba5d-0a359606d065 -IoCancelEventPortName:HostProcess-301671d2-c40b-44fd-ba1a-a96325159d54 -NonStateChangingEventPortName:HostProcess-0df58e45-4682-4d71-889e-a10744d12bdb -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:a21e6704-fe52-4786-947e-33c5fb910de5
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
"C:\Windows\Samsung\PanelMgr\SSMMgr.exe" /autorun
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
C:\Windows\Samsung\PanelMgr\caller64.exe Samsung PanelMgr
"C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
atieclxx
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Users\XXXX\AppData\Roaming\tdefender.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3592 CREDAT:203009
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3592 CREDAT:203010
taskmgr.exe /3
"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /UPDATERESULTS:""
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-1367775511-2981498823-283862049-100314_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-1367775511-2981498823-283862049-100314 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Windows\system32\SearchFilterHost.exe" 0 504 508 516 65536 512
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\petr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YPZEV529\RSITx64.exe"

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-08-02 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-07-28 11101800]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2012-12-20 310280]
"KiesPDLR"=C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2012-12-20 844296]
"KiesPreload"=C:\Program Files (x86)\Samsung\Kies\Kies.exe [2012-12-20 1476104]
""=C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2012-12-20 844296]
"KiesAirMessage"=C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup []
"Onoxb"=C:\Users\XXXX\AppData\Roaming\Byehl\regy.exe []
"Internet Security"=C:\Users\XXXX\AppData\Roaming\tdefender.exe [2013-07-07 854528]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BCU"=C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [2009-08-04 346320]
"Samsung PanelMgr"=C:\Windows\Samsung\PanelMgr\SSMMgr.exe [2009-08-15 614400]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-08-25 98304]
"ATICustomerCare"=C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [2010-03-04 311296]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-03-27 37296]
"KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2012-12-20 310280]
"Nikon Message Center 2"=C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [2011-10-30 571392]

C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ctfmon.lnk - C:\ProgramData\lsass.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
""=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.ACDV"=ACDV.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-07-07 19:10:06 ----D---- C:\Program Files\GridinSoft Trojan Killer
2013-07-07 17:35:32 ----A---- C:\Users\XXXX\AppData\Roaming\tdefender.exe

======List of files/folders modified in the last 1 month======

2013-07-07 20:00:17 ----D---- C:\Program Files\trend micro
2013-07-07 20:00:16 ----D---- C:\Windows\Temp
2013-07-07 19:35:49 ----D---- C:\Program Files\SUPERAntiSpyware
2013-07-07 19:10:18 ----RD---- C:\Program Files (x86)
2013-07-07 19:10:11 ----D---- C:\Windows\system32\drivers
2013-07-07 19:10:06 ----RD---- C:\Program Files
2013-07-07 18:37:01 ----D---- C:\Windows\Prefetch
2013-07-07 18:18:45 ----D---- C:\Windows\system32\config
2013-07-07 18:07:21 ----SHD---- C:\System Volume Information
2013-07-07 17:46:44 ----D---- C:\Windows\System32
2013-07-07 17:46:44 ----D---- C:\Windows\inf
2013-07-07 17:46:44 ----A---- C:\Windows\system32\PerfStringBackup.TMP
2013-07-01 22:49:03 ----D---- C:\Users\XXXX\AppData\Roaming\AIMP
2013-06-23 07:42:34 ----D---- C:\Windows\system32\catroot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-06-01 834544]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [2009-06-09 53816]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2008-01-10 11576]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-08-26 7767040]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-08-26 279040]
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2013-07-07 25640]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-07-28 2445672]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-07-30 236544]
R3 skfiltv;skfiltv; C:\Windows\system32\drivers\skfiltv.sys [2008-08-14 24064]
R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver; C:\Windows\system32\DRIVERS\gtkdrv.sys [2012-10-03 16640]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
S3 a7mizy1m;a7mizy1m; C:\Windows\system32\drivers\a7mizy1m.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-08-26 7767040]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [2010-10-25 20552]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver pro systém Windows Vista; C:\Windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2009-07-17 201472]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys [2010-01-18 676864]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudserd.sys [2012-09-20 203104]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2010-10-25 16392]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-08-26 203264]
R2 BCUService;Browser Configuration Utility Service; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2010-01-27 286720]
R2 ES lite Service;ES lite Service for program management.; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2010-06-01 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2010-06-01 103736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-07-04 72704]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-07-29 79360]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]

Zdravim

Restartujte pc do nouzoveho rezimu s praci v siti.

Do nouzoveho rezimu se dostanete takto:
restartujte pc, mackejte klavesu F8 - pripadne jinou, zalezi na typu stroje - a zvolte moznost nouzovy rezim s praci v siti.
Kdyby to neslo, zde je jiny postup http://forum.viry.cz/viewtopic.php?f=46&t=7554

V nouzovem rezimu zkuste

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

Stale v nouzovem rezimu

Udelejte !!!kompletni!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

OTL 1 část
OTL logfile created on: 7.7.2013 20:33:41 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\petr\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,50 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 77,70% Memory free
4,99 Gb Paging File | 4,47 Gb Available in Paging File | 89,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 117,19 Gb Total Space | 24,63 Gb Free Space | 21,01% Space Free | Partition Type: NTFS
Drive D: | 348,47 Gb Total Space | 7,26 Gb Free Space | 2,08% Space Free | Partition Type: NTFS
Drive E: | 305,83 Gb Total Space | 1,63 Gb Free Space | 0,53% Space Free | Partition Type: NTFS
Drive F: | 159,82 Gb Total Space | 0,49 Gb Free Space | 0,31% Space Free | Partition Type: NTFS

Computer Name: XXXX-PC | User Name: XXXX | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.07.07 20:32:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\petr\Desktop\OTL.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - [2012.07.11 20:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010.08.26 03:57:14 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010.07.29 22:51:33 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.06.01 19:46:58 | 000,103,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010.06.01 19:46:47 | 000,066,872 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.27 16:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009.08.24 14:38:06 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2009.08.04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.10.03 09:04:30 | 000,016,640 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV:64bit: - [2012.09.20 06:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudserd.sys -- (ssudserd)
DRV:64bit: - [2012.09.20 06:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.09.20 06:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010.10.25 11:10:22 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010.10.25 11:03:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.08.26 05:37:26 | 007,767,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.08.26 05:37:26 | 007,767,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.08.26 03:20:56 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.06.01 19:34:33 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.01.18 08:10:37 | 000,676,864 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su)
DRV:64bit: - [2009.07.30 13:58:42 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.17 20:52:00 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.09 04:18:20 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
DRV:64bit: - [2009.04.28 03:03:42 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.04.28 03:03:42 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.04.03 06:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008.08.14 14:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv)
DRV:64bit: - [2008.01.10 19:34:52 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2013.07.07 17:39:48 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010.10.25 11:03:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.01.10 03:34:57 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\DGIVECP.SYS -- (DgiVecp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1367775511-2981498823-283862049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1367775511-2981498823-283862049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKU\S-1-5-21-1367775511-2981498823-283862049-1000\..\SearchScopes,DefaultScope = {EB5D1836-1D68-46ed-9119-8AB8CA94DEEA}
IE - HKU\S-1-5-21-1367775511-2981498823-283862049-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-1367775511-2981498823-283862049-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?clien ... A8E33C9BAB
IE - HKU\S-1-5-21-1367775511-2981498823-283862049-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.ph ... &ch_id=osd
IE - HKU\S-1-5-21-1367775511-2981498823-283862049-1000\..\SearchScopes\{A717487C-4CFD-4dc1-9E5D-72F5FF80CE3A}: "URL" = http://www.google.com/custom?client=pub ... earchTerms}
IE - HKU\S-1-5-21-1367775511-2981498823-283862049-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-1367775511-2981498823-283862049-1000\..\SearchScopes\{EB5D1836-1D68-46ed-9119-8AB8CA94DEEA}: "URL" = http://uk.search.yahoo.com/search?p={se ... &type=IEBD
IE - HKU\S-1-5-21-1367775511-2981498823-283862049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1367775511-2981498823-283862049-1003\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-1367775511-2981498823-283862049-1003\..\SearchScopes,DefaultScope = {DBAF68DA-F67C-4c36-9D15-F8EDB3CF5E2F}
IE - HKU\S-1-5-21-1367775511-2981498823-283862049-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-1367775511-2981498823-283862049-1003\..\SearchScopes\{53B4EC1C-3C44-4182-98F4-8C0E9127793B}: "URL" = http://www.google.com/custom?client=pub ... earchTerms}
IE - HKU\S-1-5-21-1367775511-2981498823-283862049-1003\..\SearchScopes\{DBAF68DA-F67C-4c36-9D15-F8EDB3CF5E2F}: "URL" = http://uk.search.yahoo.com/search?p={se ... &type=IEBD
IE - HKU\S-1-5-21-1367775511-2981498823-283862049-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

[2011.12.10 00:06:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - Extension: Docs = C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Disk Google = C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O3 - HKU\S-1-5-21-1367775511-2981498823-283862049-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1367775511-2981498823-283862049-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-1367775511-2981498823-283862049-1000..\Run: [Internet Security] C:\Users\XXXX\AppData\Roaming\tdefender.exe ()
O4 - HKU\S-1-5-21-1367775511-2981498823-283862049-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-1367775511-2981498823-283862049-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-1367775511-2981498823-283862049-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-1367775511-2981498823-283862049-1000..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-1367775511-2981498823-283862049-1000..\Run: [Onoxb] C:\Users\XXXX\AppData\Roaming\Byehl\regy.exe File not found
O4 - HKU\S-1-5-21-1367775511-2981498823-283862049-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: = 0
O7 - HKU\S-1-5-21-1367775511-2981498823-283862049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1367775511-2981498823-283862049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1367775511-2981498823-283862049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-1367775511-2981498823-283862049-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1367775511-2981498823-283862049-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1367775511-2981498823-283862049-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D9FC47E-350F-4759-A967-E322052C85B8}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7441E100-5E3F-4AA3-A851-FD9F2D3993CC}: DhcpNameServer = 10.0.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1367775511-2981498823-283862049-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.06.17 10:27:18 | 000,000,000 | ---D | M] - D:\Auto -- [ NTFS ]
O33 - MountPoints2\{3a26e60f-6da4-11df-b180-6cf04900e8d0}\Shell - "" = AutoRun
O33 - MountPoints2\{3a26e60f-6da4-11df-b180-6cf04900e8d0}\Shell\AutoRun\command - "" = H:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.ACDV - File not found
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2013.07.07 19:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2013.07.07 19:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012.10.16 07:16:29 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2010.12.20 09:05:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Users\XXXX\usbsermptxp.sys
[2010.12.20 09:05:43 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Users\XXXX\usbsermpt.sys
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.07.07 20:34:41 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.07.07 20:24:46 | 2011,291,648 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.07 20:20:10 | 000,000,384 | ---- | M] () -- C:\Windows\ODBC.INI
[2013.07.07 19:10:11 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2013.07.07 17:47:00 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.07 17:47:00 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.07 17:39:48 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2013.07.07 17:35:32 | 000,854,528 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\tdefender.exe
[2013.07.07 17:35:32 | 000,000,748 | ---- | M] () -- C:\Users\XXXX\Desktop\Internet Security Pro.lnk
[2013.07.07 08:58:01 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2013.06.09 10:44:36 | 000,343,983 | ---- | M] () -- C:\Users\XXXX\Desktop\1782344_.jpg
[2013.06.09 09:34:48 | 000,246,206 | ---- | M] () -- C:\Users\XXXX\Desktop\1531503_.jpg
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.07.07 19:10:11 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2013.07.07 17:35:32 | 000,854,528 | ---- | C] () -- C:\Users\XXXX\AppData\Roaming\tdefender.exe
[2013.07.07 17:35:32 | 000,000,748 | ---- | C] () -- C:\Users\XXXX\Desktop\Internet Security Pro.lnk
[2013.06.09 10:44:36 | 000,343,983 | ---- | C] () -- C:\Users\XXXX\Desktop\1782344_.jpg
[2013.06.09 09:34:47 | 000,246,206 | ---- | C] () -- C:\Users\XXXX\Desktop\1531503_.jpg
[2013.04.21 13:27:45 | 000,000,004 | ---- | C] () -- C:\Users\XXXX\AppData\Roaming\skype.ini
[2013.04.12 14:22:54 | 000,000,644 | RHS- | C] () -- C:\Users\XXXX\ntuser.pol
[2013.03.17 20:59:47 | 000,000,268 | RH-- | C] () -- C:\ProgramData\URLs
[2013.03.17 20:59:47 | 000,000,268 | RH-- | C] () -- C:\Users\XXXX\AppData\Roaming\Tremolo
[2013.03.17 20:59:47 | 000,000,012 | RH-- | C] () -- C:\ProgramData\deskjet
[2013.03.17 20:59:06 | 000,000,268 | RH-- | C] () -- C:\ProgramData\User Loops
[2013.03.17 20:59:06 | 000,000,268 | RH-- | C] () -- C:\Users\XXXX\AppData\Roaming\Tribal Masks
[2013.03.17 20:59:06 | 000,000,012 | RH-- | C] () -- C:\ProgramData\filter
[2013.03.17 20:59:05 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Tuner
[2013.03.17 20:44:30 | 000,000,012 | RH-- | C] () -- C:\ProgramData\business-inkjet
[2013.03.17 20:43:35 | 000,000,000 | ---- | C] () -- C:\ProgramData\Transportation
[2013.03.17 20:05:40 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2013.03.17 20:04:55 | 000,000,268 | RH-- | C] () -- C:\Users\XXXX\AppData\Roaming\Treble Reduction
[2013.03.17 20:04:55 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2013.03.17 20:04:55 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2013.03.17 20:04:25 | 000,000,268 | RH-- | C] () -- C:\Users\XXXX\AppData\Roaming\Woodwind
[2013.03.17 20:04:25 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLeo.DAT
[2012.10.16 07:16:30 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2010.12.20 09:14:01 | 000,009,232 | ---- | C] () -- C:\Users\XXXX\1292829241-oem51.inf
[2010.12.20 09:14:01 | 000,006,947 | ---- | C] () -- C:\Users\XXXX\1292829241-oem47.inf
[2010.12.20 09:12:06 | 000,009,232 | ---- | C] () -- C:\Users\XXXX\1292829126-oem51.inf
[2010.12.20 09:12:06 | 000,006,947 | ---- | C] () -- C:\Users\XXXX\1292829126-oem47.inf
[2010.12.20 09:12:06 | 000,006,009 | ---- | C] () -- C:\Users\XXXX\1292829126-oem49.inf
[2010.12.20 09:12:06 | 000,005,877 | ---- | C] () -- C:\Users\XXXX\1292829126-oem48.inf
[2010.12.20 09:12:06 | 000,005,813 | ---- | C] () -- C:\Users\XXXX\1292829126-oem50.inf
[2010.12.20 09:05:43 | 000,009,232 | ---- | C] () -- C:\Users\XXXX\USB_MOT_BRIT.INF
[2010.12.20 09:05:43 | 000,006,947 | ---- | C] () -- C:\Users\XXXX\USBMOT2000.INF
[2010.12.20 09:05:43 | 000,006,009 | ---- | C] () -- C:\Users\XXXX\USBMOT2000XP.INF
[2010.12.20 09:05:43 | 000,005,877 | ---- | C] () -- C:\Users\XXXX\USB_CMCS_2000.INF
[2010.12.20 09:05:43 | 000,005,813 | ---- | C] () -- C:\Users\XXXX\USB_MOT_A1000.INF
[2010.10.29 14:58:02 | 000,007,257 | ---- | C] () -- C:\Users\XXXX\AppData\Local\SRDownloader.err
[2010.10.28 17:13:12 | 000,002,688 | ---- | C] () -- C:\Users\XXXX\AppData\Local\SRDownloader.nast
[2010.08.08 08:56:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.24 12:16:20 | 000,038,912 | ---- | C] () -- C:\Users\XXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.24 09:57:23 | 000,007,606 | ---- | C] () -- C:\Users\XXXX\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-1367775511-2981498823-283862049-1000\$3544b9f0659bc26061178dfe6b960372\n. -- File not found

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.01.04 11:59:19 | 014,164,480 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.01.04 11:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.04.21 13:31:49 | 000,000,000 | ---D | M] -- C:\Users\petr\AppData\Roaming\Opera
[2011.09.29 22:13:46 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\360Desktop
[2011.09.29 22:05:37 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\360Login
[2011.09.29 22:03:53 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\360Notify
[2011.09.29 22:12:12 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\360Safe
[2011.09.29 22:03:53 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\360se
[2010.05.24 12:05:40 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\ACD Systems
[2013.07.01 22:49:03 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\AIMP
[2012.06.16 09:03:33 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\AnvSoft
[2011.09.29 21:56:26 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Application Data
[2011.07.14 17:50:16 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\avidemux
[2010.06.01 19:17:54 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\DAEMON Tools
[2013.05.14 17:50:12 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\DAEMON Tools Lite
[2010.10.02 09:59:56 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\GetRightToGo
[2010.10.19 17:13:18 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\GHISLER
[2012.12.26 21:19:45 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\ICQ
[2013.05.02 15:45:46 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Irseiw
[2013.01.27 13:21:41 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Jpeg Resampler
[2010.06.10 17:37:40 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Kastner software
[2012.07.30 07:56:24 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Lite
[2012.06.01 14:36:26 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\MicroST
[2010.10.03 20:57:49 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\mkvtoolnix
[2011.01.19 23:59:03 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Mp3tag
[2013.03.17 21:00:55 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Nikon
[2013.01.18 08:31:39 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Opera
[2013.01.03 22:58:58 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Samsung
[2013.05.02 15:48:03 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Syduke
[2013.05.29 21:08:10 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Vuocyh

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,630 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

< >

< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\SysNative\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\SysNative\cryptsvc.dll
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

OTL 2část
< MD5 for: HAL.DLL >
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\SysNative\hal.dll
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll

< MD5 for: IASTORV.SYS >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\drivers\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
[2011.11.17 08:20:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2011.11.17 09:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=156F6159457D0AA7E59B62681B56EB90 -- C:\Windows\SysNative\lsass.exe
[2011.11.17 09:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=156F6159457D0AA7E59B62681B56EB90 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_028b374176436a30\lsass.exe
[2012.10.16 07:16:29 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=51138BEEA3E2C21EC44D0932C71762A8 -- C:\ProgramData\lsass.exe
[2012.10.16 07:16:29 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=51138BEEA3E2C21EC44D0932C71762A8 -- C:\Users\All Users\lsass.exe
[2011.11.17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[2011.11.17 08:42:52 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=D21BD47E528CD62E79311FB5DF0150E6 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_02bb2a0a8fa4d398\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\SysNative\drivers\ndis.sys
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysNative\drivers\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\SysNative\smss.exe
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2012.03.30 12:19:17 | 001,877,872 | ---- | M] (Microsoft Corporation) MD5=5EFD096DEF47F8B88EF591DA92143440 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
[2012.03.30 13:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\SysNative\drivers\tcpip.sys
[2012.03.30 13:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
[2012.03.30 12:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2009.07.14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2012.03.30 13:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\SysNative\ws2_32.dll
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[4 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[3 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.09.29 22:13:46 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\360Desktop
[2011.09.29 22:05:37 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\360Login
[2011.09.29 22:03:53 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\360Notify
[2011.09.29 22:12:12 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\360Safe
[2011.09.29 22:03:53 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\360se
[2010.05.24 12:05:40 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\ACD Systems
[2013.01.24 16:20:15 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Adobe
[2010.06.03 20:25:49 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Ahead
[2013.07.01 22:49:03 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\AIMP
[2012.06.16 09:03:33 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\AnvSoft
[2011.09.29 21:56:26 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Application Data
[2010.05.23 18:01:10 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\ATI
[2011.07.14 17:50:16 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\avidemux
[2010.06.01 19:17:54 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\DAEMON Tools
[2013.05.14 17:50:12 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\DAEMON Tools Lite
[2010.10.02 09:59:56 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\GetRightToGo
[2010.10.19 17:13:18 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\GHISLER
[2010.10.01 16:11:39 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\GRETECH
[2012.12.26 21:19:45 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\ICQ
[2010.05.23 17:53:10 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Identities
[2013.05.02 15:45:46 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Irseiw
[2013.01.27 13:21:41 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Jpeg Resampler
[2010.06.10 17:37:40 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Kastner software
[2012.07.30 07:56:24 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Lite
[2010.05.23 19:04:58 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Macromedia
[2009.07.14 17:36:38 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Media Center Programs
[2013.05.02 15:46:02 | 000,000,000 | --SD | M] -- C:\Users\XXXX\AppData\Roaming\Microsoft
[2012.06.01 14:36:26 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\MicroST
[2010.10.03 20:57:49 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\mkvtoolnix
[2011.12.10 00:06:25 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Mozilla
[2011.01.19 23:59:03 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Mp3tag
[2013.03.17 21:00:55 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Nikon
[2013.01.18 08:31:39 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Opera
[2013.01.03 22:58:58 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Samsung
[2013.04.11 20:24:32 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Skype
[2013.04.11 20:23:30 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\skypePM
[2012.10.16 11:12:05 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\SUPERAntiSpyware.com
[2013.05.02 15:48:03 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Syduke
[2012.06.06 06:37:16 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\vlc
[2013.05.29 21:08:10 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Vuocyh
[2010.05.24 07:18:18 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2013.07.07 17:35:32 | 000,854,528 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\tdefender.exe
[2011.08.05 12:13:24 | 004,216,664 | ---- | M] (360.cn) -- C:\Users\XXXX\AppData\Roaming\360Notify\Bin\360seNotify.exe
[2007.03.22 12:46:40 | 000,126,976 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\GRETECH\GomPlayer\GrLauncher.exe
[2012.11.19 19:17:35 | 003,584,000 | ---- | M] (Gretech Corporation) -- C:\Users\XXXX\AppData\Roaming\GRETECH\GomPlayer\GrLauncherTempSetup.exe
[2009.12.17 11:46:22 | 024,701,952 | ---- | M] (KASTNER software s.r.o.) -- C:\Users\XXXX\AppData\Roaming\Kastner software\Form Studio\Backup\Prgs\FORMasistent.exe
[2009.12.17 11:44:14 | 033,053,696 | ---- | M] (KASTNER software s.r.o.) -- C:\Users\XXXX\AppData\Roaming\Kastner software\Form Studio\Backup\Prgs\FORMstudio.exe
[2009.12.16 14:06:30 | 003,479,040 | ---- | M] (KASTNER software s.r.o.) -- C:\Users\XXXX\AppData\Roaming\Kastner software\Form Studio\Backup\Prgs\FSUpdate.exe
[2010.06.06 15:31:55 | 001,188,437 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Kastner software\Form Studio\Backup\Prgs\unins000.exe
[2009.11.06 10:17:52 | 003,965,440 | ---- | M] (Kastner software s.r.o.) -- C:\Users\XXXX\AppData\Roaming\Kastner software\Form Studio\Backup\Prgs\Upgrade.exe
[2013.03.17 20:06:11 | 000,061,440 | R--- | M] (Acresso Software Inc.) -- C:\Users\XXXX\AppData\Roaming\Microsoft\Installer\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}\ARPPRODUCTICON.exe
[2011.06.28 07:32:22 | 081,122,288 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"KiesTrayAgent" = C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe -- [2012.12.20 19:44:28 | 000,310,280 | ---- | M] (Samsung Electronics Co., Ltd.)
"KiesPDLR" = C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe -- [2012.12.20 19:44:32 | 000,844,296 | ---- | M] (Samsung)
"KiesPreload" = C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload -- [2012.12.20 19:44:26 | 001,476,104 | ---- | M] (Samsung)
"" = C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe -- [2012.12.20 19:44:32 | 000,844,296 | ---- | M] (Samsung)
"KiesAirMessage" = C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
"Onoxb" = C:\Users\XXXX\AppData\Roaming\Byehl\regy.exe
"Internet Security" = C:\Users\XXXX\AppData\Roaming\tdefender.exe -- [2013.07.07 17:35:32 | 000,854,528 | ---- | M] ()
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled]
"ICQ" = "C:\Program Files (x86)\ICQ7.1\ICQ.exe" silent loginmode=4 -- [2011.01.05 10:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.)
"Skype" = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized -- [2010.05.13 16:12:40 | 026,192,168 | R--- | M] (Skype Technologies S.A.)
"Steam" = "C:\Program Files (x86)\Steam\Steam.exe" -silent

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013.07.07 20:34:41 | 000,000,512 | ---- | M] () MD5=8F928919448FAF9F25EBC3DEE5A57AC9 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2011.01.20 23:48:02 | 000,004,328 | ---- | M] () -- \Program Files (x86)\JDownloader\jd\plugins\hoster\CrackedCom.class
[2010.11.28 19:57:19 | 000,017,542 | ---- | M] () -- \Users\XXXX\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fimagecrack.com%2Ffavicon.ico
[2010.11.28 19:57:19 | 000,000,078 | ---- | M] () -- \Users\XXXX\AppData\Local\Opera\Opera\icons\imagecrack.com.idx

< *keygen* /s >

< *AntiWPA* /s >

< *loader* /s >
[2010.04.09 14:22:12 | 001,612,256 | ---- | M] () -- \Program Files (x86)\ACD Systems\ACDSee\12.0\PlugIns\CX_Ftpuploader.apl
[2009.02.06 12:09:18 | 000,042,739 | ---- | M] () -- \Program Files (x86)\ACD Systems\ACDSee\12.0\PlugIns\CX_Ftpuploader.chm
[2007.06.27 19:03:00 | 000,177,448 | ---- | M] () -- \Program Files (x86)\Common Files\Ahead\Lib\NeGuideStoreLoader.dll
[2006.02.17 22:28:05 | 000,169,384 | ---- | M] () -- \Program Files (x86)\Counter-Strike 1.6\cstrike\models\qloader.mdl
[2006.02.17 21:56:18 | 000,352,548 | ---- | M] () -- \Program Files (x86)\Counter-Strike 1.6\valve\models\loader.mdl
[2006.02.17 21:56:25 | 000,012,764 | ---- | M] () -- \Program Files (x86)\Counter-Strike 1.6\valve\sound\ambience\loader_hydra1.wav
[2006.02.17 21:56:25 | 000,012,164 | ---- | M] () -- \Program Files (x86)\Counter-Strike 1.6\valve\sound\ambience\loader_step1.wav
[2010.05.24 13:19:36 | 000,005,795 | ---- | M] () -- \Program Files (x86)\ICQ7.1\imApp\theme\IMAGES\XtraPreloader\loader.jpg
[2010.05.24 13:19:36 | 000,005,520 | ---- | M] () -- \Program Files (x86)\ICQ7.1\imApp\theme\IMAGES\XtraPreloader\loader.swf
[2010.05.24 13:19:36 | 000,004,180 | ---- | M] () -- \Program Files (x86)\ICQ7.1\imApp\theme\IMAGES\XtraPreloader\zlango-preloader.png
[2010.05.24 13:19:36 | 000,005,520 | ---- | M] () -- \Program Files (x86)\ICQ7.1\imApp\theme\MUICoreLib\xtraLoader.swf
[2010.05.24 20:24:59 | 000,002,886 | ---- | M] () -- \Program Files (x86)\ICQ7.1\Xtraz\icq\content\babylon_feed\preloader01_b.swf
[2011.03.15 18:37:58 | 000,000,402 | ---- | M] () -- \Program Files (x86)\ICQ7.1\Xtraz\icq\content\icq_profile\preloader.html
[2011.01.18 10:38:16 | 000,000,402 | ---- | M] () -- \Program Files (x86)\ICQ7.1\Xtraz\icq\content\profile_forms\preloader.html
[2011.01.18 10:38:16 | 000,000,402 | ---- | M] () -- \Program Files (x86)\ICQ7.1\Xtraz\icq\content\profile_lightboxs\preloader.html
[2010.05.24 13:20:12 | 000,552,798 | ---- | M] () -- \Program Files (x86)\ICQ7.1\Xtraz\icq\theme\game_center\loaderBkg.png
[2009.10.26 22:52:34 | 000,214,528 | ---- | M] () -- \Program Files (x86)\JDownloader\JDownloader.exe
[2010.07.22 21:17:59 | 000,594,713 | ---- | M] () -- \Program Files (x86)\JDownloader\JDownloader.jar
[2010.10.11 18:47:38 | 000,000,100 | ---- | M] () -- \Program Files (x86)\JDownloader\jd\img\hosterlogos\ipauploader.com.png
[2010.10.11 18:47:38 | 000,000,105 | ---- | M] () -- \Program Files (x86)\JDownloader\jd\img\hosterlogos\jdupdateloader.png
[2009.10.07 00:48:58 | 000,000,113 | ---- | M] () -- \Program Files (x86)\JDownloader\jd\img\hosterlogos\uploader.pl.png
[2009.10.30 20:18:06 | 000,003,264 | ---- | M] () -- \Program Files (x86)\JDownloader\jd\plugins\hoster\IPAUploaderCom.class
[2011.01.20 23:43:11 | 000,007,069 | ---- | M] () -- \Program Files (x86)\JDownloader\jd\plugins\hoster\UploaderPl.class
[2009.10.26 21:52:34 | 000,214,528 | ---- | M] () -- \Program Files (x86)\JDownloader\JDownloader 0.9.310\JDownloader.exe
[2009.10.26 21:52:34 | 000,597,884 | ---- | M] () -- \Program Files (x86)\JDownloader\JDownloader 0.9.310\JDownloader.jar
[2010.05.24 08:13:44 | 000,000,100 | ---- | M] () -- \Program Files (x86)\JDownloader\JDownloader 0.9.310\jd\img\hosterlogos\ipauploader.com.png
[2010.05.24 08:13:44 | 000,000,105 | ---- | M] () -- \Program Files (x86)\JDownloader\JDownloader 0.9.310\jd\img\hosterlogos\jdupdateloader.png
[2009.10.06 23:48:58 | 000,000,113 | ---- | M] () -- \Program Files (x86)\JDownloader\JDownloader 0.9.310\jd\img\hosterlogos\uploader.pl.png
[2009.10.01 00:57:04 | 000,003,264 | ---- | M] () -- \Program Files (x86)\JDownloader\JDownloader 0.9.310\jd\plugins\hoster\IPAUploaderCom.class
[2009.10.25 21:35:16 | 000,006,360 | ---- | M] () -- \Program Files (x86)\JDownloader\JDownloader 0.9.310\jd\plugins\hoster\UploaderPl.class
[2009.10.26 21:48:22 | 000,032,222 | ---- | M] () -- \Program Files (x86)\JDownloader\JDownloader 0.9.310\licenses\jdownloader.license
[2009.10.26 22:48:22 | 000,032,222 | ---- | M] () -- \Program Files (x86)\JDownloader\licenses\jdownloader.license
[2012.12.20 13:33:50 | 000,069,120 | ---- | M] () -- \Program Files (x86)\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.dll
[2010.02.10 18:09:08 | 000,054,784 | ---- | M] () -- \Program Files\WinRAR\Formats\ace32loader.exe
[2013.04.21 13:39:45 | 000,000,673 | ---- | M] () -- \Users\petr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JJVX8K2V\loader[1].gif
[2013.04.21 13:39:08 | 000,007,927 | ---- | M] () -- \Users\petr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JJVX8K2V\w2bLoader[1].gif
[2013.04.21 14:24:23 | 000,001,797 | ---- | M] () -- \Users\petr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RDTIDVOW\grey_loader[1].gif
[2010.11.01 18:19:03 | 000,007,257 | ---- | M] () -- \Users\XXXX\AppData\Local\SRDownloader.err
[2010.11.01 18:19:06 | 000,002,688 | ---- | M] () -- \Users\XXXX\AppData\Local\SRDownloader.nast
[2010.05.24 08:09:11 | 000,001,169 | ---- | M] () -- \Users\XXXX\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\JDownloader.lnk
[2010.05.24 08:09:11 | 000,000,392 | ---- | M] () -- \Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader Support.lnk
[2010.05.24 08:09:11 | 000,001,169 | ---- | M] () -- \Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader.lnk
[2010.05.24 08:09:13 | 000,001,159 | ---- | M] () -- \Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\Uninstall JDownloader.lnk
[2010.04.05 14:30:50 | 006,095,300 | ---- | M] () -- \Users\XXXX\Documents\ICQ\357025108\ReceivedFiles\555118532 mclada\Windows 7 Loader v1.7.9.rar
[2011.07.16 06:19:58 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2011.07.16 06:19:58 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2009.07.14 03:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.14 03:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 07:04:54 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_66c2596d956d1920\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 07:06:43 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_67770e0aae6a7c68\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 07:21:03 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 07:12:44 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_691eb3faabbf8f66\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 17:17:49 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.07.14 17:17:49 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.efi.mui_35ee487d
[2009.07.14 17:17:49 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.exe.mui_3bc5b827
[2009.07.14 17:17:49 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.efi.mui_f412814e
[2009.07.14 17:17:49 | 000,030,288 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.exe.mui_ff8b5358
[2012.05.11 15:33:52 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66.manifest
[2012.05.11 15:33:52 | 000,640,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66_winload.efi_75834aa0
[2012.05.11 15:33:52 | 000,603,976 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66_winload.exe_75835076
[2012.05.11 15:33:52 | 000,556,928 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66_winresume.efi_85cd069f
[2012.05.11 15:33:52 | 000,518,160 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66_winresume.exe_85cd1215
[2009.07.14 04:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 04:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2009.07.14 17:15:51 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.07.14 04:13:42 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2011.02.05 15:09:31 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66.manifest
[2011.02.05 15:04:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_b79c80e49f7bc9f4.manifest
[2011.02.05 19:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.02.05 15:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2009.07.14 04:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:19:58 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2009.06.10 23:13:54 | 000,970,752 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2009.07.14 17:17:32 | 000,090,112 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2009.06.10 22:30:43 | 000,847,872 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2009.07.14 17:17:32 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2011.11.11 16:04:45 | 000,000,581 | ---- | M] () -- \Users\XXXX\AppData\Local\Opera\Opera 11\icons\http%3A%2F%2Fwww.serialzone.cz%2Ffavicon.png
[2009.07.14 17:17:20 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2009.07.14 17:17:32 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2009.06.10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2012.05.11 16:58:00 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\35fcbda2532ece23d09a044aa2ef62a4\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2012.05.12 09:32:55 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3848d7865bda88a9e94e03480b5ada2f\System.Runtime.Serialization.ni.dll
[2012.05.11 16:33:00 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\39e53f507d9cbc5c10a2f47c4b0d09dd\System.Runtime.Serialization.ni.dll
[2012.05.11 16:32:38 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\d57d865568209a71d63739fa448ed6df\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2012.05.11 17:00:42 | 000,396,288 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\3805923cd6a0d7c9c4c872c1ede4619d\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2012.05.12 09:41:33 | 003,073,536 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\f37d2ca916cafdabe1c4f6f9c6b2c518\System.Runtime.Serialization.ni.dll
[2012.05.11 16:42:08 | 000,311,296 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\5a4d233916a69d48fa12a9f7f103d893\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2012.05.11 16:42:24 | 002,647,040 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll
[2013.01.04 21:45:10 | 000,311,296 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8f0d3b706bb74e30bc81546f3b56a607\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013.01.04 21:45:27 | 002,647,040 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d132fe6c8f229528089a5084824567a9\System.Runtime.Serialization.ni.dll
[2013.01.05 11:32:19 | 000,009,216 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\0182681020de71c8db9120c1e130bc41\System.Xml.Serialization.ni.dll
[2012.05.12 15:34:40 | 000,009,216 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\4b540b784465ca3f0742990e5af444e3\System.Xml.Serialization.ni.dll
[2013.01.05 13:45:15 | 000,376,832 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\a1189bf6c6fe386077a64f3170041e8d\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013.01.05 11:35:28 | 003,412,992 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\cd278cba8ea5d98739456e4362187ae8\System.Runtime.Serialization.ni.dll
[2013.01.05 17:24:15 | 000,010,240 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\efc103c034c69f5b47140b0052056dd5\System.Xml.Serialization.ni.dll
[2011.04.06 16:48:20 | 000,011,120 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Xml.Serialization.dll.amd64
[2011.04.06 16:48:20 | 000,011,120 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Xml.Serialization.dll.x86
[2013.01.03 22:23:24 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013.01.03 22:23:22 | 001,026,936 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2013.01.03 22:23:29 | 000,011,120 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2009.07.14 17:17:21 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 23:14:06 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2010.03.18 14:16:28 | 001,026,936 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2010.03.18 14:16:28 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2011.04.01 13:26:40 | 000,011,120 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2009.06.10 22:40:06 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2009.07.14 17:17:19 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2009.06.10 22:30:46 | 000,847,872 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2010.03.18 14:16:28 | 001,026,936 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll
[2010.03.18 14:16:28 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2011.04.01 13:26:40 | 000,011,120 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009.07.14 17:17:13 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2009.07.14 02:00:40 | 000,094,208 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009.06.10 22:37:50 | 000,038,400 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\grserial.sys
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\SysWOW64\serialui.dll
[2009.07.14 17:17:13 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\cs-CZ\serialui.dll.mui
[2009.07.14 17:17:19 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_1c215c9ac50719c5\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2009.07.14 17:17:22 | 000,005,120 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_aa5fd338fd5bcb23\serialui.dll.mui
[2009.07.14 03:41:54 | 000,017,920 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360\serialui.dll
[2009.07.14 17:17:32 | 000,090,112 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_b96904386c2fe002\System.RunTime.Serialization.Resources.dll
[2009.07.14 17:17:25 | 000,009,728 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_20ab142d65ed6acc\serial.sys.mui
[2009.07.14 02:00:40 | 000,094,208 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys
[2009.06.10 22:40:06 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d1bee515273f56\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 22:37:50 | 000,038,400 | ---- | M] () -- \Windows\winsxs\amd64_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_ce9ed3064deed3aa\grserial.sys
[2009.06.10 22:30:46 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7600.16385_none_5943b25a748cb06c\System.Runtime.Serialization.dll
[2009.06.10 22:30:43 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_941abf24c884ab05\System.Runtime.Serialization.dll
[2012.05.11 15:33:52 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16757_none_6dccf6b5c641c933.manifest
[2012.05.11 15:33:52 | 000,017,792 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16757_none_6dccf6b5c641c933_kdcom.dll_db5e7744
[2009.07.14 17:17:49 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_aa5fd338fd5bcb23_serialui.dll.mui_7d29d2a3
[2009.07.14 04:57:29 | 000,017,920 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360_serialui.dll_bea29328
[2009.07.14 17:17:47 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed_serialui.dll.mui_7d29d2a3
[2009.07.14 04:58:37 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009.07.14 04:15:17 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_6daa7ec5c65bf5bc.manifest
[2011.02.05 15:10:43 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16757_none_6dccf6b5c641c933.manifest
[2011.02.05 15:05:47 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.20897_none_6e2b53d0df7fd8c1.manifest
[2011.02.05 19:35:45 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011.02.05 15:11:05 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b.manifest
[2009.07.14 04:11:30 | 000,000,868 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_88b1c48f2026fe3f.manifest
[2009.07.14 04:26:23 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7600.16385_none_5943b25a748cb06c.manifest
[2009.07.14 04:27:09 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_941abf24c884ab05.manifest
[2009.07.14 03:52:33 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896.manifest
[2009.07.14 17:16:38 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0.manifest
[2009.07.14 03:51:52 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9.manifest
[2009.07.14 03:57:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b.manifest
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2009.07.14 17:17:20 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_cs-cz_d5c3552dd9b47144\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 23:14:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896\System.Runtime.Serialization.dll
[2009.07.14 17:17:32 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0\System.RunTime.Serialization.Resources.dll
[2009.06.10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9\System.Runtime.Serialization.dll
[2009.07.14 17:17:21 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_267606ecf967dbc0\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.07.14 17:17:13 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed\serialui.dll.mui
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2009.07.14 17:17:32 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_5d4a68b4b3d26ecc\System.RunTime.Serialization.Resources.dll
[2009.06.10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b\System.Runtime.Serialization.dll

< *w7lxe* /s >

< End of report >

OTL Extras logfile created on: 7.7.2013 20:33:41 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\petr\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,50 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 77,70% Memory free
4,99 Gb Paging File | 4,47 Gb Available in Paging File | 89,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 117,19 Gb Total Space | 24,63 Gb Free Space | 21,01% Space Free | Partition Type: NTFS
Drive D: | 348,47 Gb Total Space | 7,26 Gb Free Space | 2,08% Space Free | Partition Type: NTFS
Drive E: | 305,83 Gb Total Space | 1,63 Gb Free Space | 0,53% Space Free | Partition Type: NTFS
Drive F: | 159,82 Gb Total Space | 0,49 Gb Free Space | 0,31% Space Free | Partition Type: NTFS

Computer Name: XXXX-PC | User Name: XXXX | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06A3C625-F2D4-47EB-B801-AE27987379E1}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{5E13CA93-7D76-419D-BEB2-3CBD0ACF123D}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{8637847E-EC72-431D-9630-0E7C7A7D835E}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00451DA9-FFFD-4108-94AA-B00DAFC9C20A}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe |
"{079FA9CC-B760-4EEF-9402-C2FB207FA357}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{0D94EF19-B863-4F0C-8CCB-49BF312CE1E9}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{13AF20CC-78B1-419E-BF76-9E6C83F6F518}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{19D78CDE-21F1-460C-B670-7B96C753475C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{1A008748-3570-4240-970B-98CF0390E85D}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{1B6C2232-5CBA-47C7-8309-EA9ED9304123}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{20AFE904-965F-475C-8B46-7D8BCDEE1476}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{246EB2CE-3B8F-4A46-A7FD-1198C7673135}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{300C3A1F-C285-4953-9DA8-A04A43A9358D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{4565D66F-B20D-456B-AC1A-024DFB608F1C}" = protocol=6 | dir=in | app=c:\program files (x86)\opera 11\pluginwrapper\opera_plugin_wrapper.exe |
"{50668C70-497F-47CB-97B8-EB62E93C91C1}" = protocol=17 | dir=in | app=c:\program files (x86)\opera 12.12\opera.exe |
"{56C47EFB-E856-4552-97EE-D6D8E777FB68}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{7C700950-28CF-472F-8163-BB2068D41D02}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7DAD0EE7-E0B7-4FDE-822D-3E4C080E5C53}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{826515F3-202F-4519-9186-1779E4FB7960}" = protocol=17 | dir=in | app=c:\program files (x86)\opera 11\opera.exe |
"{8BDF5535-2969-4189-83FE-3881E7E16847}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{8CE73870-D57E-4C47-8F33-7274F4ACD605}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{8D324131-E4E9-49BA-82A5-F0F8FE1C5CDF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B340386D-6916-4D0A-B8A8-EE8A139867E5}" = protocol=6 | dir=in | app=c:\program files (x86)\opera 12.12\opera.exe |
"{BAC45DB1-F5B6-4ECD-8818-DC5C929F64FF}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{BC47E364-0BC2-4C8F-8BE7-4818ED10B827}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{C6FB0659-EC6C-4FF0-9C63-FC19D9D2E229}" = protocol=17 | dir=in | app=c:\program files (x86)\opera 11\pluginwrapper\opera_plugin_wrapper.exe |
"{D297E657-E2C1-4417-A10C-FC036E3C41FE}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{D7425BC4-ADC7-4BBB-B3EC-1ECD7F52DF46}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D8D20B45-47E8-4EBE-9346-BD2EB6B350BA}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{E6BF0926-A32C-4614-A9F0-B74F38FEA044}" = protocol=6 | dir=in | app=c:\program files (x86)\opera 11\opera.exe |
"{E910D9BC-3A43-42E9-BFD4-E3CD0833EC18}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{ED0688D4-D718-44AF-B43E-05889C345BA8}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe |
"{EE531C6E-6FE6-4097-8939-BCAB0B227513}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F3735EDC-0452-4FC6-BA1D-565C320E4F3C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"TCP Query User{3711DA33-79CB-484C-A410-C692AEEF3026}C:\users\xxxx\appdata\roaming\vuocyh\cuija.exe" = protocol=6 | dir=in | app=c:\users\xxxx\appdata\roaming\vuocyh\cuija.exe |
"TCP Query User{5BE463A1-EC76-4D2D-93E0-5C6281588710}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe |
"TCP Query User{68626D69-50A6-4560-9461-140B230B5DD3}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{85E47BBA-F8CE-4B24-A0FA-36F72AC8F640}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe |
"TCP Query User{B6B160ED-68B8-4C5C-B9AA-C0C2FE8076C2}C:\users\xxxx\appdata\roaming\byehl\regy.exe" = protocol=6 | dir=in | app=c:\users\xxxx\appdata\roaming\byehl\regy.exe |
"TCP Query User{BDD2DA3E-004B-4205-A162-F58699BA1492}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{342153A0-FD4B-4AD1-9438-93495198A2BD}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{458DDB68-3BFA-40F9-924E-FBA1A201D167}C:\users\xxxx\appdata\roaming\vuocyh\cuija.exe" = protocol=17 | dir=in | app=c:\users\xxxx\appdata\roaming\vuocyh\cuija.exe |
"UDP Query User{4ABC728B-4BAD-4388-83C2-DEBA2E3FD920}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe |
"UDP Query User{A2CD1FCA-C9C5-4681-8F3A-553618949B2A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{B7C145E5-2791-4E71-B9D7-C67F6D57A77E}C:\users\xxxx\appdata\roaming\byehl\regy.exe" = protocol=17 | dir=in | app=c:\users\xxxx\appdata\roaming\byehl\regy.exe |
"UDP Query User{E7DEE794-7C17-4D29-9149-C8F254EFAC8C}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{11953C65-BB4E-4CA4-B0F0-2600A4B20040}" = Picture Control Utility x64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{3DDACE1F-3B1E-D6AB-CD3D-B6E987511945}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503640E5-B2ED-3173-D109-D4D03153471A}" = AMD Drag and Drop Transcoding
"{635BE602-BB9C-4C59-8CC5-93F9366E8A21}" = ViewNX 2
"{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb" = Adobe Audition 3.0 Vista Compatibility
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD53298A-4734-AFCB-B733-4C07776E589E}" = ccc-utility64
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0904.1
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{179C91E9-D9ED-D5CC-F0D8-9579DBDED8D6}" = CCC Help English
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{6C8B53B9-41EE-AD83-007A-55EE64DE6932}" = Catalyst Control Center Graphics Previews Common
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91C0B95B-B83A-4828-A775-BBE2DD421029}" = Nero 7 Ultra Edition
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Photo Manager 12
"{AC76BA86-7AD7-1029-7B44-A95000000001}" = Adobe Reader 9.5.1 - Czech
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{CF5DE1DD-F7E6-694D-1E82-84C7C9C9ABDB}" = Catalyst Control Center Graphics Previews Vista
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{E296A35C-63F6-4308-A430-B76BB02D141D}" = Opera 10.70
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F71E7762-8A64-AECC-0917-DA51677041CF}" = Catalyst Control Center InstallProxy
"{F9D65BA1-84C5-B4CB-91FE-D68F07ECBA24}" = ccc-core-static
"ABC VideoRoll" = ABC VideoRoll
"ACDSee Photo Manager 12 Build 342" = ACDSee Photo Manager 12 Build 342 - odinstalovat češtinu
"Adobe Audition 3.0" = Adobe Audition 3.0
"AIMP2" = AIMP2
"Any Audio Converter_is1" = Any Audio Converter 3.0.7
"AudioCS" = Creative Audio Control Panel
"Avidemux 2.5" = Avidemux 2.5
"CoreAAC" = CoreAAC
"Counter-Strike 1.6" = Counter-Strike 1.6
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"CS 1.6 cz" = CS 1.6 cz
"DreamBoxEdit" = DreamBoxEdit -- The one and only settings editor for your Dreambox
"DrEditHD" = DrEditHD (remove only)
"DtsFilter" = DTS+AC3 ÇĘĹÍ
"FormatFactory" = FormatFactory 2.50
"FSCZ_is1" = FORM studio
"Generate Thumbnail_is1" = Generate Thumbnail 1.0
"GOM ENCODER" = GOM ENCODER
"GOM Player" = GOM Player
"GridinSoft Trojan Killer" = Trojan Killer
"HaaliMkx" = Haali Media Splitter
"Host OpenAL" = Host OpenAL
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"JDownloader" = JDownloader
"JpegResampler2010_is1" = Jpeg Resampler Vs 6+
"Mp3tag" = Mp3tag v2.47b
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"Opera 12.00.1467" = Opera 12.00
"Opera 12.12.1707" = Opera 12.12
"rajče.net_is1" = rajče verze 57 sestavení 190
"Renamer 21" = Renamer 21
"Samsung ML-1640 Series" = Samsung ML-1640 Series
"Totalcmd" = Total Commander (Remove or Repair)
"ViewNX 2 v2.7.1 64bit" = ViewNX 2 v2.7.1 64bit
"WaveStudio 7" = Creative WaveStudio 7
"XRECODE_is1" = XRECODE

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1367775511-2981498823-283862049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"3 Tor" = 3 Tor

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7.11.2012 17:41:41 | Computer Name = XXXX-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Nelze číst řetězce čítačů výkonu definované pro ID jazyka 005. První
hodnota DWORD v datové oblasti obsahuje kód chyby Win32.

Error - 7.11.2012 17:41:41 | Computer Name = XXXX-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Nelze číst řetězce čítačů výkonu definované pro ID jazyka 009. První
hodnota DWORD v datové oblasti obsahuje kód chyby Win32.

Error - 8.11.2012 1:38:39 | Computer Name = XXXX-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Nelze číst řetězce čítačů výkonu definované pro ID jazyka 005. První
hodnota DWORD v datové oblasti obsahuje kód chyby Win32.

Error - 8.11.2012 1:38:39 | Computer Name = XXXX-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Nelze číst řetězce čítačů výkonu definované pro ID jazyka 009. První
hodnota DWORD v datové oblasti obsahuje kód chyby Win32.

Error - 8.11.2012 1:38:40 | Computer Name = XXXX-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Nelze číst řetězce čítačů výkonu definované pro ID jazyka 005. První
hodnota DWORD v datové oblasti obsahuje kód chyby Win32.

Error - 8.11.2012 1:38:40 | Computer Name = XXXX-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Nelze číst řetězce čítačů výkonu definované pro ID jazyka 009. První
hodnota DWORD v datové oblasti obsahuje kód chyby Win32.

Error - 8.11.2012 16:02:57 | Computer Name = XXXX-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Nelze číst řetězce čítačů výkonu definované pro ID jazyka 005. První
hodnota DWORD v datové oblasti obsahuje kód chyby Win32.

Error - 8.11.2012 16:02:57 | Computer Name = XXXX-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Nelze číst řetězce čítačů výkonu definované pro ID jazyka 009. První
hodnota DWORD v datové oblasti obsahuje kód chyby Win32.

Error - 8.11.2012 16:02:57 | Computer Name = XXXX-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Nelze číst řetězce čítačů výkonu definované pro ID jazyka 005. První
hodnota DWORD v datové oblasti obsahuje kód chyby Win32.

Error - 8.11.2012 16:02:57 | Computer Name = XXXX-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Nelze číst řetězce čítačů výkonu definované pro ID jazyka 009. První
hodnota DWORD v datové oblasti obsahuje kód chyby Win32.

[ System Events ]
Error - 7.7.2013 14:24:34 | Computer Name = XXXX-PC | Source = sptd | ID = 262148
Description = Ovladač zjistil interní chybu ve vlastní struktuře dat u .

Error - 7.7.2013 14:24:58 | Computer Name = XXXX-PC | Source = Service Control Manager | ID = 7001
Description = Služba Creative Audio Service závisí na službě Zvuk systému Windows,
která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 7.7.2013 14:24:59 | Computer Name = XXXX-PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: discache SASDIFSV SASKUTIL spldr sptd Wanarpv6

Error - 7.7.2013 14:25:01 | Computer Name = XXXX-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Při pokusu o načtení souboru místních hostitelů došlo k chybě.

Error - 7.7.2013 14:25:11 | Computer Name = XXXX-PC | Source = DCOM | ID = 10005
Description =

Error - 7.7.2013 14:25:17 | Computer Name = XXXX-PC | Source = DCOM | ID = 10005
Description =

Error - 7.7.2013 14:25:18 | Computer Name = XXXX-PC | Source = DCOM | ID = 10005
Description =

Error - 7.7.2013 14:25:18 | Computer Name = XXXX-PC | Source = DCOM | ID = 10005
Description =

Error - 7.7.2013 14:25:20 | Computer Name = XXXX-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Při pokusu o načtení souboru místních hostitelů došlo k chybě.

Error - 7.7.2013 14:42:28 | Computer Name = XXXX-PC | Source = DCOM | ID = 10005
Description =

< End of report >

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.07.07.05

Windows 7 x64 NTFS (Nouzový režim s podporou sítě)
Internet Explorer 9.0.8112.16421
XXXX :: XXXX-PC [administrátor]

Ochrana: Zakázána

7.7.2013 21:04:18
MBAM-log-2013-07-07 (21-08-07).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 260071
Uplynulý čas: 2 minut, 16 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Internet Security (HackTool.Wpakill) -> Data: C:\Users\XXXX\AppData\Roaming\tdefender.exe -> Nebyla provedena žádná instrukce.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 11
C:\Users\XXXX\AppData\Roaming\tdefender.exe (HackTool.Wpakill) -> Nebyla provedena žádná instrukce.
C:\Users\XXXX\AppData\Local\Temp\360674.exe (HackTool.Wpakill) -> Nebyla provedena žádná instrukce.
C:\Users\XXXX\AppData\Local\Temp\360986.exe (Rootkit.0Access) -> Nebyla provedena žádná instrukce.
C:\Users\XXXX\AppData\Local\Temp\81CC.tmp (HackTool.Wpakill) -> Nebyla provedena žádná instrukce.
C:\Users\XXXX\AppData\Local\Temp\8zTp0KV.exe (Trojan.MSIL.FVIGen) -> Nebyla provedena žádná instrukce.
C:\Users\XXXX\AppData\Local\Temp\msimg32.dll (Rootkit.0Access) -> Nebyla provedena žádná instrukce.
C:\$Recycle.Bin\S-1-5-21-1367775511-2981498823-283862049-1000\$3544b9f0659bc26061178dfe6b960372\n (Trojan.0Access) -> Nebyla provedena žádná instrukce.
C:\$Recycle.Bin\S-1-5-21-1367775511-2981498823-283862049-1003\$RU8HLMT.exe (Trojan.Patcher) -> Nebyla provedena žádná instrukce.
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Nebyla provedena žádná instrukce.
C:\ProgramData\lsass.exe (Trojan.Delf) -> Nebyla provedena žádná instrukce.
C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Nebyla provedena žádná instrukce.

(konec)

Pekne zavsivene

Co taky cekat. Pocitac bez antiviru, neaktualizovany system. Zrejme nelegalni, je to tak?

Chtel jsem kompletni kontrolu MBAM, vy jste udelal jen rychlou

No jestly je nelegalni nevím.Instaloval me to borec,když me skladal počítač před nejkakym rokem.
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.07.07.05

Windows 7 x64 NTFS (Nouzový režim s podporou sítě)
Internet Explorer 9.0.8112.16421
petr :: XXXX-PC [limited]

Ochrana: Zakázána

8.7.2013 18:35:12
MBAM-log-2013-07-08 (19-02-50).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 324173
Uplynulý čas: 27 minut, 1 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 10
C:\Users\XXXX\AppData\Local\Temp\360674.exe (HackTool.Wpakill) -> Nebyla provedena žádná instrukce.
C:\Users\XXXX\AppData\Local\Temp\360986.exe (Rootkit.0Access) -> Nebyla provedena žádná instrukce.
C:\Users\XXXX\AppData\Local\Temp\81CC.tmp (HackTool.Wpakill) -> Nebyla provedena žádná instrukce.
C:\Users\XXXX\AppData\Local\Temp\8zTp0KV.exe (Trojan.MSIL.FVIGen) -> Nebyla provedena žádná instrukce.
C:\Users\XXXX\AppData\Local\Temp\msimg32.dll (Rootkit.0Access) -> Nebyla provedena žádná instrukce.
C:\Users\XXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\1c737965-1a4ae62a (Spyware.Password) -> Nebyla provedena žádná instrukce.
C:\Users\XXXX\AppData\Roaming\tdefender.exe (HackTool.Wpakill) -> Nebyla provedena žádná instrukce.
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Nebyla provedena žádná instrukce.
C:\ProgramData\lsass.exe (Trojan.Delf) -> Nebyla provedena žádná instrukce.
C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Nebyla provedena žádná instrukce.

(konec)

Vsechny nalezy nechte odstranit, restartujte pc a udelejte novou kontrolu. Zjisti se tak, jestli se to nevraci.

Jelikoz tam vidim crack na windows, zrejme to moc v poradku nebude. Zkuste se ho zeptat

No momentálně je už třetí měsíc v Norsku,ale až se vratí určitě se ho zeptam

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.07.09.06

Windows 7 x64 NTFS (Nouzový režim s podporou sítě)
Internet Explorer 9.0.8112.16421
petr :: XXXX-PC [limited]

Ochrana: Zakázána

9.7.2013 20:29:32
MBAM-log-2013-07-09 (21-04-23).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 330206
Uplynulý čas: 33 minut, 16 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 2
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Nebyla provedena žádná instrukce.
C:\ProgramData\lsass.exe (Trojan.Delf) -> Nebyla provedena žádná instrukce.

(konec)

Nalezy nechte odstranit. Jeste se spousti ten falesny AV?

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu, kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte

Antivir se už nespouští

RogueKiller V8.6.2 [Jul 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7600 ) 64 bits version
Spuštěno v : Nouzový režim s prací v síti
Uživatel : XXXX [Práva správce]
Mód : Kontrola -- Datum : 07/10/2013 17:42:18
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Onoxb (C:\Users\XXXX\AppData\Roaming\Byehl\regy.exe [x]) -> NALEZENO
[RUN][SUSP PATH] HKCU\[...]\Run : Internet Security (C:\Users\XXXX\AppData\Roaming\tdefender.exe [x]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-1367775511-2981498823-283862049-1000\[...]\Run : Onoxb (C:\Users\XXXX\AppData\Roaming\Byehl\regy.exe [x]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-1367775511-2981498823-283862049-1000\[...]\Run : Internet Security (C:\Users\XXXX\AppData\Roaming\tdefender.exe [x]) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-1367775511-2981498823-283862049-1000\$3544b9f0659bc26061178dfe6b960372\n. [x]) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ZeroAccess ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

tombraider píše:Antivir se už nespouští

Ale zamarasene to je az hanba

Znovu spustte RogueKiller jako spravce (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.

RogueKiller V8.6.2 [Jul 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7600 ) 64 bits version
Spuštěno v : Nouzový režim s prací v síti
Uživatel : XXXX [Práva správce]
Mód : Odebrat -- Datum : 07/10/2013 21:16:41
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Onoxb (C:\Users\XXXX\AppData\Roaming\Byehl\regy.exe [x]) -> VYMAZÁNO
[RUN][SUSP PATH] HKCU\[...]\Run : Internet Security (C:\Users\XXXX\AppData\Roaming\tdefender.exe [x]) -> VYMAZÁNO
[RUN][SUSP PATH] HKUS\S-1-5-21-1367775511-2981498823-283862049-1000\[...]\Run : Onoxb (C:\Users\XXXX\AppData\Roaming\Byehl\regy.exe [x]) -> [0x2] Systém nemůže nalézt uvedený soubor.
[RUN][SUSP PATH] HKUS\S-1-5-21-1367775511-2981498823-283862049-1000\[...]\Run : Internet Security (C:\Users\XXXX\AppData\Roaming\tdefender.exe [x]) -> [0x2] Systém nemůže nalézt uvedený soubor.
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-1367775511-2981498823-283862049-1000\$3544b9f0659bc26061178dfe6b960372\n. [x]) -> NAHRAZENO (C:\Windows\system32\shell32.dll)

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ZeroAccess ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD502HJ SATA Disk Device +++++
--- User ---
[MBR] 8f928919448faf9f25ebc3dee5a57ac9
[BSP] 8dd2534beb8e9d4f56da0f5689fbf5fb : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 120000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 245966848 | Size: 356838 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: SAMSUNG HD502HJ SATA Disk Device +++++
--- User ---
[MBR] 02a44c09f344817b164859d4e32b4402
[BSP] d8592e1e222cf9fdead212ea84beb607 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 313165 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 641362995 | Size: 163654 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[0]_D_07102013_211641.txt >>
RKreport[0]_S_07102013_174218.txt;RKreport[0]_S_07102013_211603.txt

RogueKiller V8.6.2 [Jul 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7600 ) 64 bits version
Spuštěno v : Nouzový režim s prací v síti
Uživatel : XXXX [Práva správce]
Mód : Oprava HOSTS -- Datum : 07/10/2013 21:22:06
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ Resetovaný HOSTS: ¤¤¤

Dokončeno : << RKreport[0]_H_07102013_212206.txt >>
RKreport[0]_D_07102013_211641.txt;RKreport[0]_S_07102013_174218.txt;RKreport[0]_S_07102013_211603.txt
RKreport[0]_S_07102013_212152.txt

VIRY.CZ

falešnej antivir

falešnej antivir

Re: falešnej antivir

Re: falešnej antivir

Re: falešnej antivir

Re: falešnej antivir

Re: falešnej antivir

Re: falešnej antivir

Re: falešnej antivir

Re: falešnej antivir

Re: falešnej antivir

Re: falešnej antivir

Re: falešnej antivir

Re: falešnej antivir

Re: falešnej antivir

Re: falešnej antivir