VIRY.CZ

Logfile of random's system information tool 1.09 (written by random/random)
Run by user at 2013-08-11 17:10:10
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 26 GB (50%) free of 51 GB
Total RAM: 1023 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:10:22, on 11. 8. 2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\SearchIndexer.exe
C:\WINDOWS.0\system32\RunDLL32.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS.0\RTHDCPL.EXE
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS.0\system32\SearchProtocolHost.exe
C:\Documents and Settings\user\Desktop\RSIT.exe
C:\Program Files\trend micro\user.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS.0\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-796845957-1897051121-682003330-1004\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5204719224
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS.0\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS.0\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

--
End of file - 4869 bytes

======Scheduled tasks folder======

C:\WINDOWS.0\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\9pmm0c8i.default

prefs.js - "browser.startup.homepage" - "www.google.sk"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.94 Plugin
"Path"=C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS.0\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\plugins\
NPOFF12.DLL
nppdf32.dll

C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\9pmm0c8i.default\extensions\
{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-07-30 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-07-30 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS.0\system32\NvCpl.dll [2013-06-21 15677728]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2013-03-21 5078504]
"RTHDCPL"=C:\WINDOWS.0\RTHDCPL.EXE [2013-07-30 18665472]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"=C:\WINDOWS.0\system32\sti_ci.dll [2008-04-14 136704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS.0\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nvtmru]
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [2013-05-16 1012000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2013-03-23 1982312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=schannel.dll, credssp.dll, digest.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS.0\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS.0\system32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-08-10 12:22:53 ----A---- C:\WINDOWS.0\system32\ptpusb.dll
2013-08-10 12:22:52 ----A---- C:\WINDOWS.0\system32\ptpusd.dll
2013-08-10 12:22:52 ----A---- C:\WINDOWS.0\system32\drivers\usbscan.sys
2013-08-06 16:51:03 ----D---- C:\Documents and Settings\user\Application Data\WinRAR
2013-07-31 21:01:59 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Adobe
2013-07-31 20:49:15 ----D---- C:\Documents and Settings\user\Application Data\NVIDIA
2013-07-31 20:17:51 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2834904_WM11$
2013-07-31 20:17:46 ----HDC---- C:\WINDOWS.0\$NtUninstallKB963093$
2013-07-31 20:16:03 ----HDC---- C:\WINDOWS.0\$NtUninstallKB954154_WM11$
2013-07-31 20:15:59 ----HDC---- C:\WINDOWS.0\$NtUninstallKB929399$
2013-07-31 20:15:38 ----HDC---- C:\WINDOWS.0\$NtUninstallKB939683$
2013-07-31 19:59:04 ----D---- C:\rsit
2013-07-31 19:42:37 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2808679$
2013-07-31 19:21:16 ----D---- C:\Documents and Settings\user\Application Data\vlc
2013-07-31 19:16:57 ----D---- C:\Documents and Settings\user\Application Data\Windows Search
2013-07-31 19:16:12 ----D---- C:\WINDOWS.0\system32\winrm
2013-07-31 19:16:12 ----D---- C:\WINDOWS.0\system32\WindowsPowerShell
2013-07-31 19:16:07 ----HDC---- C:\WINDOWS.0\$968930Uinstall_KB968930$
2013-07-31 19:16:06 ----D---- C:\WINDOWS.0\$NtUninstallKB968930$
2013-07-31 19:15:57 ----D---- C:\Documents and Settings\user\Application Data\Windows Desktop Search
2013-07-31 19:15:25 ----D---- C:\WINDOWS.0\system32\GroupPolicy
2013-07-31 19:15:04 ----HDC---- C:\WINDOWS.0\$NtUninstallKB940157$
2013-07-31 19:14:58 ----HDC---- C:\WINDOWS.0\$NtUninstallKB915800-v4$
2013-07-31 19:14:39 ----N---- C:\WINDOWS.0\system32\spmsg.dll
2013-07-31 19:14:38 ----HDC---- C:\WINDOWS.0\$NtUninstallMSCompPackV1$
2013-07-31 19:14:05 ----HDC---- C:\WINDOWS.0\$NtUninstallwmp11$
2013-07-31 19:13:15 ----HDC---- C:\WINDOWS.0\$NtUninstallWMFDist11$
2013-07-31 19:12:39 ----D---- C:\WINDOWS.0\system32\LogFiles
2013-07-31 19:12:39 ----D---- C:\WINDOWS.0\system32\drivers\UMDF
2013-07-31 19:12:31 ----HDC---- C:\WINDOWS.0\$NtUninstallWudf01000$
2013-07-31 19:11:08 ----D---- C:\WINDOWS.0\system32\URTTEMP
2013-07-31 18:32:41 ----D---- C:\WINDOWS.0\system32\MRT
2013-07-31 18:15:06 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2712808$
2013-07-31 18:10:23 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2598479$
2013-07-31 18:10:11 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2585542$
2013-07-31 18:04:41 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2619339$
2013-07-31 18:04:28 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2592799$
2013-07-31 17:15:18 ----D---- C:\WINDOWS.0\system32\XPSViewer
2013-07-31 17:14:36 ----N---- C:\WINDOWS.0\system32\xpssvcs.dll
2013-07-31 17:14:36 ----N---- C:\WINDOWS.0\system32\xpsshhdr.dll
2013-07-31 17:14:36 ----N---- C:\WINDOWS.0\system32\prntvpt.dll
2013-07-30 23:06:05 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2659262$
2013-07-30 23:06:01 ----A---- C:\WINDOWS.0\system32\spupdsvc.exe
2013-07-30 23:05:54 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2564958$
2013-07-30 23:03:21 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2758857$
2013-07-30 23:03:16 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2544893-v2$
2013-07-30 23:03:13 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2834886$
2013-07-30 23:03:04 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2850851$
2013-07-30 23:02:58 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2631813$
2013-07-30 23:02:52 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2691442$
2013-07-30 22:58:58 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2779562$
2013-07-30 22:53:54 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2655992$
2013-07-30 22:53:49 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2802968$
2013-07-30 22:53:46 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2686509$
2013-07-30 22:53:37 ----D---- C:\Program Files\MSXML 4.0
2013-07-30 22:51:56 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2780091$
2013-07-30 22:51:49 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2845187$
2013-07-30 22:51:43 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2624667$
2013-07-30 22:51:35 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2719985$
2013-07-30 22:47:49 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2753842-v2$
2013-07-30 22:47:44 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2770660$
2013-07-30 22:47:38 ----HDC---- C:\WINDOWS.0\$NtUninstallKB941569$
2013-07-30 22:47:10 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2839229$
2013-07-30 22:46:51 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2807986$
2013-07-30 22:41:10 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2820917$
2013-07-30 22:41:06 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2603381$
2013-07-30 22:41:01 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2757638$
2013-07-30 22:40:56 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2653956$
2013-07-30 22:40:51 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2820197$
2013-07-30 22:40:47 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2749655$
2013-07-30 22:40:39 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2705219-v2$
2013-07-30 22:40:19 ----D---- C:\WINDOWS.0\ie8updates
2013-07-30 22:40:13 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2727528$
2013-07-30 22:38:05 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2723135-v2$
2013-07-30 22:38:00 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2618451$
2013-07-30 22:37:53 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2661254-v2$
2013-07-30 22:35:18 ----A---- C:\WINDOWS.0\system32\wmpns.dll
2013-07-30 22:27:28 ----D---- C:\Documents and Settings\user\Application Data\Youtube Downloader HD
2013-07-30 22:27:11 ----D---- C:\Documents and Settings\user\Application Data\GHISLER
2013-07-30 22:23:18 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2834903_WM10L$
2013-07-30 22:23:12 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2676562$
2013-07-30 22:20:38 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2620712$
2013-07-30 22:20:33 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2661637$
2013-07-30 22:20:23 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2584146$
2013-07-30 22:20:23 ----HD---- C:\WINDOWS.0\$hf_mig$
2013-07-30 19:12:46 ----A---- C:\WINDOWS.0\system32\D3DX9_42.dll
2013-07-30 19:12:45 ----A---- C:\WINDOWS.0\system32\d3dx9_31.dll
2013-07-30 19:12:44 ----D---- C:\WINDOWS.0\Logs
2013-07-30 19:12:06 ----D---- C:\WINDOWS.0\RegisteredPackages
2013-07-30 19:11:18 ----N---- C:\WINDOWS.0\system32\vxblock.dll
2013-07-30 19:11:18 ----N---- C:\WINDOWS.0\system32\pxwma.dll
2013-07-30 19:11:18 ----N---- C:\WINDOWS.0\system32\pxwave.dll
2013-07-30 19:11:18 ----N---- C:\WINDOWS.0\system32\pxsfs.dll
2013-07-30 19:11:18 ----N---- C:\WINDOWS.0\system32\pxmas.dll
2013-07-30 19:11:18 ----N---- C:\WINDOWS.0\system32\pxinsi64.exe
2013-07-30 19:11:18 ----N---- C:\WINDOWS.0\system32\pxinsa64.exe
2013-07-30 19:11:18 ----N---- C:\WINDOWS.0\system32\pxhpinst.exe
2013-07-30 19:11:18 ----N---- C:\WINDOWS.0\system32\pxdrv.dll
2013-07-30 19:11:18 ----N---- C:\WINDOWS.0\system32\pxcpyi64.exe
2013-07-30 19:11:18 ----N---- C:\WINDOWS.0\system32\pxcpya64.exe
2013-07-30 19:11:18 ----N---- C:\WINDOWS.0\system32\pxafs.dll
2013-07-30 19:11:18 ----N---- C:\WINDOWS.0\system32\px.dll
2013-07-30 19:11:18 ----N---- C:\WINDOWS.0\system32\drivers\PxHelp20.sys
2013-07-30 19:11:18 ----N---- C:\WINDOWS.0\system32\drivers\cdralw2k.sys
2013-07-30 19:11:18 ----N---- C:\WINDOWS.0\system32\drivers\cdr4_xp.sys
2013-07-30 18:57:56 ----A---- C:\WINDOWS.0\system32\FlashPlayerApp.exe
2013-07-30 18:51:33 ----D---- C:\Documents and Settings\user\Application Data\ESET
2013-07-30 18:48:00 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\ESET
2013-07-30 18:36:22 ----D---- C:\WINDOWS.0\Sun
2013-07-30 18:35:49 ----A---- C:\WINDOWS.0\system32\javaws.exe
2013-07-30 18:35:45 ----A---- C:\WINDOWS.0\system32\WindowsAccessBridge.dll
2013-07-30 18:35:45 ----A---- C:\WINDOWS.0\system32\javaw.exe
2013-07-30 18:35:45 ----A---- C:\WINDOWS.0\system32\java.exe
2013-07-30 18:35:25 ----D---- C:\Program Files\Java
2013-07-30 18:33:47 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Sun
2013-07-30 18:33:35 ----A---- C:\WINDOWS.0\system32\npDeployJava1.dll
2013-07-30 18:33:35 ----A---- C:\WINDOWS.0\system32\deployJava1.dll
2013-07-30 18:32:28 ----D---- C:\Documents and Settings\user\Application Data\Sun
2013-07-30 18:25:09 ----D---- C:\Documents and Settings\user\Application Data\Mozilla
2013-07-30 18:25:03 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Mozilla
2013-07-30 18:02:25 ----D---- C:\WINDOWS.0\pss
2013-07-12 09:09:00 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\NVIDIA
2013-07-12 09:06:51 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\NVIDIA Corporation
2013-07-12 09:06:11 ----A---- C:\WINDOWS.0\system32\nvrszht.dll
2013-07-12 09:06:11 ----A---- C:\WINDOWS.0\system32\nvrszhc.dll
2013-07-12 09:06:11 ----A---- C:\WINDOWS.0\system32\nvrstr.dll
2013-07-12 09:06:11 ----A---- C:\WINDOWS.0\system32\nvrsth.dll
2013-07-12 09:06:11 ----A---- C:\WINDOWS.0\system32\nvrssv.dll
2013-07-12 09:06:11 ----A---- C:\WINDOWS.0\system32\nvrssl.dll
2013-07-12 09:06:11 ----A---- C:\WINDOWS.0\system32\nvrssk.dll
2013-07-12 09:06:11 ----A---- C:\WINDOWS.0\system32\nvrsru.dll
2013-07-12 09:06:11 ----A---- C:\WINDOWS.0\system32\nvrsptb.dll
2013-07-12 09:06:11 ----A---- C:\WINDOWS.0\system32\nvrspt.dll
2013-07-12 09:06:11 ----A---- C:\WINDOWS.0\system32\nvrspl.dll
2013-07-12 09:06:11 ----A---- C:\WINDOWS.0\system32\nvrsno.dll
2013-07-12 09:06:11 ----A---- C:\WINDOWS.0\system32\nvrsnl.dll
2013-07-12 09:06:11 ----A---- C:\WINDOWS.0\system32\nvrsko.dll
2013-07-12 09:06:11 ----A---- C:\WINDOWS.0\system32\nvrsja.dll
2013-07-12 09:06:11 ----A---- C:\WINDOWS.0\system32\nvrsit.dll
2013-07-12 09:06:11 ----A---- C:\WINDOWS.0\system32\nvrshu.dll
2013-07-12 09:06:11 ----A---- C:\WINDOWS.0\system32\nvrshe.dll
2013-07-12 09:06:11 ----A---- C:\WINDOWS.0\system32\nvrsfr.dll
2013-07-12 09:06:11 ----A---- C:\WINDOWS.0\system32\nvrsfi.dll
2013-07-12 09:06:11 ----A---- C:\WINDOWS.0\system32\nvrsesm.dll
2013-07-12 09:06:11 ----A---- C:\WINDOWS.0\system32\nvrses.dll
2013-07-12 09:06:11 ----A---- C:\WINDOWS.0\system32\nvrseng.dll
2013-07-12 09:06:11 ----A---- C:\WINDOWS.0\system32\nvrsel.dll
2013-07-12 09:06:11 ----A---- C:\WINDOWS.0\system32\nvrsde.dll
2013-07-12 09:06:11 ----A---- C:\WINDOWS.0\system32\nvrsda.dll
2013-07-12 09:06:11 ----A---- C:\WINDOWS.0\system32\nvrscs.dll
2013-07-12 09:06:11 ----A---- C:\WINDOWS.0\system32\nvrsar.dll
2013-07-12 09:06:10 ----A---- C:\WINDOWS.0\system32\nvsvc32.exe
2013-07-12 09:06:10 ----A---- C:\WINDOWS.0\system32\nvcolor.exe
2013-07-12 09:06:09 ----A---- C:\WINDOWS.0\system32\nvmctray.dll
2013-07-12 09:06:09 ----A---- C:\WINDOWS.0\system32\nvcpl.dll
2013-07-12 09:05:44 ----A---- C:\WINDOWS.0\system32\nvwddi.dll
2013-07-12 09:04:18 ----A---- C:\WINDOWS.0\system32\OpenCL.dll
2013-07-12 09:03:25 ----A---- C:\WINDOWS.0\system32\nvhdap32.dll
2013-07-12 09:03:25 ----A---- C:\WINDOWS.0\system32\nvhdagenco3220103.dll
2013-07-12 09:03:25 ----A---- C:\WINDOWS.0\system32\drivers\nvhda32.sys
2013-07-12 09:03:20 ----A---- C:\WINDOWS.0\system32\nvopencl.dll
2013-07-12 09:03:20 ----A---- C:\WINDOWS.0\system32\nvoglnt.dll
2013-07-12 09:03:19 ----A---- C:\WINDOWS.0\system32\nvdispgenco3232049.dll
2013-07-12 09:03:19 ----A---- C:\WINDOWS.0\system32\nvdispco3232049.dll
2013-07-12 09:03:19 ----A---- C:\WINDOWS.0\system32\nvcuvid.dll
2013-07-12 09:03:19 ----A---- C:\WINDOWS.0\system32\nvcuvenc.dll
2013-07-12 09:03:19 ----A---- C:\WINDOWS.0\system32\nvcuda.dll
2013-07-12 09:03:14 ----A---- C:\WINDOWS.0\system32\nvcompiler.dll
2013-07-12 09:03:14 ----A---- C:\WINDOWS.0\system32\nvapi.dll
2013-07-12 09:03:14 ----A---- C:\WINDOWS.0\system32\nv4_disp.dll
2013-07-12 09:03:14 ----A---- C:\WINDOWS.0\system32\drivers\nv4_mini.sys
2013-07-12 08:47:15 ----N---- C:\WINDOWS.0\system32\iacenc.dll
2013-07-12 08:43:12 ----D---- C:\Documents and Settings\user\Application Data\Macromedia
2013-07-12 08:40:13 ----N---- C:\WINDOWS.0\system32\MpSigStub.exe
2013-07-12 08:37:59 ----D---- C:\Documents and Settings\user\Application Data\Adobe
2013-07-12 08:37:54 ----D---- C:\WINDOWS.0\system32\SoftwareDistribution
2013-07-12 08:37:04 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Windows Genuine Advantage

======List of files/folders modified in the last 1 month======

2013-08-11 17:10:15 ----D---- C:\Program Files\trend micro
2013-08-11 12:01:06 ----D---- C:\WINDOWS.0\system32
2013-08-11 12:01:06 ----A---- C:\WINDOWS.0\system32\PerfStringBackup.INI
2013-08-11 12:00:08 ----D---- C:\WINDOWS.0\Prefetch
2013-08-11 11:57:52 ----D---- C:\WINDOWS.0\Temp
2013-08-11 00:13:28 ----A---- C:\WINDOWS.0\SchedLgU.Txt
2013-08-10 13:06:30 ----SD---- C:\Documents and Settings\user\Application Data\Microsoft
2013-08-10 12:22:57 ----RSHDC---- C:\WINDOWS.0\system32\dllcache
2013-08-10 12:22:52 ----D---- C:\WINDOWS.0\system32\drivers
2013-08-10 12:22:49 ----D---- C:\WINDOWS.0\system32\CatRoot2
2013-08-04 18:35:11 ----SD---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft
2013-08-02 14:55:09 ----D---- C:\WINDOWS.0
2013-07-31 21:02:47 ----SHD---- C:\WINDOWS.0\Installer
2013-07-31 21:02:45 ----SHD---- C:\Config.Msi
2013-07-31 20:52:28 ----RD---- C:\Program Files
2013-07-31 20:27:59 ----RSD---- C:\WINDOWS.0\assembly
2013-07-31 20:27:59 ----D---- C:\WINDOWS.0\Microsoft.NET
2013-07-31 20:17:53 ----HD---- C:\WINDOWS.0\inf
2013-07-31 20:17:49 ----A---- C:\WINDOWS.0\imsins.BAK
2013-07-31 20:17:39 ----D---- C:\WINDOWS.0\Registration
2013-07-31 19:57:36 ----D---- C:\WINDOWS.0\system32\CatRoot
2013-07-31 19:53:29 ----RSH---- C:\boot.ini
2013-07-31 19:53:29 ----A---- C:\WINDOWS.0\win.ini
2013-07-31 19:53:29 ----A---- C:\WINDOWS.0\system.ini
2013-07-31 19:50:50 ----D---- C:\WINDOWS.0\system32\config
2013-07-31 19:48:38 ----D---- C:\WINDOWS.0\WinSxS
2013-07-31 19:16:24 ----D---- C:\WINDOWS.0\Help
2013-07-31 19:16:12 ----D---- C:\WINDOWS.0\system32\wbem
2013-07-31 19:15:26 ----D---- C:\WINDOWS.0\system32\en-US
2013-07-31 19:14:18 ----D---- C:\Program Files\Windows Media Player
2013-07-31 18:51:57 ----D---- C:\WINDOWS.0\security
2013-07-31 17:15:15 ----RSD---- C:\WINDOWS.0\Fonts
2013-07-31 17:14:49 ----D---- C:\WINDOWS.0\system32\spool
2013-07-30 21:44:32 ----D---- C:\WINDOWS1
2013-07-30 21:15:25 ----D---- C:\Temp
2013-07-30 21:13:07 ----D---- C:\Program Files\NVIDIA Corporation
2013-07-30 21:12:21 ----D---- C:\Program Files\Internet Explorer
2013-07-30 19:58:02 ----D---- C:\WINDOWS.0\system32\RTCOM
2013-07-30 19:55:30 ----A---- C:\WINDOWS.0\vncutil.exe
2013-07-30 19:55:30 ----A---- C:\WINDOWS.0\SOUNDMAN.EXE
2013-07-30 19:55:30 ----A---- C:\WINDOWS.0\SkyTel.exe
2013-07-30 19:55:29 ----A---- C:\WINDOWS.0\RtlUpd.exe
2013-07-30 19:55:29 ----A---- C:\WINDOWS.0\RTLCPL.EXE
2013-07-30 19:55:27 ----A---- C:\WINDOWS.0\RtkAudioService.exe
2013-07-30 19:55:27 ----A---- C:\WINDOWS.0\RTHDCPL.EXE
2013-07-30 19:55:24 ----A---- C:\WINDOWS.0\MicCal.exe
2013-07-30 19:55:21 ----A---- C:\WINDOWS.0\ALCWZRD.EXE
2013-07-30 19:55:20 ----A---- C:\WINDOWS.0\ALCMTR.EXE
2013-07-30 19:18:45 ----D---- C:\WINDOWS.0\SoftwareDistribution
2013-07-30 19:18:44 ----SD---- C:\WINDOWS.0\Downloaded Program Files
2013-07-30 19:17:33 ----D---- C:\Program Files\Winamp
2013-07-30 19:12:48 ----D---- C:\WINDOWS.0\system32\DirectX
2013-07-30 18:57:57 ----SD---- C:\WINDOWS.0\Tasks
2013-07-30 18:25:03 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-07-30 18:24:36 ----D---- C:\Program Files\Mozilla Firefox
2013-07-30 18:17:47 ----D---- C:\WINDOWS.0\system32\ias
2013-07-30 18:15:10 ----D---- C:\WINDOWS.0\Network Diagnostic
2013-07-30 18:01:10 ----SHD---- C:\System Volume Information
2013-07-30 18:01:10 ----D---- C:\WINDOWS.0\system32\Restore
2013-07-12 09:33:04 ----D---- C:\WINDOWS.0\system32\ReinstallBackups
2013-07-12 09:08:56 ----D---- C:\Documents and Settings
2013-07-12 08:39:51 ----D---- C:\Program Files\Realtek

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdide;amdide; C:\WINDOWS.0\system32\DRIVERS\amdide.sys [2010-06-30 11832]
R0 mv61xxmm;mv61xxmm; C:\WINDOWS.0\system32\drivers\mv61xxmm.sys [2011-09-14 13616]
R0 mv64xxmm;mv64xxmm; C:\WINDOWS.0\system32\drivers\mv64xxmm.sys [2011-09-14 5632]
R0 mvxxmm;mvxxmm; C:\WINDOWS.0\system32\drivers\mvxxmm.sys [2011-09-14 13616]
R0 PxHelp20;PxHelp20; C:\WINDOWS.0\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS.0\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 eamon;eamon; C:\WINDOWS.0\system32\DRIVERS\eamon.sys [2013-01-10 161368]
R1 ehdrv;ehdrv; C:\WINDOWS.0\system32\DRIVERS\ehdrv.sys [2013-01-10 122240]
R1 epfwtdi;epfwtdi; C:\WINDOWS.0\system32\DRIVERS\epfwtdi.sys [2013-02-14 62512]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS.0\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 epfw;epfw; C:\WINDOWS.0\system32\DRIVERS\epfw.sys [2013-01-10 150080]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS.0\system32\DRIVERS\rspndr.sys [2011-09-14 62848]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS.0\system32\DRIVERS\Epfwndis.sys [2013-01-10 40376]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS.0\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS.0\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS.0\system32\drivers\RtkHDAud.sys [2013-07-30 5788672]
R3 mouhid;Mouse HID Driver; C:\WINDOWS.0\system32\DRIVERS\mouhid.sys [2011-09-14 12160]
R3 nv;nv; C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys [2013-06-21 10973504]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS.0\system32\drivers\nvhda32.sys [2013-02-25 128672]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS.0\system32\DRIVERS\Rtenicxp.sys [2008-10-30 117888]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS.0\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Ambfilt;Ambfilt; C:\WINDOWS.0\system32\drivers\Ambfilt.sys [2013-07-30 1684736]
S3 Monfilt;Monfilt; C:\WINDOWS.0\system32\drivers\Monfilt.sys [2013-07-30 1389056]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS.0\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS.0\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS.0\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS.0\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 exFat;exFat; C:\WINDOWS.0\system32\drivers\exFat.sys [2011-09-14 133632]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2013-03-21 1341664]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-07-30 182184]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS.0\system32\nvsvc32.exe [2013-06-21 156960]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-03-23 1259296]
R2 WSearch;Windows Search; C:\WINDOWS.0\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS.0\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS.0\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-30 257416]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS.0\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe [2013-06-18 117144]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS.0\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-01-30 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS.0\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-04-18 754856]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS.0\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Zdravim

Je s pc nejaky problem, nebo jde ciste jen o prevenci?

Udelejte !!!kompletni!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

Viem, že neskoro, ale predsa...

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verzia databázy: v2013.09.17.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user :: USER-D55BF56392 [administrátor]

18. 9. 2013 18:03:19
MBAM-log-2013-09-18 (19-52-17).txt

Typ kontroly: Úplná kontrola (C:\|D:\|)
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 588888
Uplynutý čas: 1 hod, 49 min, 18 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 2
C:\Documents and Settings\Peter\Application Data\OpenCandy (PUP.Optional.OpenCandy) -> Žiadna úloha nevykonaná.
C:\Documents and Settings\Peter\Application Data\OpenCandy\OpenCandy_DD272FB04C5345FD9C1F716EA44DBE9E (PUP.Optional.OpenCandy) -> Žiadna úloha nevykonaná.

Detegované súbory: 3
C:\Documents and Settings\Peter\Application Data\OpenCandy\OpenCandy_DD272FB04C5345FD9C1F716EA44DBE9E\LatestDLMgr.exe (PUP.Optional.OpenCandy) -> Žiadna úloha nevykonaná.
C:\Documents and Settings\Peter\Application Data\OpenCandy\OpenCandy_DD272FB04C5345FD9C1F716EA44DBE9E\2209.ico (PUP.Optional.OpenCandy) -> Žiadna úloha nevykonaná.
C:\Documents and Settings\Peter\Application Data\OpenCandy\OpenCandy_DD272FB04C5345FD9C1F716EA44DBE9E\driverscanner (33).exe (PUP.Optional.OpenCandy) -> Žiadna úloha nevykonaná.

(koniec)

Nalezy nechte odstranit, pak MBAM odinstalujte.

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Spustte ho.
Kliknete na Scan a program zacne pracovat.
Az skonci, vyplivne na vas log (pokud ne, najdete ho zde C:\AdwCleaner\AdwCleaner[R?].txt ), ten mi sem zkopirujte.

# AdwCleaner v3.004 - Report created 20/09/2013 at 12:18:03
# Updated 15/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : user - USER-D55BF56392
# Running from : C:\Documents and Settings\user\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v24.0 (sk)

[ File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\9pmm0c8i.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [997 octets] - [20/09/2013 12:11:41]
AdwCleaner[R1].txt - [918 octets] - [20/09/2013 12:18:03]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [977 octets] ##########

Znovu ukoncete vsechny programy a spustte AdwCleaner.
Tentokrat kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne dalsi log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zase zkopirujte.

# AdwCleaner v3.004 - Report created 22/09/2013 at 14:00:17
# Updated 15/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : user - USER-D55BF56392
# Running from : C:\Documents and Settings\user\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v24.0 (sk)

[ File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\9pmm0c8i.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [997 octets] - [20/09/2013 12:11:41]
AdwCleaner[R1].txt - [1056 octets] - [20/09/2013 12:18:03]
AdwCleaner[R2].txt - [1007 octets] - [22/09/2013 13:59:11]
AdwCleaner[S0].txt - [932 octets] - [22/09/2013 14:00:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [991 octets] ##########

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu a spustte.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte

RogueKiller V8.6.12 [Sep 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operačný systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spustené v : Normálny režim
Užívateľ : user [Práva Správcu]
Režim : Kontrola -- Dátum : 09/23/2013 20:34:03
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy : 0 ¤¤¤

¤¤¤ Záznamy Registrov : 2 ¤¤¤
[HJ][PUM] HKLM\[...]\SystemRestore : DisableSR (1) -> NÁJDENÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NÁJDENÉ

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spustenie položky : 0 ¤¤¤

¤¤¤ webové prehliadače : 0 ¤¤¤

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač : [NAHRATÉ] ¤¤¤

¤¤¤ Vonkajšie Hives: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - Maxtor 6V200E0 +++++
--- User ---
[MBR] 6ced7f61992bd5835637b35206a20221
[BSP] 197f119e8eeb35037e2e868e7a704b56 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 51222 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 104904450 | Size: 143243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončené : << RKreport[0]_S_09232013_203403.txt >>

Znovu spustte RogueKiller (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.

RogueKiller V8.6.12 [Sep 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operačný systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spustené v : Normálny režim
Užívateľ : user [Práva Správcu]
Režim : Odebrať -- Dátum : 09/24/2013 13:52:52
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy : 0 ¤¤¤

¤¤¤ Záznamy Registrov : 2 ¤¤¤
[HJ][PUM] HKLM\[...]\SystemRestore : DisableSR (1) -> NAHRADENÉ (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRADENÉ (0)

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spustenie položky : 0 ¤¤¤

¤¤¤ webové prehliadače : 0 ¤¤¤

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač : [NAHRATÉ] ¤¤¤

¤¤¤ Vonkajšie Hives: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - Maxtor 6V200E0 +++++
--- User ---
[MBR] 6ced7f61992bd5835637b35206a20221
[BSP] 197f119e8eeb35037e2e868e7a704b56 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 51222 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 104904450 | Size: 143243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončené : << RKreport[0]_D_09242013_135252.txt >>
RKreport[0]_S_09242013_135232.txt

RogueKiller V8.6.12 [Sep 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operačný systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spustené v : Normálny režim
Užívateľ : user [Práva Správcu]
Režim : Oprava HOSTS -- Dátum : 09/24/2013 13:54:09
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy : 0 ¤¤¤

¤¤¤ Záznamy Registrov : 0 ¤¤¤

¤¤¤ Ovládač : [NAHRATÉ] ¤¤¤

¤¤¤ Vonkajšie Hives: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončené : << RKreport[0]_H_09242013_135409.txt >>
RKreport[0]_D_09242013_135252.txt;RKreport[0]_S_09242013_135232.txt

Dejte novy log z RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by user at 2013-09-25 23:43:23
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 17 GB (34%) free of 51 GB
Total RAM: 1023 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:44:01, on 25. 9. 2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\RunDLL32.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\SearchIndexer.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS.0\system32\SearchProtocolHost.exe
C:\Documents and Settings\user\Desktop\RSIT.exe
C:\Program Files\trend micro\user.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS.0\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-796845957-1897051121-682003330-1004\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5204719224
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS.0\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS.0\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

--
End of file - 5922 bytes

======Scheduled tasks folder======

C:\WINDOWS.0\tasks\Adobe Flash Player Updater.job
C:\WINDOWS.0\tasks\AutoKMS.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\9pmm0c8i.default

prefs.js - "browser.startup.homepage" - "www.google.sk"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.168 Plugin
"Path"=C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.40.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS.0\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\plugins\
NPOFF12.DLL
nppdf32.dll

C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\9pmm0c8i.default\extensions\
{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-03-09 4171464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-09-17 462248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-09-17 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS.0\system32\NvCpl.dll [2013-06-21 15677728]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2013-03-21 5078504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"=C:\WINDOWS.0\system32\sti_ci.dll [2008-04-14 136704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS.0\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS.0\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nvtmru]
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [2013-05-16 1012000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2013-03-23 1982312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [2013-04-22 720064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS.0\RTHDCPL.EXE [2013-07-30 18665472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-03-09 4171464]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=schannel.dll, credssp.dll, digest.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS.0\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS.0\system32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-09-25 23:43:23 ----D---- C:\rsit
2013-09-20 12:20:50 ----D---- C:\WINDOWS.0\system32\appmgmt
2013-09-20 12:11:38 ----D---- C:\AdwCleaner
2013-09-19 23:54:48 ----D---- C:\Program Files\Mozilla Firefox
2013-09-18 19:07:39 ----A---- C:\WINDOWS.0\AutoKMS.ini
2013-09-17 18:13:56 ----D---- C:\Program Files\Microsoft Synchronization Services
2013-09-17 18:12:36 ----D---- C:\Program Files\Microsoft Sync Framework
2013-09-17 18:12:36 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2013-09-17 18:10:09 ----D---- C:\Program Files\Microsoft Visual Studio 8
2013-09-17 18:08:14 ----D---- C:\Program Files\Microsoft Analysis Services
2013-09-17 18:08:01 ----D---- C:\WINDOWS.0\SHELLNEW
2013-09-17 18:06:09 ----D---- C:\Program Files\Microsoft Office
2013-09-17 18:06:04 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft Help
2013-09-17 18:03:55 ----RHD---- C:\MSOCache
2013-09-17 16:55:46 ----D---- C:\Documents and Settings\user\Application Data\Malwarebytes
2013-09-17 16:55:24 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes
2013-09-17 16:51:06 ----A---- C:\WINDOWS.0\system32\javaws.exe
2013-09-17 16:51:00 ----A---- C:\WINDOWS.0\system32\WindowsAccessBridge.dll
2013-09-17 16:50:59 ----A---- C:\WINDOWS.0\system32\javaw.exe
2013-09-17 16:50:59 ----A---- C:\WINDOWS.0\system32\java.exe
2013-09-17 16:50:37 ----D---- C:\Program Files\Java
2013-09-12 18:52:30 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2876315$
2013-09-12 18:52:24 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2876217$
2013-09-12 18:52:13 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2864063$
2013-09-08 21:28:41 ----D---- C:\Documents and Settings\user\Application Data\AnvSoft
2013-09-08 21:28:37 ----D---- C:\Program Files\AnvSoft
2013-09-03 21:26:45 ----D---- C:\Documents and Settings\user\Application Data\Google
2013-08-28 18:18:05 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2834904-v2_WM11$

======List of files/folders modified in the last 1 month======

2013-09-25 23:43:29 ----D---- C:\Program Files\trend micro
2013-09-25 23:41:57 ----D---- C:\WINDOWS.0\Temp
2013-09-25 00:27:04 ----A---- C:\WINDOWS.0\SchedLgU.Txt
2013-09-25 00:22:38 ----D---- C:\WINDOWS.0\Prefetch
2013-09-24 23:22:44 ----D---- C:\WINDOWS.0\system32
2013-09-24 23:22:44 ----A---- C:\WINDOWS.0\system32\PerfStringBackup.INI
2013-09-24 14:32:18 ----RSH---- C:\boot.ini
2013-09-24 14:31:46 ----SHD---- C:\System Volume Information
2013-09-24 14:31:46 ----D---- C:\WINDOWS.0\system32\Restore
2013-09-24 14:30:14 ----D---- C:\Documents and Settings\user\Application Data\vlc
2013-09-24 14:25:56 ----A---- C:\WINDOWS.0\win.ini
2013-09-24 14:25:56 ----A---- C:\WINDOWS.0\system.ini
2013-09-24 14:07:00 ----D---- C:\WINDOWS.0
2013-09-24 13:52:27 ----D---- C:\WINDOWS.0\system32\drivers
2013-09-24 13:51:13 ----D---- C:\WINDOWS.0\system32\CatRoot2
2013-09-20 12:28:04 ----D---- C:\Program Files\Google
2013-09-20 12:28:03 ----SHD---- C:\WINDOWS.0\Installer
2013-09-20 12:28:03 ----SHD---- C:\Config.Msi
2013-09-20 12:28:03 ----SD---- C:\WINDOWS.0\Tasks
2013-09-20 12:20:22 ----RD---- C:\Program Files
2013-09-20 12:10:37 ----D---- C:\WINDOWS.0\AppPatch
2013-09-20 11:22:47 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-09-19 20:37:41 ----A---- C:\WINDOWS.0\system32\FlashPlayerApp.exe
2013-09-19 17:50:14 ----D---- C:\Program Files\Winamp
2013-09-18 17:53:11 ----D---- C:\WINDOWS.0\Microsoft.NET
2013-09-18 17:53:10 ----RSD---- C:\WINDOWS.0\assembly
2013-09-18 09:09:15 ----D---- C:\WINDOWS.0\WinSxS
2013-09-17 22:54:48 ----SD---- C:\Documents and Settings\user\Application Data\Microsoft
2013-09-17 18:19:36 ----D---- C:\WINDOWS.0\system32\config
2013-09-17 18:16:49 ----RSD---- C:\WINDOWS.0\Fonts
2013-09-17 18:15:44 ----D---- C:\Program Files\MSBuild
2013-09-17 18:13:52 ----D---- C:\Program Files\Common Files\DESIGNER
2013-09-17 18:12:42 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-09-17 18:12:36 ----SD---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft
2013-09-17 18:12:36 ----D---- C:\WINDOWS.0\pchealth
2013-09-17 18:06:12 ----HD---- C:\WINDOWS.0\inf
2013-09-17 16:52:39 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Adobe
2013-09-17 16:50:41 ----A---- C:\WINDOWS.0\system32\npDeployJava1.dll
2013-09-17 16:50:41 ----A---- C:\WINDOWS.0\system32\deployJava1.dll
2013-09-17 16:42:25 ----D---- C:\Program Files\CCleaner
2013-09-17 16:41:45 ----D---- C:\WINDOWS.0\Logs
2013-09-17 16:41:45 ----D---- C:\WINDOWS.0\Debug
2013-09-12 18:52:59 ----RSHDC---- C:\WINDOWS.0\system32\dllcache
2013-09-12 18:52:57 ----D---- C:\Program Files\Internet Explorer
2013-09-12 18:52:42 ----D---- C:\WINDOWS.0\ie8updates
2013-09-12 18:50:47 ----D---- C:\WINDOWS.0\system32\MRT
2013-09-12 18:50:41 ----A---- C:\WINDOWS.0\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdide;amdide; C:\WINDOWS.0\system32\DRIVERS\amdide.sys [2010-06-30 11832]
R0 mv61xxmm;mv61xxmm; C:\WINDOWS.0\system32\drivers\mv61xxmm.sys [2011-09-14 13616]
R0 mv64xxmm;mv64xxmm; C:\WINDOWS.0\system32\drivers\mv64xxmm.sys [2011-09-14 5632]
R0 mvxxmm;mvxxmm; C:\WINDOWS.0\system32\drivers\mvxxmm.sys [2011-09-14 13616]
R0 PxHelp20;PxHelp20; C:\WINDOWS.0\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS.0\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 eamon;eamon; C:\WINDOWS.0\system32\DRIVERS\eamon.sys [2013-01-10 161368]
R1 ehdrv;ehdrv; C:\WINDOWS.0\system32\DRIVERS\ehdrv.sys [2013-01-10 122240]
R1 epfwtdi;epfwtdi; C:\WINDOWS.0\system32\DRIVERS\epfwtdi.sys [2013-02-14 62512]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS.0\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 epfw;epfw; C:\WINDOWS.0\system32\DRIVERS\epfw.sys [2013-01-10 150080]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS.0\system32\DRIVERS\rspndr.sys [2011-09-14 62848]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS.0\system32\DRIVERS\Epfwndis.sys [2013-01-10 40376]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS.0\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS.0\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS.0\system32\drivers\RtkHDAud.sys [2013-07-30 5788672]
R3 mouhid;Mouse HID Driver; C:\WINDOWS.0\system32\DRIVERS\mouhid.sys [2011-09-14 12160]
R3 nv;nv; C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys [2013-06-21 10973504]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS.0\system32\drivers\nvhda32.sys [2013-02-25 128672]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS.0\system32\DRIVERS\Rtenicxp.sys [2008-10-30 117888]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS.0\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Ambfilt;Ambfilt; C:\WINDOWS.0\system32\drivers\Ambfilt.sys [2013-07-30 1684736]
S3 Monfilt;Monfilt; C:\WINDOWS.0\system32\drivers\Monfilt.sys [2013-07-30 1389056]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS.0\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS.0\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS.0\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS.0\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 exFat;exFat; C:\WINDOWS.0\system32\drivers\exFat.sys [2011-09-14 133632]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2013-03-21 1341664]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-09-17 182696]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS.0\system32\nvsvc32.exe [2013-06-21 156960]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-03-23 1259296]
R2 WSearch;Windows Search; C:\WINDOWS.0\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS.0\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS.0\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-19 257416]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS.0\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-03-09 30798512]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-09-19 118680]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS.0\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-01-30 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS.0\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-04-18 754856]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS.0\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Jeste jeden sken a budem mazat.

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe , ulozte na plochu a spustte.
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

VIRY.CZ

Prosím o kontrolu

Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu