VIRY.CZ

Logfile of random's system information tool 1.09 (written by random/random)
Run by Gabriel at 2013-08-23 14:36:48
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 62 GB (40%) free of 153 GB
Total RAM: 1021 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:37:08, on 23.8.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\sttray.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Philips Display\SmartControl II\DTHtml.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Documents and Settings\Gabriel\Desktop\BEZPEČNOSŤ\RSIT.exe
C:\Program Files\trend micro\Gabriel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DT PHL] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -PHL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON SX125 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE /FU "C:\WINDOWS\TEMP\E_SF0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7923229796
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 6802 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\PCUpdater_NOTIFYSCAN.job
C:\WINDOWS\tasks\PCUpdater_UPDATES.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-24 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-24 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\WINDOWS\sttray.exe [2006-05-26 282624]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-05-09 4858968]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
"DT PHL"=C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe [2009-10-08 86016]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-08-15 98304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"EPSON SX125 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE [2009-09-14 200704]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-06-21 19875432]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2013-07-02 248208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware]
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe [2009-03-03 694824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2012-08-16 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-19 113024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"LegalNoticeText"=
"LegalNoticeCaption"=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"msacm.divxa32"=msaud32_divx.acm
"msacm.ac3filter"=ac3filter.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-08-23 11:22:26 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2013-08-16 11:20:00 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\YTD Video Downloader
2013-08-16 11:19:32 ----D---- C:\Program Files\GreenTree Applications
2013-08-15 00:11:13 ----D---- C:\WINDOWS\system32\MRT
2013-08-08 20:34:16 ----D---- C:\Documents and Settings\Gabriel\Application Data\Opera Software
2013-08-08 20:33:46 ----D---- C:\Program Files\Opera Next
2013-08-07 14:08:51 ----D---- C:\Program Files\Euro Truck Simulator 2
2013-08-05 18:32:54 ----D---- C:\Program Files\Rockstar Games
2013-08-05 17:25:51 ----D---- C:\EbuDllTmpDir
2013-08-05 17:25:37 ----D---- C:\install
2013-08-05 17:20:38 ----D---- C:\Documents and Settings\Gabriel\Application Data\ATI
2013-08-05 17:20:38 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\ATI
2013-08-05 17:17:28 ----D---- C:\Program Files\Common Files\ATI Technologies
2013-08-05 17:17:17 ----RA---- C:\WINDOWS\system32\drivers\AtihdXP3.sys
2013-08-05 17:16:56 ----RA---- C:\WINDOWS\system32\atiiiexx.dll
2013-08-05 17:16:52 ----RA---- C:\WINDOWS\system32\ATIDEMGX.dll
2013-08-05 17:16:50 ----RA---- C:\WINDOWS\system32\atiicdxx.dat
2013-08-05 17:16:44 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2013-08-05 17:16:44 ----A---- C:\WINDOWS\system32\atitvo32.dll
2013-08-05 17:16:44 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2013-08-05 17:16:43 ----A---- C:\WINDOWS\system32\ativcoxx.dll
2013-08-05 17:16:43 ----A---- C:\WINDOWS\system32\ATIODCLI.exe
2013-08-05 17:16:43 ----A---- C:\WINDOWS\system32\atimpc32.dll
2013-08-05 17:16:43 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2013-08-05 17:16:43 ----A---- C:\WINDOWS\system32\atibtmon.exe
2013-08-05 17:16:43 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2013-08-05 17:16:43 ----A---- C:\WINDOWS\system32\amdpcom32.dll
2013-08-05 17:16:42 ----A---- C:\WINDOWS\system32\atiok3x2.dll
2013-08-05 17:16:42 ----A---- C:\WINDOWS\system32\atioglxx.dll
2013-08-05 17:16:42 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2013-08-05 17:16:42 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2013-08-05 17:16:41 ----A---- C:\WINDOWS\system32\drivers\ati2erec.dll
2013-08-05 17:16:41 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2013-08-05 17:16:41 ----A---- C:\WINDOWS\system32\ATIODE.exe
2013-08-05 17:16:41 ----A---- C:\WINDOWS\system32\atiapfxx.exe
2013-08-05 17:16:41 ----A---- C:\WINDOWS\system32\atiadlxx.dll
2013-08-05 17:16:40 ----A---- C:\WINDOWS\system32\atikvmag.dll
2013-08-05 17:16:34 ----D---- C:\Program Files\ATI
2013-08-05 12:15:56 ----A---- C:\WINDOWS\system32\WPFB.DLL
2013-08-05 12:15:56 ----A---- C:\WINDOWS\system32\Machnm32.sys
2013-08-05 12:15:56 ----A---- C:\WINDOWS\system32\drivers\pivotmou.sys
2013-08-05 12:15:56 ----A---- C:\WINDOWS\system32\drivers\pivot.sys
2013-08-05 12:15:55 ----D---- C:\Program Files\Portrait Displays
2013-08-05 12:15:35 ----A---- C:\WINDOWS\system32\drivers\PdiPorts.sys
2013-08-05 12:15:27 ----A---- C:\WINDOWS\msvcr80.dll
2013-08-05 12:15:27 ----A---- C:\WINDOWS\msvcp80.dll
2013-08-05 12:15:27 ----A---- C:\WINDOWS\mfcm80u.dll
2013-08-05 12:15:27 ----A---- C:\WINDOWS\mfcm80.dll
2013-08-05 12:15:27 ----A---- C:\WINDOWS\mfc80u.dll
2013-08-05 12:15:27 ----A---- C:\WINDOWS\mfc80.dll
2013-08-05 12:15:27 ----A---- C:\WINDOWS\mfc70.dll
2013-08-05 12:15:26 ----A---- C:\WINDOWS\msvcm80.dll
2013-08-05 12:15:26 ----A---- C:\WINDOWS\ijl15.dll
2013-08-05 12:15:26 ----A---- C:\WINDOWS\atl80.dll
2013-08-05 12:15:24 ----D---- C:\Program Files\Philips Display
2013-08-05 12:15:24 ----D---- C:\Program Files\Common Files\Portrait Displays

======List of files/folders modified in the last 1 month======

2013-08-23 14:36:57 ----D---- C:\Program Files\Trend Micro
2013-08-23 14:36:56 ----D---- C:\WINDOWS\Prefetch
2013-08-23 13:10:57 ----D---- C:\Documents and Settings\Gabriel\Application Data\Skype
2013-08-23 11:31:28 ----D---- C:\WINDOWS\Temp
2013-08-23 11:23:08 ----D---- C:\WINDOWS
2013-08-23 11:22:26 ----D---- C:\WINDOWS\system32
2013-08-23 01:15:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-08-22 22:58:22 ----D---- C:\WINDOWS\system32\config
2013-08-22 20:00:59 ----SD---- C:\WINDOWS\Tasks
2013-08-22 01:35:55 ----D---- C:\WINDOWS\system32\CatRoot2
2013-08-21 10:11:15 ----D---- C:\Program Files\WinRAR
2013-08-21 00:35:38 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-08-18 11:11:16 ----D---- C:\WINDOWS\Debug
2013-08-18 10:25:02 ----SHD---- C:\WINDOWS\Installer
2013-08-18 10:25:01 ----HD---- C:\Config.Msi
2013-08-18 10:24:57 ----D---- C:\Program Files
2013-08-15 19:08:15 ----D---- C:\WINDOWS\system32\drivers
2013-08-15 16:56:52 ----D---- C:\Program Files\SUPERAntiSpyware
2013-08-15 13:17:29 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2013-08-15 13:17:27 ----D---- C:\Program Files\SpywareBlaster
2013-08-15 11:35:51 ----D---- C:\WINDOWS\Microsoft.NET
2013-08-15 11:35:47 ----RSD---- C:\WINDOWS\assembly
2013-08-15 11:17:38 ----D---- C:\Program Files\TomTom HOME 2
2013-08-15 00:15:55 ----HD---- C:\WINDOWS\inf
2013-08-15 00:15:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-08-15 00:15:49 ----D---- C:\Program Files\Internet Explorer
2013-08-15 00:15:31 ----D---- C:\WINDOWS\ie8updates
2013-08-15 00:09:17 ----A---- C:\WINDOWS\system32\MRT.exe
2013-08-15 00:03:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-08-15 00:03:21 ----D---- C:\WINDOWS\WinSxS
2013-08-10 18:13:18 ----D---- C:\Program Files\DOSBox-0.74
2013-08-06 17:08:11 ----D---- C:\WINDOWS\Minidump
2013-08-05 17:37:51 ----SH---- C:\boot.ini
2013-08-05 17:37:51 ----D---- C:\WINDOWS\pss
2013-08-05 17:37:51 ----A---- C:\WINDOWS\win.ini
2013-08-05 17:37:51 ----A---- C:\WINDOWS\system.ini
2013-08-05 17:25:53 ----HD---- C:\Program Files\InstallShield Installation Information
2013-08-05 17:18:16 ----D---- C:\Program Files\ATI Technologies
2013-08-05 17:17:09 ----DC---- C:\WINDOWS\system32\DRVSTORE
2013-08-05 12:18:01 ----D---- C:\Documents and Settings\Gabriel\Application Data\DisplayTune
2013-08-05 12:15:24 ----D---- C:\Program Files\Common Files
2013-07-26 04:47:17 ----N---- C:\WINDOWS\system32\occache.dll
2013-07-26 04:47:17 ----A---- C:\WINDOWS\system32\wininet.dll
2013-07-26 04:47:17 ----A---- C:\WINDOWS\system32\urlmon.dll
2013-07-26 04:47:17 ----A---- C:\WINDOWS\system32\url.dll
2013-07-26 04:47:16 ----N---- C:\WINDOWS\system32\mstime.dll
2013-07-26 04:47:16 ----A---- C:\WINDOWS\system32\mshtmled.dll
2013-07-26 04:47:16 ----A---- C:\WINDOWS\system32\mshtml.dll
2013-07-26 04:47:14 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2013-07-26 04:47:14 ----A---- C:\WINDOWS\system32\msfeeds.dll
2013-07-26 04:47:13 ----N---- C:\WINDOWS\system32\licmgr10.dll
2013-07-26 04:47:13 ----N---- C:\WINDOWS\system32\jsproxy.dll
2013-07-26 04:47:12 ----A---- C:\WINDOWS\system32\iertutil.dll
2013-07-26 04:47:11 ----A---- C:\WINDOWS\system32\iepeers.dll
2013-07-26 04:47:10 ----A---- C:\WINDOWS\system32\ieframe.dll
2013-07-26 04:47:06 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2013-07-25 21:23:02 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2013-07-25 17:48:36 ----D---- C:\Program Files\Defraggler
2013-07-25 17:47:38 ----D---- C:\Program Files\CCleaner
2013-07-24 17:50:41 ----SD---- C:\WINDOWS\Downloaded Program Files
2013-07-24 10:45:48 ----D---- C:\Program Files\CDBurnerXP

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2013-05-09 49376]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2013-06-28 175176]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2013-05-09 49760]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2013-06-28 770344]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2013-06-28 369584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2013-05-09 56080]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 Pivot;Pivot; C:\WINDOWS\System32\drivers\pivot.sys [2009-03-03 17465]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-05-09 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R2 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2012-06-03 5504]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2012-08-16 6810624]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP3.sys [2012-02-23 99856]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-01-12 163328]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 PdiPorts;Portrait Displays low level device driver; C:\WINDOWS\System32\Drivers\PdiPorts.sys [2009-07-15 17136]
R3 pivotmou;Pivot Mouse/Pointers Filter Driver; \??\C:\WINDOWS\system32\drivers\pivotmou.sys []
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-05-26 1177032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2013-01-31 83168]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-12-03 41728]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2013-01-31 181344]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SWDUMon;SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [2013-06-05 13464]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WinUSB;SAMSUNG Android USB Driver; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2012-08-16 643072]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-05-09 46808]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [2009-10-08 69632]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-06-24 182184]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 PdiService;Portrait Displays SDK Service; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2009-07-15 109168]
R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe [2006-05-26 86016]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2013-07-02 93072]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-20 116648]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-06-21 162408]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21 257416]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-20 116648]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Zdravim

Vidim tam MBAM. Nasel neco pri kompletni kontrole?

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Spustte ho.
Kliknete na Scan a program zacne pracovat.
Az skonci, vyplivne na vas log (pokud ne, najdete ho zde C:\AdwCleaner[R?].txt ), ten mi sem zkopirujte.

Zdravim, MBAM nasiel 7 objektov, tu je log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verzia databázy: v2013.08.25.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gabriel :: GABRIELN [administrátor]

25.8.2013 19:19:30
MBAM-log-2013-08-25 (20-37-28).txt

Typ kontroly: Úplná kontrola (C:\|)
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 479936
Uplynutý čas: 1 hod, 16 min, 11 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 3
C:\Documents and Settings\Gabriel\Application Data\OpenCandy (PUP.Optional.OpenCandy) -> Žiadna úloha nevykonaná.
C:\Documents and Settings\Gabriel\Application Data\OpenCandy\19A486848F05464F849A6F1B559369B7 (PUP.Optional.OpenCandy) -> Žiadna úloha nevykonaná.
C:\Documents and Settings\Gabriel\Application Data\OpenCandy\7C90544681FC4FCEA0BC9A5A237465FA (PUP.Optional.OpenCandy) -> Žiadna úloha nevykonaná.

Detegované súbory: 4
C:\Documents and Settings\All Users.WINDOWS\Application Data\YTD Video Downloader\ytd_installer.exe (PUP.Optional.BundledToolBar.A) -> Žiadna úloha nevykonaná.
C:\System Volume Information\_restore{8E2B6774-B028-4F95-87DC-DFEDAF1E4009}\RP348\A0062693.exe (PUP.Optional.Wajam.A) -> Žiadna úloha nevykonaná.
C:\Documents and Settings\Gabriel\Application Data\OpenCandy\19A486848F05464F849A6F1B559369B7\RegistryReviverSetup_AFF.exe (PUP.Optional.OpenCandy) -> Žiadna úloha nevykonaná.
C:\Documents and Settings\Gabriel\Application Data\OpenCandy\7C90544681FC4FCEA0BC9A5A237465FA\RegistryReviverSetup_AFF.exe (PUP.Optional.OpenCandy) -> Žiadna úloha nevykonaná.

(koniec)


a log AdWCleaner je tu:

# AdwCleaner v3.001 - Report created 25/08/2013 at 00:17:53
# Updated 24/08/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Gabriel - GABRIELN
# Running from : C:\Documents and Settings\Gabriel\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Found C:\Documents and Settings\Gabriel\Application Data\OpenCandy

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


*************************

AdwCleaner[R0].txt - [740 octets] - [25/08/2013 00:17:53]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [799 octets] ##########

V MBAM nechte vsechny nalezy odstranit. A jelikoz je havet i v bodech obnovy, je treba je vymazat http://forum.viry.cz/viewtopic.php?f=46&t=47040

Az to udelate, pokracujte ADWCleanerem

Znovu ukoncete vsechny programy a spustte AdwCleaner.
Tentokrat kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne dalsi log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zase zkopirujte.

Hotovo:

# AdwCleaner v3.001 - Report created 26/08/2013 at 12:31:36
# Updated 24/08/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Gabriel - GABRIELN
# Running from : C:\Documents and Settings\Gabriel\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


*************************

AdwCleaner[R0].txt - [878 octets] - [25/08/2013 00:17:53]
AdwCleaner[R1].txt - [862 octets] - [26/08/2013 11:51:01]
AdwCleaner[S0].txt - [790 octets] - [26/08/2013 12:31:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [849 octets] ##########

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu a spustte.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte

Tu je log:

RogueKiller V8.6.6 [Aug 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operačný systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spustené v : Normálny režim
Užívateľ : Gabriel [Práva Správcu]
Režim : Kontrola -- Dátum : 08/27/2013 14:21:50
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy : 1 ¤¤¤
[SUSP PATH] Foxit Reader Updater.exe -- C:\Documents and Settings\Gabriel\Local Settings\Temp\Foxit Reader Updater.exe [7] -> ZASTAVENÉ [TermProc]

¤¤¤ Záznamy Registrov : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NÁJDENÉ

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spustenie položky : 0 ¤¤¤

¤¤¤ webové prehliadače : 0 ¤¤¤

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač : [NAHRATÉ] ¤¤¤

¤¤¤ Vonkajšie Hives: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600AAJS-00PSA0 +++++
--- User ---
[MBR] 883673c6c824d6273ceb2d470dc58a14
[BSP] 7f97d14e072ebbd3a59f4790fc400c73 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončené : << RKreport[0]_S_08272013_142150.txt >>

Znovu spustte RogueKiller (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.

Prvy log:

RogueKiller V8.6.7 [Aug 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operačný systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spustené v : Normálny režim
Užívateľ : Gabriel [Práva Správcu]
Režim : Odebrať -- Dátum : 08/28/2013 16:39:08
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy : 0 ¤¤¤

¤¤¤ Záznamy Registrov : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRADENÉ (0)

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spustenie položky : 0 ¤¤¤

¤¤¤ webové prehliadače : 0 ¤¤¤

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač : [NAHRATÉ] ¤¤¤

¤¤¤ Vonkajšie Hives: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600AAJS-00PSA0 +++++
--- User ---
[MBR] 883673c6c824d6273ceb2d470dc58a14
[BSP] 7f97d14e072ebbd3a59f4790fc400c73 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončené : << RKreport[0]_D_08282013_163908.txt >>
RKreport[0]_S_08272013_142150.txt;RKreport[0]_S_08282013_163845.txt



Druhy log:

RogueKiller V8.6.7 [Aug 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operačný systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spustené v : Normálny režim
Užívateľ : Gabriel [Práva Správcu]
Režim : Oprava HOSTS -- Dátum : 08/28/2013 16:40:05
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy : 0 ¤¤¤

¤¤¤ Záznamy Registrov : 0 ¤¤¤

¤¤¤ Ovládač : [NAHRATÉ] ¤¤¤

¤¤¤ Vonkajšie Hives: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost


Dokončené : << RKreport[0]_H_08282013_164005.txt >>
RKreport[0]_D_08282013_163908.txt;RKreport[0]_S_08272013_142150.txt;RKreport[0]_S_08282013_163845.txt

Dejte novy log z RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by Gabriel at 2013-08-28 19:31:59
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 75 GB (49%) free of 153 GB
Total RAM: 1021 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:32:12, on 28.8.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\sttray.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE
C:\Program Files\Philips Display\SmartControl II\DTHtml.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Gabriel\Desktop\BEZPEČNOSŤ\RSIT.exe
C:\Program Files\trend micro\Gabriel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DT PHL] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -PHL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON SX125 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE /FU "C:\WINDOWS\TEMP\E_SF0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7923229796
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 6868 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\PCUpdater_NOTIFYSCAN.job
C:\WINDOWS\tasks\PCUpdater_UPDATES.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-24 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-24 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\WINDOWS\sttray.exe [2006-05-26 282624]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-05-09 4858968]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
"DT PHL"=C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe [2009-10-08 86016]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-08-15 98304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"EPSON SX125 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE [2009-09-14 200704]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-06-21 19875432]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2013-07-02 248208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware]
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe [2009-03-03 694824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2012-08-16 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-19 113024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"LegalNoticeText"=
"LegalNoticeCaption"=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"msacm.divxa32"=msaud32_divx.acm
"msacm.ac3filter"=ac3filter.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-08-25 00:17:48 ----D---- C:\AdwCleaner
2013-08-16 11:19:32 ----D---- C:\Program Files\GreenTree Applications
2013-08-15 00:11:13 ----D---- C:\WINDOWS\system32\MRT
2013-08-08 20:34:16 ----D---- C:\Documents and Settings\Gabriel\Application Data\Opera Software
2013-08-08 20:33:46 ----D---- C:\Program Files\Opera Next
2013-08-07 14:08:51 ----D---- C:\Program Files\Euro Truck Simulator 2
2013-08-05 18:32:54 ----D---- C:\Program Files\Rockstar Games
2013-08-05 17:25:51 ----D---- C:\EbuDllTmpDir
2013-08-05 17:25:37 ----D---- C:\install
2013-08-05 17:20:38 ----D---- C:\Documents and Settings\Gabriel\Application Data\ATI
2013-08-05 17:20:38 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\ATI
2013-08-05 17:17:28 ----D---- C:\Program Files\Common Files\ATI Technologies
2013-08-05 17:17:17 ----RA---- C:\WINDOWS\system32\drivers\AtihdXP3.sys
2013-08-05 17:16:56 ----RA---- C:\WINDOWS\system32\atiiiexx.dll
2013-08-05 17:16:52 ----RA---- C:\WINDOWS\system32\ATIDEMGX.dll
2013-08-05 17:16:50 ----RA---- C:\WINDOWS\system32\atiicdxx.dat
2013-08-05 17:16:44 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2013-08-05 17:16:44 ----A---- C:\WINDOWS\system32\atitvo32.dll
2013-08-05 17:16:44 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2013-08-05 17:16:43 ----A---- C:\WINDOWS\system32\ativcoxx.dll
2013-08-05 17:16:43 ----A---- C:\WINDOWS\system32\ATIODCLI.exe
2013-08-05 17:16:43 ----A---- C:\WINDOWS\system32\atimpc32.dll
2013-08-05 17:16:43 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2013-08-05 17:16:43 ----A---- C:\WINDOWS\system32\atibtmon.exe
2013-08-05 17:16:43 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2013-08-05 17:16:43 ----A---- C:\WINDOWS\system32\amdpcom32.dll
2013-08-05 17:16:42 ----A---- C:\WINDOWS\system32\atiok3x2.dll
2013-08-05 17:16:42 ----A---- C:\WINDOWS\system32\atioglxx.dll
2013-08-05 17:16:42 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2013-08-05 17:16:42 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2013-08-05 17:16:41 ----A---- C:\WINDOWS\system32\drivers\ati2erec.dll
2013-08-05 17:16:41 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2013-08-05 17:16:41 ----A---- C:\WINDOWS\system32\ATIODE.exe
2013-08-05 17:16:41 ----A---- C:\WINDOWS\system32\atiapfxx.exe
2013-08-05 17:16:41 ----A---- C:\WINDOWS\system32\atiadlxx.dll
2013-08-05 17:16:40 ----A---- C:\WINDOWS\system32\atikvmag.dll
2013-08-05 17:16:34 ----D---- C:\Program Files\ATI
2013-08-05 12:15:56 ----A---- C:\WINDOWS\system32\WPFB.DLL
2013-08-05 12:15:56 ----A---- C:\WINDOWS\system32\Machnm32.sys
2013-08-05 12:15:56 ----A---- C:\WINDOWS\system32\drivers\pivotmou.sys
2013-08-05 12:15:56 ----A---- C:\WINDOWS\system32\drivers\pivot.sys
2013-08-05 12:15:55 ----D---- C:\Program Files\Portrait Displays
2013-08-05 12:15:35 ----A---- C:\WINDOWS\system32\drivers\PdiPorts.sys
2013-08-05 12:15:27 ----A---- C:\WINDOWS\msvcr80.dll
2013-08-05 12:15:27 ----A---- C:\WINDOWS\msvcp80.dll
2013-08-05 12:15:27 ----A---- C:\WINDOWS\mfcm80u.dll
2013-08-05 12:15:27 ----A---- C:\WINDOWS\mfcm80.dll
2013-08-05 12:15:27 ----A---- C:\WINDOWS\mfc80u.dll
2013-08-05 12:15:27 ----A---- C:\WINDOWS\mfc80.dll
2013-08-05 12:15:27 ----A---- C:\WINDOWS\mfc70.dll
2013-08-05 12:15:26 ----A---- C:\WINDOWS\msvcm80.dll
2013-08-05 12:15:26 ----A---- C:\WINDOWS\ijl15.dll
2013-08-05 12:15:26 ----A---- C:\WINDOWS\atl80.dll
2013-08-05 12:15:24 ----D---- C:\Program Files\Philips Display
2013-08-05 12:15:24 ----D---- C:\Program Files\Common Files\Portrait Displays

======List of files/folders modified in the last 1 month======

2013-08-28 19:32:07 ----D---- C:\Program Files\Trend Micro
2013-08-28 16:42:48 ----D---- C:\WINDOWS\system32
2013-08-28 16:42:45 ----D---- C:\WINDOWS\Temp
2013-08-28 16:38:41 ----D---- C:\WINDOWS\system32\drivers
2013-08-28 16:37:05 ----D---- C:\WINDOWS\system32\CatRoot2
2013-08-28 11:22:15 ----D---- C:\WINDOWS
2013-08-28 11:20:50 ----D---- C:\Program Files\CCleaner
2013-08-28 11:20:49 ----D---- C:\WINDOWS\Prefetch
2013-08-28 11:19:21 ----D---- C:\Documents and Settings\Gabriel\Application Data\Skype
2013-08-28 01:13:27 ----N---- C:\WINDOWS\SchedLgU.Txt
2013-08-26 11:49:58 ----SHD---- C:\System Volume Information
2013-08-26 11:49:58 ----D---- C:\WINDOWS\system32\Restore
2013-08-26 11:08:54 ----D---- C:\WINDOWS\system32\config
2013-08-25 20:41:27 ----D---- C:\WINDOWS\addins
2013-08-22 20:00:59 ----SD---- C:\WINDOWS\Tasks
2013-08-21 10:11:15 ----D---- C:\Program Files\WinRAR
2013-08-21 00:35:38 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-08-18 11:11:16 ----D---- C:\WINDOWS\Debug
2013-08-18 10:25:02 ----SHD---- C:\WINDOWS\Installer
2013-08-18 10:25:01 ----HD---- C:\Config.Msi
2013-08-18 10:24:57 ----D---- C:\Program Files
2013-08-15 16:56:52 ----D---- C:\Program Files\SUPERAntiSpyware
2013-08-15 13:17:29 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2013-08-15 13:17:27 ----D---- C:\Program Files\SpywareBlaster
2013-08-15 11:35:51 ----D---- C:\WINDOWS\Microsoft.NET
2013-08-15 11:35:47 ----RSD---- C:\WINDOWS\assembly
2013-08-15 11:17:38 ----D---- C:\Program Files\TomTom HOME 2
2013-08-15 00:15:55 ----HD---- C:\WINDOWS\inf
2013-08-15 00:15:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-08-15 00:15:49 ----D---- C:\Program Files\Internet Explorer
2013-08-15 00:15:31 ----D---- C:\WINDOWS\ie8updates
2013-08-15 00:09:17 ----A---- C:\WINDOWS\system32\MRT.exe
2013-08-15 00:03:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-08-15 00:03:21 ----D---- C:\WINDOWS\WinSxS
2013-08-10 18:13:18 ----D---- C:\Program Files\DOSBox-0.74
2013-08-06 17:08:11 ----D---- C:\WINDOWS\Minidump
2013-08-05 17:37:51 ----SH---- C:\boot.ini
2013-08-05 17:37:51 ----D---- C:\WINDOWS\pss
2013-08-05 17:37:51 ----A---- C:\WINDOWS\win.ini
2013-08-05 17:37:51 ----A---- C:\WINDOWS\system.ini
2013-08-05 17:25:53 ----HD---- C:\Program Files\InstallShield Installation Information
2013-08-05 17:18:16 ----D---- C:\Program Files\ATI Technologies
2013-08-05 17:17:09 ----DC---- C:\WINDOWS\system32\DRVSTORE
2013-08-05 12:18:01 ----D---- C:\Documents and Settings\Gabriel\Application Data\DisplayTune
2013-08-05 12:15:24 ----D---- C:\Program Files\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2013-05-09 49376]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2013-06-28 175176]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2013-05-09 49760]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2013-06-28 770344]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2013-06-28 369584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2013-05-09 56080]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 Pivot;Pivot; C:\WINDOWS\System32\drivers\pivot.sys [2009-03-03 17465]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-05-09 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R2 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2012-06-03 5504]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2012-08-16 6810624]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP3.sys [2012-02-23 99856]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-01-12 163328]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 PdiPorts;Portrait Displays low level device driver; C:\WINDOWS\System32\Drivers\PdiPorts.sys [2009-07-15 17136]
R3 pivotmou;Pivot Mouse/Pointers Filter Driver; \??\C:\WINDOWS\system32\drivers\pivotmou.sys []
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-05-26 1177032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2013-01-31 83168]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-12-03 41728]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2013-01-31 181344]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SWDUMon;SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [2013-06-05 13464]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WinUSB;SAMSUNG Android USB Driver; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2012-08-16 643072]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-05-09 46808]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [2009-10-08 69632]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-06-24 182184]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 PdiService;Portrait Displays SDK Service; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2009-07-15 109168]
R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe [2006-05-26 86016]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2013-07-02 93072]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-20 116648]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-06-21 162408]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21 257416]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-20 116648]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe , ulozte na plochu a spustte.
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

OTL log:

OTL logfile created on: 29.8.2013 16:24:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Gabriel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

1021,31 Mb Total Physical Memory | 445,59 Mb Available Physical Memory | 43,63% Memory free
2,40 Gb Paging File | 1,54 Gb Available in Paging File | 64,30% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 73,36 Gb Free Space | 49,22% Space Free | Partition Type: NTFS
Drive D: | 3,92 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: GABRIELN | User Name: Gabriel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.08.29 16:20:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gabriel\Desktop\OTL.exe
PRC - [2013.07.07 17:58:03 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2013.07.02 11:19:30 | 000,248,208 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2013.07.02 11:19:30 | 000,093,072 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2013.06.24 00:05:58 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.07.11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2009.10.08 11:17:28 | 000,492,032 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files\Philips Display\SmartControl II\dthtml.exe
PRC - [2009.10.08 11:14:32 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2009.10.08 11:14:24 | 000,114,688 | ---- | M] (Portrait Displays Inc.) -- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
PRC - [2009.09.14 08:00:00 | 000,200,704 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIGGE.EXE
PRC - [2009.07.15 13:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.05.26 16:58:54 | 000,086,016 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2006.05.26 16:58:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\sttray.exe


========== Modules (No Company Name) ==========

MOD - [2013.08.29 09:49:31 | 002,097,664 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13082900\algo.dll
MOD - [2013.08.15 11:35:02 | 011,816,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\972dcf9830a64e9802aaca3a83cae24b\System.Web.ni.dll
MOD - [2013.08.15 11:33:09 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\14d1a28674a9f78c5759e7dcf74a13fd\System.Configuration.ni.dll
MOD - [2013.08.15 00:13:24 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013.08.15 00:13:08 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a12a09aaa2c560a808dea7eaba5040c1\System.Windows.Forms.ni.dll
MOD - [2013.08.15 00:12:13 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
MOD - [2013.08.15 00:04:42 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013.08.15 00:03:22 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013.07.11 13:05:12 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\8f799a4688381624de3cfb1edbccb163\Accessibility.ni.dll
MOD - [2013.07.11 00:27:17 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013.07.07 17:58:35 | 000,057,344 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2013.07.07 17:58:34 | 000,312,832 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2013.07.07 17:58:34 | 000,101,888 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2013.07.07 17:58:34 | 000,073,728 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2013.07.07 17:58:34 | 000,038,912 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2013.07.07 17:58:33 | 000,158,208 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2013.07.07 17:58:33 | 000,096,256 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll
MOD - [2013.07.07 17:58:33 | 000,094,208 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2013.07.07 17:58:33 | 000,067,072 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2013.07.07 17:58:33 | 000,062,976 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2013.07.07 17:58:32 | 000,093,696 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2013.07.07 17:58:31 | 000,835,584 | ---- | M] () -- C:\Program Files\Opera\gstreamer\gstreamer.dll
MOD - [2013.01.02 08:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012.09.18 13:51:42 | 000,016,384 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2012.08.15 21:19:12 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.03.16 12:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009.10.08 11:14:42 | 000,184,320 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DThook.dll
MOD - [2009.10.08 11:14:34 | 000,077,824 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\CC\gui.dll
MOD - [2009.10.08 11:14:32 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
MOD - [2009.10.08 11:14:14 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\PresetsCOM.dll
MOD - [2008.04.14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008.04.14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013.08.21 00:35:41 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.07.02 11:19:30 | 000,093,072 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2013.06.24 00:05:58 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013.06.21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2009.10.08 11:14:32 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2009.07.15 13:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2006.05.26 16:58:54 | 000,086,016 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - [2013.06.28 00:29:54 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013.06.28 00:29:54 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013.06.28 00:29:54 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013.06.05 00:34:49 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013.05.09 10:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013.05.09 10:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.01.31 10:19:50 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013.01.31 10:19:50 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012.08.16 04:58:38 | 006,810,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2012.06.03 10:45:50 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2012.02.23 14:31:22 | 000,099,856 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009.07.15 13:43:32 | 000,017,136 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2009.03.03 11:42:00 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pivot.sys -- (Pivot)
DRV - [2009.03.03 11:41:58 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2008.01.09 11:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2006.11.02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006.05.26 16:59:12 | 001,177,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005.12.03 02:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1645522239-1417001333-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKU\S-1-5-21-1645522239-1417001333-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
IE - HKU\S-1-5-21-1645522239-1417001333-839522115-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1645522239-1417001333-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1645522239-1417001333-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1645522239-1417001333-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2013.08.29 10:52:03 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.05.11 11:51:28 | 000,000,000 | ---D | M]

[2012.10.06 19:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Extensions
[2012.10.06 19:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Extensions\home2@tomtom.com
[2013.02.04 12:21:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.01.19 15:25:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

O1 HOSTS File: ([2013.08.28 16:40:05 | 000,000,741 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DT PHL] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1645522239-1417001333-839522115-1004..\Run: [EPSON SX125 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1645522239-1417001333-839522115-1004..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1645522239-1417001333-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/wind ... 7923174796 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 7923229796 (MUWebControl Class)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/ ... anager.cab (Microsoft Download Manager ActiveX control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19BFFC58-3D34-4234-B47E-2C29FDF351E7}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Gabriel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gabriel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.05.08 12:30:17 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.02.25 18:24:44 | 000,000,051 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2013.08.29 16:20:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gabriel\Desktop\OTL.exe
[2013.08.28 23:51:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gabriel\Recent
[2013.08.27 14:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\Desktop\RK_Quarantine
[2013.08.26 15:44:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\Desktop\cclenaer
[2013.08.25 00:17:48 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.08.20 23:40:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WinRAR
[2013.08.20 23:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\Start Menu\Programs\WinRAR
[2013.08.18 10:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\My Documents\Add-in Express
[2013.08.16 11:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\GreenTree Applications
[2013.08.15 11:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\TomTom
[2013.08.15 00:11:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2013.08.08 20:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\My Documents\Key Code & Crack
[2013.08.08 20:34:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\Local Settings\Application Data\Opera Software
[2013.08.08 20:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\Application Data\Opera Software
[2013.08.08 20:33:46 | 000,000,000 | ---D | C] -- C:\Program Files\Opera Next
[2013.08.07 14:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Euro Truck Simulator 2
[2013.08.07 14:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\Euro Truck Simulator 2
[2013.08.07 14:06:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\My Documents\Euro Truck Simulator 2
[2013.08.07 14:06:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\Desktop\Euro-Truck-Simulator-2--Crack
[2013.08.06 20:41:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\Desktop\need-for-speed
[2013.08.06 20:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\Desktop\settlers-2-gold-edition
[2013.08.05 18:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\Rockstar Games
[2013.08.05 18:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Rockstar Games
[2013.08.05 17:25:51 | 000,000,000 | ---D | C] -- C:\EbuDllTmpDir
[2013.08.05 17:25:37 | 000,000,000 | ---D | C] -- C:\install
[2013.08.05 17:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\Local Settings\Application Data\ATI
[2013.08.05 17:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\Application Data\ATI
[2013.08.05 17:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ATI
[2013.08.05 17:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2013.08.05 17:17:17 | 000,099,856 | R--- | C] (Advanced Micro Devices) -- C:\WINDOWS\System32\drivers\AtihdXP3.sys
[2013.08.05 17:16:56 | 000,307,200 | R--- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2013.08.05 17:16:52 | 000,442,368 | R--- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIDEMGX.dll
[2013.08.05 17:16:44 | 000,163,840 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2013.08.05 17:16:44 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2013.08.05 17:16:44 | 000,017,408 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atitvo32.dll
[2013.08.05 17:16:43 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atibtmon.exe
[2013.08.05 17:16:43 | 000,065,024 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\atimpc32.dll
[2013.08.05 17:16:43 | 000,065,024 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\amdpcom32.dll
[2013.08.05 17:16:43 | 000,053,248 | ---- | C] ( ATI Technologies Inc.) -- C:\WINDOWS\System32\ATIDDC.DLL
[2013.08.05 17:16:43 | 000,045,056 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIODCLI.exe
[2013.08.05 17:16:43 | 000,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2013.08.05 17:16:43 | 000,024,064 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ativcoxx.dll
[2013.08.05 17:16:42 | 018,964,480 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atioglxx.dll
[2013.08.05 17:16:42 | 000,495,616 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiok3x2.dll
[2013.08.05 17:16:42 | 000,192,512 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2evxx.dll
[2013.08.05 17:16:41 | 000,294,912 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIODE.exe
[2013.08.05 17:16:41 | 000,245,760 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiadlxx.dll
[2013.08.05 17:16:41 | 000,212,992 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2013.08.05 17:16:41 | 000,163,840 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiapfxx.exe
[2013.08.05 17:16:41 | 000,053,248 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\ati2erec.dll
[2013.08.05 17:16:40 | 000,835,584 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atikvmag.dll
[2013.08.05 17:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013.08.05 12:24:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\Desktop\ostatne
[2013.08.05 12:16:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SmartControl II
[2013.08.05 12:15:56 | 000,062,009 | ---- | C] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\WPFB.DLL
[2013.08.05 12:15:56 | 000,017,465 | ---- | C] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\drivers\pivot.sys
[2013.08.05 12:15:56 | 000,011,323 | ---- | C] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\drivers\pivotmou.sys
[2013.08.05 12:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\Portrait Displays
[2013.08.05 12:15:35 | 000,017,136 | ---- | C] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\drivers\PdiPorts.sys
[2013.08.05 12:15:27 | 001,105,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\mfc80.dll
[2013.08.05 12:15:27 | 001,093,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\mfc80u.dll
[2013.08.05 12:15:27 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\mfc70.dll
[2013.08.05 12:15:27 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\msvcr80.dll
[2013.08.05 12:15:27 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\msvcp80.dll
[2013.08.05 12:15:27 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\mfcm80.dll
[2013.08.05 12:15:27 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\mfcm80u.dll
[2013.08.05 12:15:26 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\msvcm80.dll
[2013.08.05 12:15:26 | 000,372,736 | ---- | C] (Intel Corporation) -- C:\WINDOWS\ijl15.dll
[2013.08.05 12:15:26 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\atl80.dll
[2013.08.05 12:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Portrait Displays
[2013.08.05 12:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\Philips Display
[2004.06.22 09:04:56 | 000,442,425 | ---- | C] (Hewlett-Packard) -- C:\Program Files\hpzjpp01.dll
[2004.06.22 09:04:56 | 000,290,873 | ---- | C] (Hewlett-Packard) -- C:\Program Files\hpzjut01.dll
[2004.06.22 09:04:56 | 000,254,005 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcrt.dll
[2004.06.22 09:04:56 | 000,200,704 | ---- | C] (HP) -- C:\Program Files\hpzpnp10.dll
[2004.06.22 09:04:56 | 000,176,128 | ---- | C] (HP) -- C:\Program Files\hpzscr10.dll
[2004.06.22 09:04:56 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcirt.dll
[2004.06.22 09:04:56 | 000,049,212 | ---- | C] (Hewlett-Packard) -- C:\Program Files\hpzjvp01.dll
[2004.06.22 09:04:56 | 000,026,768 | ---- | C] (Microsoft Corporation) -- C:\Program Files\usbhub.sys
[2004.06.22 09:04:56 | 000,022,608 | ---- | C] (Microsoft Corporation) -- C:\Program Files\usbprint.sys
[2004.06.22 09:04:56 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\usbmon.dll
[2004.06.22 09:04:54 | 000,270,336 | ---- | C] (HP) -- C:\Program Files\hpzglu10.exe
[2004.06.22 09:04:54 | 000,270,336 | ---- | C] (Hewlett-Packard Co.) -- C:\Program Files\hpzc3212.dll
[2004.06.22 09:04:54 | 000,028,722 | ---- | C] (Hewlett-Packard) -- C:\Program Files\hpzjlog.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.08.29 16:27:58 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.08.29 16:20:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gabriel\Desktop\OTL.exe
[2013.08.29 15:59:06 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.08.29 15:35:04 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.08.29 11:59:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.08.29 10:52:34 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013.08.29 10:51:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.08.29 10:51:19 | 000,122,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.08.28 20:28:00 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\PCUpdater_UPDATES.job
[2013.08.28 16:36:32 | 000,913,408 | ---- | M] () -- C:\Documents and Settings\Gabriel\Desktop\RogueKiller.exe
[2013.08.28 15:01:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\PCUpdater_NOTIFYSCAN.job
[2013.08.27 12:34:09 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.08.25 22:12:05 | 007,641,088 | ---- | M] () -- C:\Documents and Settings\Gabriel\Desktop\Ennio_Morricone.mp3
[2013.08.25 00:17:12 | 000,994,642 | ---- | M] () -- C:\Documents and Settings\Gabriel\Desktop\adwcleaner.exe
[2013.08.22 20:00:58 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013.08.21 11:09:49 | 000,108,326 | ---- | M] () -- C:\Documents and Settings\Gabriel\Desktop\Pianobolsevizmus.jpg
[2013.08.21 00:35:38 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.08.21 00:35:38 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.08.20 19:30:50 | 000,108,032 | ---- | M] () -- C:\Documents and Settings\Gabriel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.08.20 15:08:22 | 000,508,605 | ---- | M] () -- C:\Documents and Settings\Gabriel\Desktop\2013-08-20 15.08.23.jpg
[2013.08.20 15:07:58 | 000,516,877 | ---- | M] () -- C:\Documents and Settings\Gabriel\Desktop\2013-08-20 15.07.59.jpg
[2013.08.19 22:48:53 | 000,068,686 | ---- | M] () -- C:\Documents and Settings\Gabriel\Desktop\firma.jpg
[2013.08.18 16:36:14 | 000,046,348 | ---- | M] () -- C:\Documents and Settings\Gabriel\Desktop\652.000km AudiA8.jpg
[2013.08.18 10:59:57 | 000,072,665 | ---- | M] () -- C:\Documents and Settings\Gabriel\Desktop\accord spotreba.jpg
[2013.08.17 12:55:41 | 000,021,666 | ---- | M] () -- C:\Documents and Settings\Gabriel\Desktop\podpis.odt
[2013.08.15 00:03:48 | 000,432,928 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.08.15 00:03:48 | 000,067,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.08.09 14:34:02 | 001,111,454 | ---- | M] () -- C:\Documents and Settings\Gabriel\Desktop\STR-06030901-PS-Nm-C.pdf
[2013.08.09 12:46:19 | 000,041,785 | ---- | M] () -- C:\Documents and Settings\Gabriel\Desktop\mikrospanok.jpg
[2013.08.08 21:07:09 | 354,569,736 | ---- | M] () -- C:\Documents and Settings\Gabriel\My Documents\EuroTruckSimulator2_1_4_8_patch.exe
[2013.08.08 20:57:04 | 000,027,458 | ---- | M] () -- C:\Documents and Settings\Gabriel\My Documents\EuroTruckSimulator2_1_4_8_patch.exe.torrent
[2013.08.07 14:11:16 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Euro Truck Simulator 2.lnk
[2013.08.05 17:37:51 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2013.08.05 17:17:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2013.08.05 17:13:17 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.08.03 14:18:38 | 001,543,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wmvdecod.dll
[2013.08.02 18:30:22 | 000,934,912 | ---- | M] () -- C:\Documents and Settings\Gabriel\Desktop\2013-08-02 18.30.23.jpg
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.08.29 16:27:58 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.08.29 10:51:19 | 000,122,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.08.27 14:19:03 | 000,913,408 | ---- | C] () -- C:\Documents and Settings\Gabriel\Desktop\RogueKiller.exe
[2013.08.25 22:11:41 | 007,641,088 | ---- | C] () -- C:\Documents and Settings\Gabriel\Desktop\Ennio_Morricone.mp3
[2013.08.25 00:17:11 | 000,994,642 | ---- | C] () -- C:\Documents and Settings\Gabriel\Desktop\adwcleaner.exe
[2013.08.21 11:09:49 | 000,108,326 | ---- | C] () -- C:\Documents and Settings\Gabriel\Desktop\Pianobolsevizmus.jpg
[2013.08.20 19:27:49 | 000,516,877 | ---- | C] () -- C:\Documents and Settings\Gabriel\Desktop\2013-08-20 15.07.59.jpg
[2013.08.20 19:27:49 | 000,508,605 | ---- | C] () -- C:\Documents and Settings\Gabriel\Desktop\2013-08-20 15.08.23.jpg
[2013.08.19 22:48:53 | 000,068,686 | ---- | C] () -- C:\Documents and Settings\Gabriel\Desktop\firma.jpg
[2013.08.18 16:33:03 | 000,046,348 | ---- | C] () -- C:\Documents and Settings\Gabriel\Desktop\652.000km AudiA8.jpg
[2013.08.09 14:34:01 | 001,111,454 | ---- | C] () -- C:\Documents and Settings\Gabriel\Desktop\STR-06030901-PS-Nm-C.pdf
[2013.08.09 12:46:19 | 000,041,785 | ---- | C] () -- C:\Documents and Settings\Gabriel\Desktop\mikrospanok.jpg
[2013.08.09 11:47:36 | 000,072,665 | ---- | C] () -- C:\Documents and Settings\Gabriel\Desktop\accord spotreba.jpg
[2013.08.08 20:57:25 | 354,569,736 | ---- | C] () -- C:\Documents and Settings\Gabriel\My Documents\EuroTruckSimulator2_1_4_8_patch.exe
[2013.08.08 20:57:04 | 000,027,458 | ---- | C] () -- C:\Documents and Settings\Gabriel\My Documents\EuroTruckSimulator2_1_4_8_patch.exe.torrent
[2013.08.07 14:11:16 | 000,000,963 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Euro Truck Simulator 2.lnk
[2013.08.06 20:40:47 | 000,001,593 | ---- | C] () -- C:\Documents and Settings\Gabriel\Desktop\DOSBox 0.74.lnk
[2013.08.05 21:48:49 | 000,934,912 | ---- | C] () -- C:\Documents and Settings\Gabriel\Desktop\2013-08-02 18.30.23.jpg
[2013.08.05 21:48:49 | 000,840,185 | ---- | C] () -- C:\Documents and Settings\Gabriel\Desktop\2013-07-30 13.05.36.jpg
[2013.08.05 17:17:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2013.08.05 17:16:56 | 000,038,445 | R--- | C] () -- C:\WINDOWS\atiogl.xml
[2013.08.05 17:16:51 | 000,273,840 | R--- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2013.08.05 17:16:50 | 000,632,252 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2013.08.05 17:16:43 | 001,492,832 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2013.08.05 12:15:56 | 000,007,432 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2013.06.28 00:29:56 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013.06.27 12:17:13 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013.06.27 12:17:12 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013.06.05 00:34:49 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2013.03.01 11:33:42 | 000,175,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013.03.01 11:33:41 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013.02.05 17:52:50 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2013.02.05 17:52:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2013.02.05 17:52:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2013.02.05 17:52:50 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2013.01.27 02:12:56 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2012.12.08 02:45:33 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012.09.24 20:33:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.09.22 17:39:47 | 000,004,943 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\mtbjfghn.xbe
[2012.09.18 01:20:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.09.18 01:14:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.09.18 00:36:52 | 000,108,032 | ---- | C] () -- C:\Documents and Settings\Gabriel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.17 23:31:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.09.17 23:26:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.06.22 09:04:56 | 000,000,399 | ---- | C] () -- C:\Program Files\hpzprl01.dat
[2004.06.22 09:04:56 | 000,000,297 | ---- | C] () -- C:\Program Files\Readme.html
[2004.06.22 09:04:56 | 000,000,205 | ---- | C] () -- C:\Program Files\hpzprl02.dat
[2004.06.22 09:04:54 | 000,447,400 | ---- | C] () -- C:\Program Files\hpoprn08.cat
[2004.06.22 09:04:54 | 000,137,124 | ---- | C] () -- C:\Program Files\hpoprn08.inf
[2004.06.22 09:04:54 | 000,094,438 | ---- | C] () -- C:\Program Files\hposcu08.inf
[2004.06.22 09:04:54 | 000,066,431 | ---- | C] () -- C:\Program Files\hpoprl04.dat
[2004.06.22 09:04:54 | 000,065,420 | ---- | C] () -- C:\Program Files\hpoprl05.dat
[2004.06.22 09:04:54 | 000,053,670 | ---- | C] () -- C:\Program Files\hposcu08.cat
[2004.06.22 09:04:54 | 000,052,349 | ---- | C] () -- C:\Program Files\hpzius13.cat
[2004.06.22 09:04:54 | 000,052,349 | ---- | C] () -- C:\Program Files\HPZius12.cat
[2004.06.22 09:04:54 | 000,051,467 | ---- | C] () -- C:\Program Files\hpzist13.cat
[2004.06.22 09:04:54 | 000,051,467 | ---- | C] () -- C:\Program Files\hpzist12.cat
[2004.06.22 09:04:54 | 000,051,467 | ---- | C] () -- C:\Program Files\hpzipr13.cat
[2004.06.22 09:04:54 | 000,051,467 | ---- | C] () -- C:\Program Files\HPZipr12.cat
[2004.06.22 09:04:54 | 000,051,467 | ---- | C] () -- C:\Program Files\hpzid413.cat
[2004.06.22 09:04:54 | 000,051,467 | ---- | C] () -- C:\Program Files\HPZid412.cat
[2004.06.22 09:04:54 | 000,051,026 | ---- | C] () -- C:\Program Files\HPOunp08.cat
[2004.06.22 09:04:54 | 000,050,615 | ---- | C] () -- C:\Program Files\hpzid412.inf
[2004.06.22 09:04:54 | 000,022,636 | ---- | C] () -- C:\Program Files\hpzid413.inf
[2004.06.22 09:04:54 | 000,020,168 | ---- | C] () -- C:\Program Files\hpzius12.inf
[2004.06.22 09:04:54 | 000,019,578 | ---- | C] () -- C:\Program Files\hpoprl03.dat
[2004.06.22 09:04:54 | 000,014,815 | ---- | C] () -- C:\Program Files\hpzius13.inf
[2004.06.22 09:04:54 | 000,012,922 | ---- | C] () -- C:\Program Files\hpzipr12.inf
[2004.06.22 09:04:54 | 000,009,777 | ---- | C] () -- C:\Program Files\hpzipr13.inf
[2004.06.22 09:04:54 | 000,009,773 | ---- | C] () -- C:\Program Files\hpousc08.inf
[2004.06.22 09:04:54 | 000,007,579 | ---- | C] () -- C:\Program Files\hpound08.inf
[2004.06.22 09:04:54 | 000,006,704 | ---- | C] () -- C:\Program Files\hpounp08.inf
[2004.06.22 09:04:54 | 000,005,538 | ---- | C] () -- C:\Program Files\hpzist12.inf
[2004.06.22 09:04:54 | 000,004,144 | ---- | C] () -- C:\Program Files\hpousb08.inf
[2004.06.22 09:04:54 | 000,004,132 | ---- | C] () -- C:\Program Files\hpzist13.inf
[2004.06.22 09:04:54 | 000,004,014 | ---- | C] () -- C:\Program Files\hpoprl08.dat
[2004.06.22 09:04:54 | 000,001,980 | ---- | C] () -- C:\Program Files\hpoprl07.dat
[2004.06.22 09:04:54 | 000,000,314 | ---- | C] () -- C:\Program Files\hpqprl01.dat
[2004.06.22 09:04:52 | 000,017,176 | ---- | C] () -- C:\Program Files\hpomdl04.dat
[2004.06.22 09:04:52 | 000,014,845 | ---- | C] () -- C:\Program Files\hpoapd01.dat
[2004.06.22 09:04:52 | 000,004,779 | ---- | C] () -- C:\Program Files\hpoglu08.inf
[2004.06.22 09:04:52 | 000,004,768 | ---- | C] () -- C:\Program Files\hpoprl01.dat
[2004.06.22 09:04:52 | 000,003,448 | ---- | C] () -- C:\Program Files\hpohub08.inf
[2004.06.22 09:04:52 | 000,002,542 | ---- | C] () -- C:\Program Files\hpoprl02.dat
[2004.06.22 09:04:52 | 000,000,065 | ---- | C] () -- C:\Program Files\dxprl.dat

========== ZeroAccess Check ==========

[2012.09.18 15:51:11 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.10.31 13:33:26 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009.11.14 01:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\.freeciv
[2011.06.16 21:35:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\.minecraft
[2009.04.04 19:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Ashampoo
[2012.09.11 23:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Auslogics
[2010.03.28 16:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Canneverbe Limited
[2010.09.27 01:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\ChemTable Software
[2009.02.11 22:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\DAEMON Tools
[2012.03.31 19:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\DAEMON Tools Lite
[2009.02.11 22:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\DAEMON Tools Pro
[2011.05.05 19:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Epson
[2010.11.22 13:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Feedreader
[2012.03.21 13:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Foxit Software
[2009.07.07 15:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\gtk-2.0
[2010.02.26 18:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\id Software
[2010.11.20 02:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\IObit
[2010.03.07 21:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Jpeg Resampler
[2009.10.09 18:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Leawo
[2009.09.26 01:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\MSNInstaller
[2011.04.10 20:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\MyPhoneExplorer
[2009.03.25 17:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\OpenOffice.org
[2011.05.25 16:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Opera
[2012.06.16 23:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Oracle
[2011.04.29 11:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\PCToolsFirewallPlus
[2011.06.16 21:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Roaming
[2009.10.22 12:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\SystemRequirementsLab
[2009.01.03 22:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Teleca
[2009.07.22 16:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\TomTom
[2010.11.20 03:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\uTorrent
[2010.02.04 15:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Windows Desktop Search
[2010.02.04 15:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Windows Search
[2009.11.23 13:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\ZipGenius
[2008.05.09 23:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010.02.08 22:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009.02.28 21:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2006.12.23 21:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2012.09.17 13:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010.03.28 16:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010.02.12 23:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2012.04.26 22:16:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009.11.07 13:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011.09.27 13:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009.03.22 02:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2010.09.01 23:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2011.10.05 12:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IC_Katalog
[2010.02.26 18:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2010.03.16 21:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2012.09.17 22:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009.07.22 16:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2011.09.27 13:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2012.03.25 01:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2009.03.31 22:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010.05.31 15:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.11.12 22:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012.09.18 01:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[2012.09.18 15:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BVRP Software
[2012.10.08 19:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Canneverbe Limited
[2012.09.18 12:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON
[2013.03.16 14:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Licenses
[2013.04.16 00:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Samsung
[2013.08.28 20:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2012.09.18 15:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TomTom
[2012.10.10 20:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Canneverbe Limited
[2012.09.22 17:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Carambis
[2013.08.05 12:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\DisplayTune
[2013.06.15 18:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Dropbox
[2013.05.11 11:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\DVDVideoSoft
[2012.09.18 12:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\EPSON
[2013.04.26 17:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Foxit Software
[2012.09.21 01:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\OpenOffice.org
[2012.09.18 00:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Opera
[2013.08.08 20:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Opera Software
[2013.06.24 00:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Oracle
[2013.05.06 09:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\PhotoFiltre 7
[2013.04.16 00:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Samsung
[2012.09.18 15:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\TomTom
[2011.05.05 13:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Opera
[2013.04.26 17:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Foxit Software

========== Purity Check ==========



========== Custom Scans ==========

< >
[2012.09.17 23:26:56 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2012.09.17 23:33:19 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2012.09.18 00:34:09 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2012.09.18 01:01:17 | 000,000,364 | -H-- | C] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2012.09.18 20:28:09 | 000,000,266 | ---- | C] () -- C:\WINDOWS\Tasks\PCUpdater_UPDATES.job
[2012.09.18 20:28:10 | 000,000,270 | ---- | C] () -- C:\WINDOWS\Tasks\PCUpdater_NOTIFYSCAN.job
[2013.06.20 22:44:56 | 000,000,922 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2013.06.20 22:44:58 | 000,000,926 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

< >

< MD5 for: AGP440.SYS >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0059\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0060\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 02:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008.04.14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2006.02.28 14:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: CDROM.SYS >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\Documents and Settings\admin\Local Settings\Application Data\SlimWare Utilities Inc\SlimDrivers\Backups\20120426T202212968750\gencdrom\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\Documents and Settings\admin\Local Settings\Application Data\SlimWare Utilities Inc\SlimDrivers\Backups\20120426T203355765625\gencdrom\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\Documents and Settings\admin\Local Settings\Application Data\SlimWare Utilities Inc\SlimDrivers\Backups\20120426T204653062500\gencdrom\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\Documents and Settings\admin\Local Settings\Application Data\SlimWare Utilities Inc\SlimDrivers\Backups\20120426T205454828125\gencdrom\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\Documents and Settings\admin\Local Settings\Application Data\SlimWare Utilities Inc\SlimDrivers\Backups\20120426T210614937500\gencdrom\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\Documents and Settings\admin\Local Settings\Application Data\SlimWare Utilities Inc\SlimDrivers\Backups\20120702T200914921875\gencdrom\cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2006.02.28 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2006.02.28 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 05:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006.02.28 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006.02.28 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\Documents and Settings\admin\Local Settings\Application Data\SlimWare Utilities Inc\SlimDrivers\Backups\20120426T202212968750\acpiapic_mp\hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\Documents and Settings\admin\Local Settings\Application Data\SlimWare Utilities Inc\SlimDrivers\Backups\20120426T203355765625\acpiapic_mp\hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\Documents and Settings\admin\Local Settings\Application Data\SlimWare Utilities Inc\SlimDrivers\Backups\20120426T204653062500\acpiapic_mp\hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\Documents and Settings\admin\Local Settings\Application Data\SlimWare Utilities Inc\SlimDrivers\Backups\20120426T205454828125\acpiapic_mp\hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\Documents and Settings\admin\Local Settings\Application Data\SlimWare Utilities Inc\SlimDrivers\Backups\20120426T210614937500\acpiapic_mp\hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\Documents and Settings\admin\Local Settings\Application Data\SlimWare Utilities Inc\SlimDrivers\Backups\20120702T200914921875\acpiapic_mp\hal.dll
[2008.04.14 00:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.14 00:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2006.02.28 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.14 00:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2008.04.14 00:06:42 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 00:06:42 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2001.08.17 13:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2006.02.28 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\system32\ReinstallBackups\0055\DriverFiles\i386\isapnp.sys

< MD5 for: LSASS.EXE >
[2006.02.28 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2006.02.28 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006.02.28 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006.02.28 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2008.04.14 05:42:38 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:42:38 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\smss.exe
[2006.02.28 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004.08.04 01:56:58 | 000,152,576 | ---- | M] (Microsoft Corporation) MD5=DA5CF1C368B33D75602FD6B3A7F5E0C6 -- C:\cmdcons\SYSTEM32\SMSS.EXE

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006.02.28 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006.02.28 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2006.02.28 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008.04.14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006.02.28 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2006.02.28 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[28 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\542ca89b62f4b2b2eebea38f60812a7c\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\542ca89b62f4b2b2eebea38f60812a7c\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\a0549939b7f1fb947477016fb6030851\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\a0549939b7f1fb947477016fb6030851\download\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[1 C:\WINDOWS\system32\config\systemprofile\Local Settings\temp\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\Local Settings\temp\*.tmp -> ]
[1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2008.04.11 08:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %ALLUSERSPROFILE%\Application Data\*. >
[2013.08.05 17:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ATI
[2012.09.18 01:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[2012.09.18 15:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BVRP Software
[2012.10.08 19:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Canneverbe Limited
[2012.09.18 12:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON
[2012.09.18 23:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Intel
[2013.03.16 14:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Licenses
[2012.10.15 21:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2013.05.23 12:53:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
[2012.09.20 13:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla
[2013.04.16 00:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Samsung
[2013.07.10 22:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
[2012.09.18 15:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sony Ericsson
[2013.04.28 23:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2012.09.19 15:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2013.08.28 20:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2012.09.18 15:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TomTom
[2012.10.26 00:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2013.04.26 18:55:59 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

< %APPDATA%\*. >
[2012.09.18 11:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Adobe
[2013.08.05 17:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\ATI
[2012.10.10 20:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Canneverbe Limited
[2012.09.22 17:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Carambis
[2013.08.05 12:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\DisplayTune
[2013.06.15 18:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Dropbox
[2013.05.11 11:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\DVDVideoSoft
[2012.09.18 12:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\EPSON
[2013.04.26 17:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Foxit Software
[2012.10.07 20:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\GRETECH
[2012.09.17 23:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Identities
[2012.09.18 23:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Intel
[2012.09.18 00:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Macromedia
[2012.10.15 21:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Malwarebytes
[2013.04.29 17:50:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Gabriel\Application Data\Microsoft
[2013.05.26 18:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Mozilla
[2012.09.21 01:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\OpenOffice.org
[2012.09.18 00:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Opera
[2013.08.08 20:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Opera Software
[2013.06.24 00:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Oracle
[2013.05.06 09:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\PhotoFiltre 7
[2013.04.16 00:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Samsung
[2013.08.29 16:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Skype
[2013.04.28 23:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Sun
[2012.09.19 15:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\SUPERAntiSpyware.com
[2012.09.18 15:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\TomTom
[2012.09.18 09:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\WinRAR

< %APPDATA%\*.exe /s >
[2007.03.22 12:46:42 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\Gabriel\Application Data\GRETECH\GomPlayer\GrLauncher.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2012.09.18 01:11:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2012.09.18 01:11:52 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2012.09.18 01:11:52 | 000,921,600 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2013.08.29 10:51:19 | 000,122,928 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2013.08.27 12:34:09 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2008.04.11 08:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 05:42:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
"EPSON SX125 Series" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE /FU "C:\WINDOWS\TEMP\E_SF0.tmp" /EF "HKCU" -- [2009.09.14 08:00:00 | 000,200,704 | ---- | M] (SEIKO EPSON CORPORATION)
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun -- [2013.06.21 09:58:32 | 019,875,432 | R--- | M] (Skype Technologies S.A.)
"TomTomHOME.exe" = "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -- [2013.07.02 11:19:30 | 000,248,208 | ---- | M] (TomTom)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013.08.29 16:27:58 | 000,000,512 | ---- | M] () MD5=883673C6C824D6273CEB2D470DC58A14 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2013.08.08 20:23:19 | 000,005,094 | ---- | M] () -- \Documents and Settings\Gabriel\Desktop\Euro-Truck-Simulator-2--Crack\Euro-Truck-Simulator-2--Crack.rar
[2003.12.05 14:52:40 | 000,000,796 | ---- | M] () -- \Program Files\Rockstar Games\GTA San Andreas\data\Decision\Craig\crack1.ped

< *keygen* /s >

< *AntiWPA* /s >

< *loader* /s >
[2012.03.16 20:35:38 | 000,009,051 | ---- | M] () -- \Documents and Settings\admin\Application Data\DAEMON Tools Lite\MediaInfo\img\loader.gif
[2012.03.16 20:35:38 | 000,016,119 | ---- | M] () -- \Documents and Settings\admin\Application Data\DAEMON Tools Lite\MediaInfo\img\logo_loader_page.jpg
[2012.03.16 20:35:38 | 000,018,434 | ---- | M] () -- \Documents and Settings\admin\Application Data\DAEMON Tools Lite\MediaInfo\img\logo_loader_page.png
[2012.03.16 20:35:38 | 000,006,553 | ---- | M] () -- \Documents and Settings\admin\Application Data\DAEMON Tools Lite\MediaInfo\js\app\MediaInfo\ImageInfoLoader.js
[2011.05.28 13:25:06 | 000,000,663 | ---- | M] () -- \Documents and Settings\admin\Application Data\Roaming\.minecraft\ModLoader.txt
[2011.05.20 12:34:06 | 000,000,887 | ---- | M] () -- \Documents and Settings\admin\Application Data\Roaming\.minecraft\ModLoader.txt.1
[2011.05.28 13:25:04 | 000,000,130 | ---- | M] () -- \Documents and Settings\admin\Application Data\Roaming\.minecraft\config\ModLoader.cfg
[2012.12.04 18:00:50 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users.WINDOWS\Application Data\Skype\Apps\login\images\loader.gif
[2012.12.04 18:00:50 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users.WINDOWS\Application Data\Skype\Apps\login\images\loader.png
[2012.12.04 18:00:50 | 000,009,772 | ---- | M] () -- \Documents and Settings\All Users.WINDOWS\Application Data\Skype\Apps\login\images\retina\loader@2x.png
[2011.10.05 13:20:41 | 000,000,078 | ---- | M] () -- \Documents and Settings\All Users\Application Data\IC_Katalog\Common\log_downloader.txt
[2012.02.19 21:16:13 | 000,007,715 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Chrome\Content\browserrecordloader.js
[2012.02.19 21:16:13 | 000,000,319 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Chrome\Content\browserrecordloader.xul
[2012.06.18 12:39:40 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Skype\Apps\login\images\loader.gif
[2012.06.18 12:39:40 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Skype\Apps\login\images\loader.png
[2010.12.10 23:09:58 | 000,000,328 | ---- | M] () -- \Documents and Settings\All Users\Start Menu\Programs\JDownloader\JDownloader Support.lnk
[2010.12.10 23:09:58 | 000,000,808 | ---- | M] () -- \Documents and Settings\All Users\Start Menu\Programs\JDownloader\JDownloader.lnk
[2010.12.10 23:10:05 | 000,000,798 | ---- | M] () -- \Documents and Settings\All Users\Start Menu\Programs\JDownloader\Uninstall JDownloader.lnk
[2012.03.25 01:29:08 | 000,000,072 | ---- | M] () -- \Documents and Settings\All Users\Start Menu\Programs\YouTube Downloader\YouTube Downloader Help.url
[2012.03.25 01:29:08 | 000,001,713 | ---- | M] () -- \Documents and Settings\All Users\Start Menu\Programs\YouTube Downloader\YouTube Downloader.lnk
[2013.02.09 02:09:27 | 000,004,153 | ---- | M] () -- \Documents and Settings\Gabriel\Application Data\DVDVideoSoft\logs\FreeYTVDownloader.log
[2013.02.09 02:09:05 | 000,143,667 | ---- | M] () -- \Documents and Settings\Gabriel\Application Data\DVDVideoSoft\logs\FreeYTVDownloader_install.txt
[2013.05.11 11:50:47 | 000,043,998 | ---- | M] () -- \Documents and Settings\Gabriel\Application Data\DVDVideoSoft\logs\FreeYTVDownloader_uninstall.txt
[2013.02.07 18:00:02 | 000,227,592 | ---- | M] () -- \Documents and Settings\Gabriel\Application Data\DVDVideoSoft\logs\YTVDownloader_extra1.log
[2013.08.05 18:26:51 | 000,000,326 | ---- | M] () -- \Documents and Settings\Gabriel\Local Settings\Application Data\Opera\Opera\icons\http%3A%2F%2Fwww.driversdownloader.com%2Ffavicon.png
[2013.07.20 12:19:17 | 000,000,749 | ---- | M] () -- \Documents and Settings\Gabriel\Local Settings\Application Data\Opera\Opera\icons\http%3A%2F%2Fwww.youtubedownloadersite.com%2Ffavicon.png
[2013.08.16 11:15:55 | 000,000,620 | ---- | M] () -- \Documents and Settings\Gabriel\Local Settings\Application Data\Opera\Opera\icons\http%3A%2F%2Fyoutubedownloader.com%2Fimg%2Ficon%2F16x16.png
[2013.05.05 16:51:04 | 000,010,819 | ---- | M] () -- \Documents and Settings\Gabriel\Local Settings\Temp\ish3621250\images\Loader.gif
[2013.05.05 16:51:04 | 000,010,819 | ---- | M] () -- \Documents and Settings\Gabriel\Local Settings\Temp\ish3628015\images\Loader.gif
[2013.05.05 16:51:04 | 000,010,819 | ---- | M] () -- \Documents and Settings\Gabriel\Local Settings\Temp\ish3689484\images\Loader.gif
[2010.12.16 14:12:56 | 000,000,051 | ---- | M] () -- \Documents and Settings\Gabriel\My Documents\TomTom\HOME\Backup\ONE\Backup01\InternalMemory\bootloaderversion.txt
[2011.03.26 12:44:52 | 000,000,051 | ---- | M] () -- \Documents and Settings\Gabriel\My Documents\TomTom\HOME\Backup\START\Backup01\InternalMemory\bootloaderversion.txt
[2013.07.27 18:14:30 | 000,000,673 | ---- | M] () -- \Documents and Settings\Gabriel\My Documents\Toyota Corolla 1.4 XLI_files\loader00.gif
[2008.08.28 18:21:15 | 005,886,678 | ---- | M] () -- \DVDVideoSoft\Installations\FreeYouTubeUploader.exe
[2007.10.23 17:52:22 | 000,114,688 | ---- | M] () -- \Program Files\Epson Software\Easy Photo Print\APFLoaderV13.dll
[2007.10.23 17:52:22 | 000,069,632 | ---- | M] () -- \Program Files\Epson Software\Easy Photo Print\EpAPFLoader.dll
[2007.10.23 17:52:22 | 000,102,400 | ---- | M] () -- \Program Files\Epson Software\Easy Photo Print\EpAPFLoader2006.dll
[2012.08.13 10:52:58 | 000,006,081 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.py
[2012.09.21 01:10:31 | 000,020,992 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.dll
[2012.08.13 11:52:26 | 000,000,171 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.ini
[2012.09.21 01:10:49 | 000,029,696 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\bin\javaloader.uno.dll
[2012.08.13 10:12:36 | 000,003,868 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\java\unoloader.jar
[2010.08.05 18:28:30 | 000,299,408 | ---- | M] () -- \Program Files\Windows Live Safety Center\wlscUploader.exe
[2006.02.28 14:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2008.04.14 05:41:54 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.14 00:01:44 | 000,230,400 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.14 00:01:46 | 000,278,016 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 05:41:54 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[1 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]

< *minodlogin* /s >

< *tnod* /s >
[2010.06.09 10:54:23 | 000,000,795 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\patnodinstalaninformace.zip

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2004.08.04 00:15:54 | 000,030,067 | ---- | M] () -- \cmdcons\SERIAL.SY_
[2013.08.28 00:59:43 | 000,000,934 | ---- | M] () -- \Documents and Settings\Gabriel\Local Settings\Application Data\Opera\Opera\icons\http%3A%2F%2Fserialy-zdarma.eu%2Ffavicon.ico.png
[2013.08.28 00:59:14 | 000,000,581 | ---- | M] () -- \Documents and Settings\Gabriel\Local Settings\Application Data\Opera\Opera\icons\http%3A%2F%2Fwww.serialzone.cz%2Ffavicon.png
[2013.07.14 12:36:02 | 000,000,544 | ---- | M] () -- \Documents and Settings\Gabriel\Local Settings\Application Data\Opera\Opera\icons\http%3A%2F%2Fwww.sledujuserialy.cz%2Ffavicon.png
[2013.08.03 20:56:00 | 000,000,079 | ---- | M] () -- \Documents and Settings\Gabriel\Local Settings\Application Data\Opera\Opera\icons\www.sledujuserialy.cz.idx
[1998.12.21 07:52:42 | 000,000,006 | ---- | M] () -- \OpenSSL\bin\PEM\demoCA\serial
[2010.05.31 15:01:42 | 000,011,548 | ---- | M] () -- \Program Files\Common Files\Teleca Shared\DSS-20\USBSerialPort.PNF
[2010.05.31 15:01:42 | 000,011,532 | ---- | M] () -- \Program Files\Common Files\Teleca Shared\DSS-25\USBSerialPort.PNF
[2013.05.13 15:14:36 | 000,434,368 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.20513.0\System.Runtime.Serialization.dll
[2013.07.11 00:12:04 | 001,164,288 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.20513.0\System.Runtime.Serialization.ni.dll
[2006.09.12 16:26:12 | 000,016,384 | ---- | M] () -- \Program Files\Multiple Image Resizer .NET\UpdateChecker.XmlSerializers.dll
[2012.09.27 01:12:26 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2006.02.28 14:00:00 | 000,064,896 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\serial.sys
[2013.08.15 00:03:21 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013.01.10 01:04:22 | 000,970,752 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2013.08.15 11:34:37 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a95e0af6fa5d2e8ffd5e0091f6513271\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013.07.11 13:04:40 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afbff0c4df2ddd1e111f9e594279cb19\System.Runtime.Serialization.ni.dll
[2013.08.15 11:32:25 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\ba6670610621b25b1608e457ba0ef305\System.Runtime.Serialization.ni.dll
[2013.07.11 13:06:34 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c04d26ec14782eaa84e7c157133bc9fa\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2008.07.25 11:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2012.09.27 01:12:26 | 000,970,752 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2003.08.01 12:54:06 | 000,005,632 | ---- | M] () -- \WINDOWS\mui\FALLBACK\041b\serialui.dll.mui
[2008.04.14 00:10:22 | 000,028,288 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\grserial.sys
[2008.04.14 00:45:46 | 000,064,512 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\serial.sys
[2006.02.28 14:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2006.02.28 14:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[1 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2006.02.28 14:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dllcache\dpserial.dll
[2006.02.28 14:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\dllcache\serialui.dll
[2008.04.14 00:45:46 | 000,064,512 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys

< *w7lxe* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5C321E34
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Druhy log:

OTL Extras logfile created on: 29.8.2013 16:24:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Gabriel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

1021,31 Mb Total Physical Memory | 445,59 Mb Available Physical Memory | 43,63% Memory free
2,40 Gb Paging File | 1,54 Gb Available in Paging File | 64,30% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 73,36 Gb Free Space | 49,22% Space Free | Partition Type: NTFS
Drive D: | 3,92 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: GABRIELN | User Name: Gabriel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-1645522239-1417001333-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{107254A0-0ADF-11D4-9397-00D0B7020B38}" =
"{15B44041-33AC-9421-20E0-2011347C8C08}" = AMD Catalyst Install Manager
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1" = Euro Truck Simulator 2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E362879-36FD-6D05-2DC0-2D549BDF920C}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{51F2E507-2883-1D24-D896-214CBAFCC50F}" = Catalyst Control Center InstallProxy
"{5F32FBBF-92E3-49B1-34B9-73510853A341}" = AMD AVIVO Codecs
"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
"{6BB32D96-A515-2643-8335-5D9AA079AED5}" = Catalyst Control Center Localization All
"{70C6CF73-E9B2-1188-833C-0ECF1293D97B}" = ccc-utility
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{717BC543-C050-4750-822B-BA6D492688E8}" = Catalyst Control Center - Branding
"{73736FBF-5A67-4AB8-A1BF-DFCAB9467F3F}" = OpenOffice.org 3.4.1
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{86E192C5-92A0-1210-EF0E-18AB41F45752}" = Skins
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{91E5AFAE-3AFE-01CD-892A-B32DB35A7D0D}" = Catalyst Control Center
"{99072AB4-D795-44D5-9D65-E3C9F8322C97}" = TomTom HOME
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D4CD4A-AE20-40B3-8726-8ED1C03E8C15}" = Google Drive
"{C70AF388-BBF9-30B3-305B-03A1E0BCFEC8}" = HydraVision
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{F6B23E59-1240-4C20-AE0B-70658A91976A}" = Intel(R) PRO Network Connections
"{FDA7A7CB-F1DE-42A9-83A6-27BE6CD6E8F3}" = SmartControl II
"AC3Filter_is1" = AC3Filter 2.5b
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"EPSON Scanner" = EPSON Scan
"EPSON SX125 Series" = EPSON SX125 Series Printer Uninstall
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"FileHippo.com" = FileHippo.com Update Checker
"Foxit Reader_is1" = Foxit Reader
"GOM Player" = GOM Player
"GTA:SanAndreas_CZ" = GTA:SanAndreas_CZ
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verzia 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"OpenTTD" = OpenTTD 1.3.1
"Opera 12.16.1860" = Opera 12.16
"SpywareBlaster_is1" = SpywareBlaster 5.0
"upnito.sk Manager_is1" = upnito.sk Manager 2
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1645522239-1417001333-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"PhotoFiltre 7" = PhotoFiltre 7

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6.8.2013 9:51:09 | Computer Name = GABRIELN | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie eurotrucks2.exe, verzia 1.4.8.46498, zlyhanie modulu
eurotrucks2.exe, verzia 1.4.8.46498, adresa zlyhania 0x00463262.

Error - 7.8.2013 8:49:20 | Computer Name = GABRIELN | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia eurotrucks2.exe, verzia 1.2.42233.5, zablokovaný
modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error - 12.8.2013 14:01:16 | Computer Name = GABRIELN | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie gta_sa.exe, verzia 0.0.0.0, zlyhanie modulu gta_sa.exe,
verzia 0.0.0.0, adresa zlyhania 0x003f5a7a.

Error - 12.8.2013 14:01:23 | Computer Name = GABRIELN | Source = Application Error | ID = 1001
Description = Chybný blok 202176355.

Error - 17.8.2013 19:50:21 | Computer Name = GABRIELN | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie opera.exe, verzia 12.16.1860.0, zlyhanie modulu
unknown, verzia 0.0.0.0, adresa zlyhania 0x69006800.

Error - 19.8.2013 8:10:51 | Computer Name = GABRIELN | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie gta_sa.exe, verzia 0.0.0.0, zlyhanie modulu gta_sa.exe,
verzia 0.0.0.0, adresa zlyhania 0x003f5a7a.

Error - 19.8.2013 8:12:00 | Computer Name = GABRIELN | Source = Application Error | ID = 1001
Description = Chybný blok 202176355.

Error - 20.8.2013 16:29:43 | Computer Name = GABRIELN | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie gta_sa.exe, verzia 0.0.0.0, zlyhanie modulu gta_sa.exe,
verzia 0.0.0.0, adresa zlyhania 0x003f5a7c.

Error - 26.8.2013 6:31:52 | Computer Name = GABRIELN | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie , verzia 0.0.0.0, zlyhanie modulu unknown, verzia
0.0.0.0, adresa zlyhania 0x00000000.

Error - 28.8.2013 15:52:16 | Computer Name = GABRIELN | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie gta_sa.exe, verzia 0.0.0.0, zlyhanie modulu gta_sa.exe,
verzia 0.0.0.0, adresa zlyhania 0x003f5a7a.

[ System Events ]
Error - 27.8.2013 6:35:46 | Computer Name = GABRIELN | Source = Disk | ID = 262155
Description = Ovládač zistil chybu radiča na \Device\Harddisk1\D.

Error - 28.8.2013 2:37:39 | Computer Name = GABRIELN | Source = Disk | ID = 262155
Description = Ovládač zistil chybu radiča na \Device\Harddisk1\D.

Error - 28.8.2013 2:37:44 | Computer Name = GABRIELN | Source = Disk | ID = 262155
Description = Ovládač zistil chybu radiča na \Device\Harddisk1\D.

Error - 28.8.2013 2:37:54 | Computer Name = GABRIELN | Source = Disk | ID = 262155
Description = Ovládač zistil chybu radiča na \Device\Harddisk3\D.

Error - 28.8.2013 2:38:06 | Computer Name = GABRIELN | Source = Disk | ID = 262155
Description = Ovládač zistil chybu radiča na \Device\Harddisk1\D.

Error - 28.8.2013 2:38:17 | Computer Name = GABRIELN | Source = Disk | ID = 262155
Description = Ovládač zistil chybu radiča na \Device\Harddisk1\D.

Error - 28.8.2013 2:38:27 | Computer Name = GABRIELN | Source = Disk | ID = 262155
Description = Ovládač zistil chybu radiča na \Device\Harddisk2\D.

Error - 28.8.2013 2:38:48 | Computer Name = GABRIELN | Source = Disk | ID = 262155
Description = Ovládač zistil chybu radiča na \Device\Harddisk1\D.

Error - 28.8.2013 10:35:08 | Computer Name = GABRIELN | Source = Disk | ID = 262155
Description = Ovládač zistil chybu radiča na \Device\Harddisk4\D.

Error - 29.8.2013 4:51:46 | Computer Name = GABRIELN | Source = Disk | ID = 262155
Description = Ovládač zistil chybu radiča na \Device\Harddisk4\D.


< End of report >