VIRY.CZ

Dobrý večer,

prosím o kontrolu logu.

Velice děkuji




______________________________________________________________________

Logfile of random's system information tool 1.06 (written by random/random)
Run by Sabina at 2013-12-25 19:11:43
Microsoft® Windows Vista™ Home Premium
System drive C: has 152 GB (66%) free of 230 GB
Total RAM: 2037 MB (42% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{120C37D5-B427-42A8-A86E-CC65335376AF}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-11-28 809040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-11-28 809040]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-08-28 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-08-28 154136]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-08-28 137752]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-06-30 159744]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-09-30 181544]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-27 202032]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-09-13 222504]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-12-13 1006264]
"HP Health Check Scheduler"=[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-10-03 480560]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"avast"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-11-28 3744552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-07-03 1232896]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]

C:\Users\Sabina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-08-20 200704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{394717b9-9b79-11df-a3a0-001eec20b194}]
shell\AutoRun\command - "F:\WD SmartWare.exe" autoplay=true

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdf228ad-8e39-11e1-bb16-001eec20b194}]
shell\downloadsb\command - explorer http://www.philips.com/songbird

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdf228b2-8e39-11e1-bb16-001eec20b194}]
shell\AutoRun\command - F:\Setup.exe


======List of files/folders created in the last 1 months======

2013-12-25 19:11:44 ----D---- C:\Program Files\trend micro
2013-12-25 19:11:43 ----D---- C:\rsit
2013-12-25 17:51:44 ----D---- C:\Program Files\CCleaner
2013-12-11 20:50:36 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 months======

2013-12-25 19:11:45 ----D---- C:\Windows\Prefetch
2013-12-25 19:11:44 ----RD---- C:\Program Files
2013-12-25 19:11:20 ----D---- C:\Windows\Temp
2013-12-25 18:14:11 ----D---- C:\Users\Sabina\AppData\Roaming\Media Player Classic
2013-12-25 18:13:13 ----D---- C:\Windows\panther
2013-12-25 18:13:12 ----D---- C:\Windows\inf
2013-12-25 18:13:09 ----D---- C:\Windows\Minidump
2013-12-25 18:13:09 ----D---- C:\Windows\Debug
2013-12-25 18:13:09 ----D---- C:\Windows
2013-12-25 17:51:54 ----D---- C:\Windows\system32\Tasks
2013-12-25 17:08:12 ----D---- C:\Windows\System32
2013-12-25 17:08:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-12-25 16:51:08 ----SHD---- C:\System Volume Information
2013-12-25 16:42:13 ----HD---- C:\ProgramData
2013-12-25 16:41:20 ----SHD---- C:\Windows\Installer
2013-12-15 18:08:59 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-12-11 01:45:44 ----A---- C:\Windows\system32\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-11-28 34392]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-11-28 435032]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-11-28 314456]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-11-28 52952]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-11-28 20568]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-25 155136]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-05-30 735232]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-07-03 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-02-27 201728]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-20 1790976]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2007-04-23 50176]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2007-12-13 132864]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-07-03 11264]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-10-11 176640]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-20 1790976]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-11-28 44768]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-15 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11 257416]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-15 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-12-11 119408]

-----------------EOF-----------------

Zdravim

Aktualizujem skener
Smazte RSIT a slozku C:\Program Files\trend micro , pokud ji najdete.
Pak stahnete nove RSIT http://images.malwareremoval.com/random/RSIT.exe a dejte log z nej.


Udelejte !!!kompletni!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

Dobrý den,

posílám další várku logů

___________________________ RSIT ____________________

Logfile of random's system information tool 1.09 (written by random/random)
Run by Sabina at 2013-12-26 12:56:27
Microsoft® Windows Vista™ Home Premium
System drive C: has 152 GB (66%) free of 230 GB
Total RAM: 2037 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:57:03, on 26.12.2013
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Sabina\Downloads\RSIT.exe
C:\Program Files\trend micro\Sabina.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{142C88B8-4F0A-4005-B6CF-DBB48AD55568}: NameServer = 10.10.3.1
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7983 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{120C37D5-B427-42A8-A86E-CC65335376AF}.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Sabina\AppData\Roaming\Mozilla\Firefox\Profiles\u74nv9ti.default

prefs.js - "browser.startup.homepage" - "http://eu.ask.com/?l=dis&o=APN10251&gct=hp"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.170 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll


C:\Users\Sabina\AppData\Roaming\Mozilla\Firefox\Profiles\u74nv9ti.default\searchplugins\
askcom.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-11-28 809040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-11-28 809040]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-08-28 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-08-28 154136]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-08-28 137752]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-06-30 159744]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-09-30 181544]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-27 202032]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-09-13 222504]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-12-13 1006264]
"HP Health Check Scheduler"=[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-10-03 480560]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"avast"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-11-28 3744552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-07-03 1232896]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]

C:\Users\Sabina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-08-20 200704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.l3codecp"=l3codecp.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FFDS"=ff_vfw.dll
"vidc.xvid"=xvidvfw.dll
"vidc.lags"=lagarith.dll
"msacm.ac3filter"=ac3filter.acm
"msacm.divxa32"=DivXa32.acm
"msacm.lameacm"=LameACM.acm

======List of files/folders created in the last 1 month======

2013-12-25 20:53:09 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2013-12-25 20:53:08 ----D---- C:\Users\Sabina\AppData\Roaming\Malwarebytes
2013-12-25 20:52:48 ----D---- C:\ProgramData\Malwarebytes
2013-12-25 20:52:46 ----A---- C:\Windows\system32\drivers\mbam.sys
2013-12-25 20:52:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-12-25 20:48:56 ----D---- C:\rsit
2013-12-25 20:48:56 ----D---- C:\Program Files\trend micro
2013-12-25 17:51:44 ----D---- C:\Program Files\CCleaner
2013-12-11 20:50:36 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2013-12-26 12:57:03 ----D---- C:\Windows\Temp
2013-12-26 12:53:34 ----D---- C:\Windows\Prefetch
2013-12-26 12:49:47 ----D---- C:\Windows
2013-12-25 20:53:55 ----D---- C:\Windows\system32\drivers
2013-12-25 20:52:48 ----HD---- C:\ProgramData
2013-12-25 20:52:45 ----RD---- C:\Program Files
2013-12-25 20:51:53 ----D---- C:\Windows\inf
2013-12-25 18:14:11 ----D---- C:\Users\Sabina\AppData\Roaming\Media Player Classic
2013-12-25 18:13:13 ----D---- C:\Windows\panther
2013-12-25 18:13:09 ----D---- C:\Windows\Minidump
2013-12-25 18:13:09 ----D---- C:\Windows\Debug
2013-12-25 17:51:54 ----D---- C:\Windows\system32\Tasks
2013-12-25 17:08:12 ----D---- C:\Windows\System32
2013-12-25 17:08:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-12-25 16:51:08 ----SHD---- C:\System Volume Information
2013-12-25 16:41:20 ----SHD---- C:\Windows\Installer
2013-12-15 18:08:59 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-12-11 01:45:44 ----A---- C:\Windows\system32\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-09-29 308248]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-11-28 34392]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-11-28 435032]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-11-28 314456]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-11-28 52952]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-11-28 20568]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-25 155136]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-05-30 735232]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-02-27 201728]
R3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-20 1790976]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2007-04-23 50176]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2007-12-13 132864]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-10-11 176640]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-20 1790976]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2013-12-25 40776]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-11-28 44768]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-15 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11 257416]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-15 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-12-11 119408]

-----------------EOF-----------------



__________________MBAM ___________________________________

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.12.25.05

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
Sabina :: SABINA-PC [administrátor]

Ochrana: Povolena

26.12.2013 12:57:59
MBAM-log-2013-12-26 (14-12-23).txt

Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 319732
Uplynulý čas: 1 hodin, 2 minut, 21 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 2
C:\Users\Sabina\Downloads\media-player-codec-pack-lista-centrumcz.exe (Trojan.Downloader.Agent) -> Nebyla provedena žádná instrukce.
C:\Users\Sabina\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Nebyla provedena žádná instrukce.

(konec)



Děkuji
Melfik

Proc nemate aktualizovany system? Vista by mela mit Service Pack 2.

Nalezy MBAM nechte odstranit, pak MBAM odinstalujte.

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a program zacne pracovat.
Az skonci, vyplivne na vas log (pokud ne, najdete ho zde C:\AdwCleaner\AdwCleaner[R?].txt ), ten mi sem zkopirujte.

SP2 ani nevím, že nemáme. PC je tety, jen ho potřebovala "pročistit"
Chápu to tak, že mám hned po očistě aktualizovat na SP2.

Log z Adwcleaneru.
--
# AdwCleaner v3.016 - Report created 26/12/2013 at 14:34:42
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium (32 bits)
# Username : Sabina - SABINA-PC
# Running from : C:\Users\Sabina\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Sabina\AppData\Roaming\Mozilla\Firefox\Profiles\u74nv9ti.default\searchplugins\Askcom.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.16982


-\\ Mozilla Firefox v26.0 (cs)

[ File : C:\Users\Sabina\AppData\Roaming\Mozilla\Firefox\Profiles\u74nv9ti.default\prefs.js ]

Line Found : user_pref("browser.search.order.1", "Ask.com");
Line Found : user_pref("browser.startup.homepage", "hxxp://eu.ask.com/?l=dis&o=APN10251&gct=hp");

*************************

AdwCleaner[R0].txt - [1942 octets] - [26/12/2013 14:34:42]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2002 octets] ##########

melfik007 píše:Chápu to tak, že mám hned po očistě aktualizovat na SP2.

Urcite, system by mel byt vzdycky aktualizovany


Znovu ukoncete vsechny programy a spustte AdwCleaner jako spravce.
Tentokrat kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne dalsi log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zase zkopirujte.

Posílám log z AdwCleaneru.



# AdwCleaner v3.016 - Report created 26/12/2013 at 21:01:30
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium (32 bits)
# Username : Sabina - SABINA-PC
# Running from : C:\Users\Sabina\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\Sabina\AppData\Roaming\Mozilla\Firefox\Profiles\u74nv9ti.default\searchplugins\Askcom.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.16982


-\\ Mozilla Firefox v26.0 (cs)

[ File : C:\Users\Sabina\AppData\Roaming\Mozilla\Firefox\Profiles\u74nv9ti.default\prefs.js ]

Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://eu.ask.com/?l=dis&o=APN10251&gct=hp");

*************************

AdwCleaner[R0].txt - [2082 octets] - [26/12/2013 14:34:42]
AdwCleaner[R1].txt - [2142 octets] - [26/12/2013 21:00:52]
AdwCleaner[S0].txt - [2089 octets] - [26/12/2013 21:01:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2149 octets] ##########

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu, kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte

Dobrý den,

log z RogueKillera je tady

Děkuju za trpělivost.

__________________________________

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows Vista (6.0.6000 ) 32 bits version
Spuštěno v : Normální režim
Uživatel : Sabina [Práva správce]
Mód : Kontrola -- Datum : 12/27/2013 14:28:46
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 6 ¤¤¤
[DNS][PUM] HKLM\[...]\CCSet\[...]\{142C88B8-4F0A-4005-B6CF-DBB48AD55568} : NameServer (10.10.3.1 [(Private Address) (XX)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CS001\[...]\{142C88B8-4F0A-4005-B6CF-DBB48AD55568} : NameServer (10.10.3.1 [(Private Address) (XX)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CS002\[...]\{142C88B8-4F0A-4005-B6CF-DBB48AD55568} : NameServer (10.10.3.1 [(Private Address) (XX)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CS003\[...]\{142C88B8-4F0A-4005-B6CF-DBB48AD55568} : NameServer (10.10.3.1 [(Private Address) (XX)]) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0xc0000033] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) FUJITSU MHY2250BH +++++
--- User ---
[MBR] 561763325b416c4d326310a81eab93df
[BSP] 5b7cf0c517f163b43fad6b167f9538a2 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 229993 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 471025800 | Size: 8479 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_12272013_142846.txt >>

Znovu spustte RogueKiller jako spravce (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.

Dobrý večer,

první log z RK

_____
RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows Vista (6.0.6000 ) 32 bits version
Spuštěno v : Normální režim
Uživatel : Sabina [Práva správce]
Mód : Odebrat -- Datum : 12/28/2013 00:22:47
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0xc0000033] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) FUJITSU MHY2250BH +++++
--- User ---
[MBR] 561763325b416c4d326310a81eab93df
[BSP] 5b7cf0c517f163b43fad6b167f9538a2 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 229993 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 471025800 | Size: 8479 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_D_12282013_002247.txt >>
RKreport[0]_D_12282013_002040.txt;RKreport[0]_S_12272013_142846.txt;RKreport[0]_S_12282013_002244.txt


____________

Druhý log z RK

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows Vista (6.0.6000 ) 32 bits version
Spuštěno v : Normální režim
Uživatel : Sabina [Práva správce]
Mód : Oprava HOSTS -- Datum : 12/28/2013 00:24:12
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0xc0000033] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost


¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost


Dokončeno : << RKreport[0]_H_12282013_002412.txt >>
RKreport[0]_D_12282013_002040.txt;RKreport[0]_D_12282013_002247.txt;RKreport[0]_S_12272013_142846.txt
RKreport[0]_S_12282013_002244.txt



Děkuji za trpělivost

Dejte novy log z RSIT

Dobrý den,

log z RSITu

Logfile of random's system information tool 1.09 (written by random/random)
Run by Sabina at 2013-12-28 14:43:27
Microsoft® Windows Vista™ Home Premium
System drive C: has 153 GB (66%) free of 230 GB
Total RAM: 2037 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:43:46, on 28.12.2013
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Sabina\Downloads\RSIT.exe
C:\Program Files\trend micro\Sabina.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{142C88B8-4F0A-4005-B6CF-DBB48AD55568}: NameServer = 10.10.3.1
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7717 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{120C37D5-B427-42A8-A86E-CC65335376AF}.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Sabina\AppData\Roaming\Mozilla\Firefox\Profiles\u74nv9ti.default

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.170 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-11-28 809040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-11-28 809040]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-08-28 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-08-28 154136]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-08-28 137752]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-06-30 159744]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-09-30 181544]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-27 202032]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-09-13 222504]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-12-13 1006264]
"HP Health Check Scheduler"=[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-10-03 480560]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"avast"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-11-28 3744552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-07-03 1232896]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]

C:\Users\Sabina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-08-20 200704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.l3codecp"=l3codecp.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FFDS"=ff_vfw.dll
"vidc.xvid"=xvidvfw.dll
"vidc.lags"=lagarith.dll
"msacm.ac3filter"=ac3filter.acm
"msacm.divxa32"=DivXa32.acm
"msacm.lameacm"=LameACM.acm

======List of files/folders created in the last 1 month======

2013-12-27 14:28:40 ----A---- C:\Windows\system32\drivers\XAudio.sys.bak
2013-12-27 14:28:40 ----A---- C:\Windows\system32\drivers\WUDFRd.sys.bak
2013-12-27 14:28:40 ----A---- C:\Windows\system32\drivers\WUDFPf.sys.bak
2013-12-27 14:28:40 ----A---- C:\Windows\system32\drivers\ws2ifsl.sys.bak
2013-12-27 14:28:40 ----A---- C:\Windows\system32\drivers\wmilib.sys.bak
2013-12-27 14:28:40 ----A---- C:\Windows\system32\drivers\wmiacpi.sys.bak
2013-12-27 14:28:39 ----A---- C:\Windows\system32\drivers\WdfLdr.sys.bak
2013-12-27 14:28:39 ----A---- C:\Windows\system32\drivers\Wdf01000.sys.bak
2013-12-27 14:28:39 ----A---- C:\Windows\system32\drivers\wd.sys.bak
2013-12-27 14:28:39 ----A---- C:\Windows\system32\drivers\watchdog.sys.bak
2013-12-27 14:28:39 ----A---- C:\Windows\system32\drivers\wanarp.sys.bak
2013-12-27 14:28:39 ----A---- C:\Windows\system32\drivers\wacompen.sys.bak
2013-12-27 14:28:38 ----A---- C:\Windows\system32\drivers\VSTDPV3.SYS.bak
2013-12-27 14:28:38 ----A---- C:\Windows\system32\drivers\VSTCNXT3.SYS.bak
2013-12-27 14:28:38 ----A---- C:\Windows\system32\drivers\VSTAZL3.SYS.bak
2013-12-27 14:28:37 ----A---- C:\Windows\system32\drivers\vsmraid.sys.bak
2013-12-27 14:28:37 ----A---- C:\Windows\system32\drivers\volsnap.sys.bak
2013-12-27 14:28:37 ----A---- C:\Windows\system32\drivers\volmgrx.sys.bak
2013-12-27 14:28:37 ----A---- C:\Windows\system32\drivers\volmgr.sys.bak
2013-12-27 14:28:37 ----A---- C:\Windows\system32\drivers\videoprt.sys.bak
2013-12-27 14:28:37 ----A---- C:\Windows\system32\drivers\viaide.sys.bak
2013-12-27 14:28:36 ----A---- C:\Windows\system32\drivers\viac7.sys.bak
2013-12-27 14:28:36 ----A---- C:\Windows\system32\drivers\VIAAGP.SYS.bak
2013-12-27 14:28:36 ----A---- C:\Windows\system32\drivers\vgapnp.sys.bak
2013-12-27 14:28:36 ----A---- C:\Windows\system32\drivers\vga.sys.bak
2013-12-27 14:28:36 ----A---- C:\Windows\system32\drivers\usbvideo.sys.bak
2013-12-27 14:28:36 ----A---- C:\Windows\system32\drivers\usbuhci.sys.bak
2013-12-27 14:28:36 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS.bak
2013-12-27 14:28:35 ----A---- C:\Windows\system32\drivers\usbprint.sys.bak
2013-12-27 14:28:35 ----A---- C:\Windows\system32\drivers\usbport.sys.bak
2013-12-27 14:28:35 ----A---- C:\Windows\system32\drivers\usbohci.sys.bak
2013-12-27 14:28:35 ----A---- C:\Windows\system32\drivers\usbhub.sys.bak
2013-12-27 14:28:35 ----A---- C:\Windows\system32\drivers\usbehci.sys.bak
2013-12-27 14:28:35 ----A---- C:\Windows\system32\drivers\usbd.sys.bak
2013-12-27 14:28:35 ----A---- C:\Windows\system32\drivers\usbcir.sys.bak
2013-12-27 14:28:34 ----A---- C:\Windows\system32\drivers\usbccgp.sys.bak
2013-12-27 14:28:34 ----A---- C:\Windows\system32\drivers\USBCAMD2.sys.bak
2013-12-27 14:28:34 ----A---- C:\Windows\system32\drivers\USBCAMD.sys.bak
2013-12-27 14:28:34 ----A---- C:\Windows\system32\drivers\usb8023.sys.bak
2013-12-27 14:28:34 ----A---- C:\Windows\system32\drivers\umpass.sys.bak
2013-12-27 14:28:34 ----A---- C:\Windows\system32\drivers\umbus.sys.bak
2013-12-27 14:28:34 ----A---- C:\Windows\system32\drivers\ulsata2.sys.bak
2013-12-27 14:28:33 ----A---- C:\Windows\system32\drivers\ulsata.sys.bak
2013-12-27 14:28:33 ----A---- C:\Windows\system32\drivers\uliahci.sys.bak
2013-12-27 14:28:33 ----A---- C:\Windows\system32\drivers\ULIAGPKX.SYS.bak
2013-12-27 14:28:33 ----A---- C:\Windows\system32\drivers\udfs.sys.bak
2013-12-27 14:28:33 ----A---- C:\Windows\system32\drivers\UAGP35.SYS.bak
2013-12-27 14:28:33 ----A---- C:\Windows\system32\drivers\tunnel.sys.bak
2013-12-27 14:28:33 ----A---- C:\Windows\system32\drivers\TUNMP.SYS.bak
2013-12-27 14:28:32 ----A---- C:\Windows\system32\drivers\tssecsrv.sys.bak
2013-12-27 14:28:32 ----A---- C:\Windows\system32\drivers\termdd.sys.bak
2013-12-27 14:28:32 ----A---- C:\Windows\system32\drivers\tdx.sys.bak
2013-12-27 14:28:32 ----A---- C:\Windows\system32\drivers\tdtcp.sys.bak
2013-12-27 14:28:32 ----A---- C:\Windows\system32\drivers\tdpipe.sys.bak
2013-12-27 14:28:32 ----A---- C:\Windows\system32\drivers\tdi.sys.bak
2013-12-27 14:28:32 ----A---- C:\Windows\system32\drivers\tcpipreg.sys.bak
2013-12-27 14:28:31 ----A---- C:\Windows\system32\drivers\tcpip.sys.bak
2013-12-27 14:28:31 ----A---- C:\Windows\system32\drivers\tape.sys.bak
2013-12-27 14:28:31 ----A---- C:\Windows\system32\drivers\symc8xx.sys.bak
2013-12-27 14:28:31 ----A---- C:\Windows\system32\drivers\sym_u3.sys.bak
2013-12-27 14:28:31 ----A---- C:\Windows\system32\drivers\sym_hi.sys.bak
2013-12-27 14:28:31 ----A---- C:\Windows\system32\drivers\swenum.sys.bak
2013-12-27 14:28:30 ----A---- C:\Windows\system32\drivers\stream.sys.bak
2013-12-27 14:28:30 ----A---- C:\Windows\system32\drivers\Storport.sys.bak
2013-12-27 14:28:30 ----A---- C:\Windows\system32\drivers\srvnet.sys.bak
2013-12-27 14:28:30 ----A---- C:\Windows\system32\drivers\srv2.sys.bak
2013-12-27 14:28:30 ----A---- C:\Windows\system32\drivers\srv.sys.bak
2013-12-27 14:28:30 ----A---- C:\Windows\system32\drivers\spsys.sys.bak
2013-12-27 14:28:29 ----A---- C:\Windows\system32\drivers\spldr.sys.bak
2013-12-27 14:28:29 ----A---- C:\Windows\system32\drivers\smclib.sys.bak
2013-12-27 14:28:29 ----A---- C:\Windows\system32\drivers\smb.sys.bak
2013-12-27 14:28:29 ----A---- C:\Windows\system32\drivers\sisraid4.sys.bak
2013-12-27 14:28:29 ----A---- C:\Windows\system32\drivers\sisraid2.sys.bak
2013-12-27 14:28:29 ----A---- C:\Windows\system32\drivers\SISAGP.SYS.bak
2013-12-27 14:28:29 ----A---- C:\Windows\system32\drivers\sfloppy.sys.bak
2013-12-27 14:28:28 ----A---- C:\Windows\system32\drivers\sffp_sd.sys.bak
2013-12-27 14:28:28 ----A---- C:\Windows\system32\drivers\sffp_mmc.sys.bak
2013-12-27 14:28:28 ----A---- C:\Windows\system32\drivers\sffdisk.sys.bak
2013-12-27 14:28:28 ----A---- C:\Windows\system32\drivers\sermouse.sys.bak
2013-12-27 14:28:28 ----A---- C:\Windows\system32\drivers\serial.sys.bak
2013-12-27 14:28:28 ----A---- C:\Windows\system32\drivers\serenum.sys.bak
2013-12-27 14:28:27 ----A---- C:\Windows\system32\drivers\secdrv.sys.bak
2013-12-27 14:28:27 ----A---- C:\Windows\system32\drivers\scsiport.sys.bak
2013-12-27 14:28:27 ----A---- C:\Windows\system32\drivers\sbp2port.sys.bak
2013-12-27 14:28:27 ----A---- C:\Windows\system32\drivers\Rtnicxp.sys.bak
2013-12-27 14:28:27 ----A---- C:\Windows\system32\drivers\rspndr.sys.bak
2013-12-27 14:28:27 ----A---- C:\Windows\system32\drivers\rootmdm.sys.bak
2013-12-27 14:28:27 ----A---- C:\Windows\system32\drivers\RNDISMP.sys.bak
2013-12-27 14:28:26 ----A---- C:\Windows\system32\drivers\rmcast.sys.bak
2013-12-27 14:28:26 ----A---- C:\Windows\system32\drivers\rdpwd.sys.bak
2013-12-27 14:28:26 ----A---- C:\Windows\system32\drivers\RDPENCDD.sys.bak
2013-12-27 14:28:26 ----A---- C:\Windows\system32\drivers\rdpdr.sys.bak
2013-12-27 14:28:26 ----A---- C:\Windows\system32\drivers\RDPCDD.sys.bak
2013-12-27 14:28:25 ----A---- C:\Windows\system32\drivers\rdbss.sys.bak
2013-12-27 14:28:25 ----A---- C:\Windows\system32\drivers\raspptp.sys.bak
2013-12-27 14:28:25 ----A---- C:\Windows\system32\drivers\raspppoe.sys.bak
2013-12-27 14:28:25 ----A---- C:\Windows\system32\drivers\rasl2tp.sys.bak
2013-12-27 14:28:25 ----A---- C:\Windows\system32\drivers\rasacd.sys.bak
2013-12-27 14:28:25 ----A---- C:\Windows\system32\drivers\qwavedrv.sys.bak
2013-12-27 14:28:25 ----A---- C:\Windows\system32\drivers\ql40xx.sys.bak
2013-12-27 14:28:24 ----A---- C:\Windows\system32\drivers\ql2300.sys.bak
2013-12-27 14:28:24 ----A---- C:\Windows\system32\drivers\processr.sys.bak
2013-12-27 14:28:24 ----A---- C:\Windows\system32\drivers\portcls.sys.bak
2013-12-27 14:28:24 ----A---- C:\Windows\system32\drivers\PEAuth.sys.bak
2013-12-27 14:28:23 ----A---- C:\Windows\system32\drivers\pcmcia.sys.bak
2013-12-27 14:28:23 ----A---- C:\Windows\system32\drivers\pciidex.sys.bak
2013-12-27 14:28:23 ----A---- C:\Windows\system32\drivers\pciide.sys.bak
2013-12-27 14:28:23 ----A---- C:\Windows\system32\drivers\pci.sys.bak
2013-12-27 14:28:23 ----A---- C:\Windows\system32\drivers\parvdm.sys.bak
2013-12-27 14:28:23 ----A---- C:\Windows\system32\drivers\partmgr.sys.bak
2013-12-27 14:28:23 ----A---- C:\Windows\system32\drivers\parport.sys.bak
2013-12-27 14:28:22 ----A---- C:\Windows\system32\drivers\pacer.sys.bak
2013-12-27 14:28:22 ----A---- C:\Windows\system32\drivers\ohci1394.sys.bak
2013-12-27 14:28:22 ----A---- C:\Windows\system32\drivers\nwifi.sys.bak
2013-12-27 14:28:22 ----A---- C:\Windows\system32\drivers\nvstor.sys.bak
2013-12-27 14:28:22 ----A---- C:\Windows\system32\drivers\nvraid.sys.bak
2013-12-27 14:28:22 ----A---- C:\Windows\system32\drivers\NV_AGP.SYS.bak
2013-12-27 14:28:22 ----A---- C:\Windows\system32\drivers\null.sys.bak
2013-12-27 14:28:21 ----A---- C:\Windows\system32\drivers\ntrigdigi.sys.bak
2013-12-27 14:28:21 ----A---- C:\Windows\system32\drivers\ntfs.sys.bak
2013-12-27 14:28:21 ----A---- C:\Windows\system32\drivers\nsiproxy.sys.bak
2013-12-27 14:28:21 ----A---- C:\Windows\system32\drivers\npfs.sys.bak
2013-12-27 14:28:21 ----A---- C:\Windows\system32\drivers\nfrd960.sys.bak
2013-12-27 14:28:20 ----A---- C:\Windows\system32\drivers\netio.sys.bak
2013-12-27 14:28:20 ----A---- C:\Windows\system32\drivers\netbt.sys.bak
2013-12-27 14:28:20 ----A---- C:\Windows\system32\drivers\netbios.sys.bak
2013-12-27 14:28:20 ----A---- C:\Windows\system32\drivers\ndproxy.sys.bak
2013-12-27 14:28:20 ----A---- C:\Windows\system32\drivers\ndiswan.sys.bak
2013-12-27 14:28:20 ----A---- C:\Windows\system32\drivers\ndisuio.sys.bak
2013-12-27 14:28:19 ----A---- C:\Windows\system32\drivers\ndistapi.sys.bak
2013-12-27 14:28:19 ----A---- C:\Windows\system32\drivers\ndis.sys.bak
2013-12-27 14:28:19 ----A---- C:\Windows\system32\drivers\mup.sys.bak
2013-12-27 14:28:19 ----A---- C:\Windows\system32\drivers\mstee.sys.bak
2013-12-27 14:28:19 ----A---- C:\Windows\system32\drivers\mssmbios.sys.bak
2013-12-27 14:28:19 ----A---- C:\Windows\system32\drivers\msrpc.sys.bak
2013-12-27 14:28:19 ----A---- C:\Windows\system32\drivers\mspqm.sys.bak
2013-12-27 14:28:18 ----A---- C:\Windows\system32\drivers\mspclock.sys.bak
2013-12-27 14:28:18 ----A---- C:\Windows\system32\drivers\mskssrv.sys.bak
2013-12-27 14:28:18 ----A---- C:\Windows\system32\drivers\msiscsi.sys.bak
2013-12-27 14:28:18 ----A---- C:\Windows\system32\drivers\msisadrv.sys.bak
2013-12-27 14:28:18 ----A---- C:\Windows\system32\drivers\msfs.sys.bak
2013-12-27 14:28:18 ----A---- C:\Windows\system32\drivers\msdsm.sys.bak
2013-12-27 14:28:17 ----A---- C:\Windows\system32\drivers\msahci.sys.bak
2013-12-27 14:28:17 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys.bak
2013-12-27 14:28:17 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys.bak
2013-12-27 14:28:17 ----A---- C:\Windows\system32\drivers\mrxsmb.sys.bak
2013-12-27 14:28:17 ----A---- C:\Windows\system32\drivers\mrxdav.sys.bak
2013-12-27 14:28:17 ----A---- C:\Windows\system32\drivers\Mraid35x.sys.bak
2013-12-27 14:28:17 ----A---- C:\Windows\system32\drivers\mpsdrv.sys.bak
2013-12-27 14:28:16 ----A---- C:\Windows\system32\drivers\mpio.sys.bak
2013-12-27 14:28:16 ----A---- C:\Windows\system32\drivers\mountmgr.sys.bak
2013-12-27 14:28:16 ----A---- C:\Windows\system32\drivers\mouhid.sys.bak
2013-12-27 14:28:16 ----A---- C:\Windows\system32\drivers\mouclass.sys.bak
2013-12-27 14:28:16 ----A---- C:\Windows\system32\drivers\monitor.sys.bak
2013-12-27 14:28:16 ----A---- C:\Windows\system32\drivers\modem.sys.bak
2013-12-27 14:28:16 ----A---- C:\Windows\system32\drivers\megasas.sys.bak
2013-12-27 14:28:15 ----A---- C:\Windows\system32\drivers\mdmxsdk.sys.bak
2013-12-27 14:28:15 ----A---- C:\Windows\system32\drivers\mcd.sys.bak
2013-12-27 14:28:15 ----A---- C:\Windows\system32\drivers\luafv.sys.bak
2013-12-27 14:28:15 ----A---- C:\Windows\system32\drivers\lsi_scsi.sys.bak
2013-12-27 14:28:15 ----A---- C:\Windows\system32\drivers\lsi_sas.sys.bak
2013-12-27 14:28:15 ----A---- C:\Windows\system32\drivers\lsi_fc.sys.bak
2013-12-27 14:28:15 ----A---- C:\Windows\system32\drivers\lltdio.sys.bak
2013-12-27 14:28:14 ----A---- C:\Windows\system32\drivers\ksecdd.sys.bak
2013-12-27 14:28:14 ----A---- C:\Windows\system32\drivers\ks.sys.bak
2013-12-27 14:28:14 ----A---- C:\Windows\system32\drivers\kbdhid.sys.bak
2013-12-27 14:28:14 ----A---- C:\Windows\system32\drivers\kbdclass.sys.bak
2013-12-27 14:28:14 ----A---- C:\Windows\system32\drivers\iteraid.sys.bak
2013-12-27 14:28:14 ----A---- C:\Windows\system32\drivers\iteatapi.sys.bak
2013-12-27 14:28:14 ----A---- C:\Windows\system32\drivers\isapnp.sys.bak
2013-12-27 14:28:13 ----A---- C:\Windows\system32\drivers\irenum.sys.bak
2013-12-27 14:28:13 ----A---- C:\Windows\system32\drivers\irda.sys.bak
2013-12-27 14:28:13 ----A---- C:\Windows\system32\drivers\ipnat.sys.bak
2013-12-27 14:28:13 ----A---- C:\Windows\system32\drivers\IPMIDrv.sys.bak
2013-12-27 14:28:13 ----A---- C:\Windows\system32\drivers\ipfltdrv.sys.bak
2013-12-27 14:28:13 ----A---- C:\Windows\system32\drivers\intelppm.sys.bak
2013-12-27 14:28:13 ----A---- C:\Windows\system32\drivers\intelide.sys.bak
2013-12-27 14:28:12 ----A---- C:\Windows\system32\drivers\iirsp.sys.bak
2013-12-27 14:28:12 ----A---- C:\Windows\system32\drivers\igdkmd32.sys.bak
2013-12-27 14:28:11 ----A---- C:\Windows\system32\drivers\iaStorV.sys.bak
2013-12-27 14:28:11 ----A---- C:\Windows\system32\drivers\iaStor.sys.bak
2013-12-27 14:28:11 ----A---- C:\Windows\system32\drivers\i8042prt.sys.bak
2013-12-27 14:28:11 ----A---- C:\Windows\system32\drivers\i2omp.sys.bak
2013-12-27 14:28:11 ----A---- C:\Windows\system32\drivers\i2omgmt.sys.bak
2013-12-27 14:28:10 ----A---- C:\Windows\system32\drivers\http.sys.bak
2013-12-27 14:28:10 ----A---- C:\Windows\system32\drivers\HSX_DPV.sys.bak
2013-12-27 14:28:10 ----A---- C:\Windows\system32\drivers\HSX_CNXT.sys.bak
2013-12-27 14:28:09 ----A---- C:\Windows\system32\drivers\HSXHWAZL.sys.bak
2013-12-27 14:28:09 ----A---- C:\Windows\system32\drivers\HpqKbFiltr.sys.bak
2013-12-27 14:28:09 ----A---- C:\Windows\system32\drivers\HpCISSs.sys.bak
2013-12-27 14:28:09 ----A---- C:\Windows\system32\drivers\hidusb.sys.bak
2013-12-27 14:28:09 ----A---- C:\Windows\system32\drivers\hidparse.sys.bak
2013-12-27 14:28:09 ----A---- C:\Windows\system32\drivers\hidir.sys.bak
2013-12-27 14:28:09 ----A---- C:\Windows\system32\drivers\hidclass.sys.bak
2013-12-27 14:28:09 ----A---- C:\Windows\system32\drivers\hidbth.sys.bak
2013-12-27 14:28:08 ----A---- C:\Windows\system32\drivers\HdAudio.sys.bak
2013-12-27 14:28:08 ----A---- C:\Windows\system32\drivers\hdaudbus.sys.bak
2013-12-27 14:28:08 ----A---- C:\Windows\system32\drivers\GAGP30KX.SYS.bak
2013-12-27 14:28:08 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS.bak
2013-12-27 14:28:08 ----A---- C:\Windows\system32\drivers\fs_rec.sys.bak
2013-12-27 14:28:08 ----A---- C:\Windows\system32\drivers\fltMgr.sys.bak
2013-12-27 14:28:08 ----A---- C:\Windows\system32\drivers\flpydisk.sys.bak
2013-12-27 14:28:07 ----A---- C:\Windows\system32\drivers\filetrace.sys.bak
2013-12-27 14:28:07 ----A---- C:\Windows\system32\drivers\fileinfo.sys.bak
2013-12-27 14:28:07 ----A---- C:\Windows\system32\drivers\fdc.sys.bak
2013-12-27 14:28:07 ----A---- C:\Windows\system32\drivers\fastfat.sys.bak
2013-12-27 14:28:07 ----A---- C:\Windows\system32\drivers\elxstor.sys.bak
2013-12-27 14:28:06 ----A---- C:\Windows\system32\drivers\ecache.sys.bak
2013-12-27 14:28:06 ----A---- C:\Windows\system32\drivers\E1G60I32.sys.bak
2013-12-27 14:28:06 ----A---- C:\Windows\system32\drivers\e100b325.sys.bak
2013-12-27 14:28:06 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys.bak
2013-12-27 14:28:06 ----A---- C:\Windows\system32\drivers\dxg.sys.bak
2013-12-27 14:28:06 ----A---- C:\Windows\system32\drivers\dxapi.sys.bak
2013-12-27 14:28:05 ----A---- C:\Windows\system32\drivers\Dumpata.sys.bak
2013-12-27 14:28:05 ----A---- C:\Windows\system32\drivers\drmkaud.sys.bak
2013-12-27 14:28:05 ----A---- C:\Windows\system32\drivers\drmk.sys.bak
2013-12-27 14:28:05 ----A---- C:\Windows\system32\drivers\djsvs.sys.bak
2013-12-27 14:28:05 ----A---- C:\Windows\system32\drivers\Diskdump.sys.bak
2013-12-27 14:28:05 ----A---- C:\Windows\system32\drivers\disk.sys.bak
2013-12-27 14:28:05 ----A---- C:\Windows\system32\drivers\dfsc.sys.bak
2013-12-27 14:28:04 ----A---- C:\Windows\system32\drivers\crusoe.sys.bak
2013-12-27 14:28:04 ----A---- C:\Windows\system32\drivers\crcdisk.sys.bak
2013-12-27 14:28:04 ----A---- C:\Windows\system32\drivers\crashdmp.sys.bak
2013-12-27 14:28:04 ----A---- C:\Windows\system32\drivers\CPQBttn.sys.bak
2013-12-27 14:28:04 ----A---- C:\Windows\system32\drivers\compbatt.sys.bak
2013-12-27 14:28:04 ----A---- C:\Windows\system32\drivers\cmdide.sys.bak
2013-12-27 14:28:04 ----A---- C:\Windows\system32\drivers\CmBatt.sys.bak
2013-12-27 14:28:03 ----A---- C:\Windows\system32\drivers\CHDRT32.sys.bak
2013-12-27 14:28:03 ----A---- C:\Windows\system32\drivers\CHDART.sys.bak
2013-12-27 14:28:03 ----A---- C:\Windows\system32\drivers\Classpnp.sys.bak
2013-12-27 14:28:03 ----A---- C:\Windows\system32\drivers\circlass.sys.bak
2013-12-27 14:28:03 ----A---- C:\Windows\system32\drivers\cdrom.sys.bak
2013-12-27 14:28:02 ----A---- C:\Windows\system32\drivers\cdfs.sys.bak
2013-12-27 14:28:02 ----A---- C:\Windows\system32\drivers\bthmodem.sys.bak
2013-12-27 14:28:02 ----A---- C:\Windows\system32\drivers\BrUsbSer.sys.bak
2013-12-27 14:28:02 ----A---- C:\Windows\system32\drivers\BrUsbMdm.sys.bak
2013-12-27 14:28:02 ----A---- C:\Windows\system32\drivers\BrSerWdm.sys.bak
2013-12-27 14:28:02 ----A---- C:\Windows\system32\drivers\BrSerId.sys.bak
2013-12-27 14:28:01 ----A---- C:\Windows\system32\drivers\bridge.sys.bak
2013-12-27 14:28:01 ----A---- C:\Windows\system32\drivers\BrFiltUp.sys.bak
2013-12-27 14:28:01 ----A---- C:\Windows\system32\drivers\BrFiltLo.sys.bak
2013-12-27 14:28:01 ----A---- C:\Windows\system32\drivers\bowser.sys.bak
2013-12-27 14:28:01 ----A---- C:\Windows\system32\drivers\beep.sys.bak
2013-12-27 14:28:00 ----A---- C:\Windows\system32\drivers\bdasup.sys.bak
2013-12-27 14:28:00 ----A---- C:\Windows\system32\drivers\BCMWL6.SYS.bak
2013-12-27 14:28:00 ----A---- C:\Windows\system32\drivers\battc.sys.bak
2013-12-27 14:28:00 ----A---- C:\Windows\system32\drivers\athr.sys.bak
2013-12-27 14:27:59 ----A---- C:\Windows\system32\drivers\ataport.sys.bak
2013-12-27 14:27:59 ----A---- C:\Windows\system32\drivers\atapi.sys.bak
2013-12-27 14:27:59 ----A---- C:\Windows\system32\drivers\asyncmac.sys.bak
2013-12-27 14:27:59 ----A---- C:\Windows\system32\drivers\arcsas.sys.bak
2013-12-27 14:27:59 ----A---- C:\Windows\system32\drivers\arc.sys.bak
2013-12-27 14:27:59 ----A---- C:\Windows\system32\drivers\Apfiltr.sys.bak
2013-12-27 14:27:58 ----A---- C:\Windows\system32\drivers\amdk8.sys.bak
2013-12-27 14:27:58 ----A---- C:\Windows\system32\drivers\amdk7.sys.bak
2013-12-27 14:27:58 ----A---- C:\Windows\system32\drivers\amdide.sys.bak
2013-12-27 14:27:58 ----A---- C:\Windows\system32\drivers\AMDAGP.SYS.bak
2013-12-27 14:27:58 ----A---- C:\Windows\system32\drivers\aliide.sys.bak
2013-12-27 14:27:58 ----A---- C:\Windows\system32\drivers\AGP440.sys.bak
2013-12-27 14:27:58 ----A---- C:\Windows\system32\drivers\afd.sys.bak
2013-12-27 14:27:57 ----A---- C:\Windows\system32\drivers\adpu320.sys.bak
2013-12-27 14:27:57 ----A---- C:\Windows\system32\drivers\adpu160m.sys.bak
2013-12-27 14:27:57 ----A---- C:\Windows\system32\drivers\adpahci.sys.bak
2013-12-27 14:27:57 ----A---- C:\Windows\system32\drivers\adp94xx.sys.bak
2013-12-27 14:27:57 ----A---- C:\Windows\system32\drivers\acpi.sys.bak
2013-12-27 14:27:56 ----A---- C:\Windows\system32\drivers\1394bus.sys.bak
2013-12-27 14:26:19 ----A---- C:\Windows\system32\TrueSight.sys
2013-12-26 21:10:46 ----D---- C:\Windows\system32\MRT
2013-12-26 14:34:18 ----D---- C:\AdwCleaner
2013-12-25 20:53:08 ----D---- C:\Users\Sabina\AppData\Roaming\Malwarebytes
2013-12-25 20:52:48 ----D---- C:\ProgramData\Malwarebytes
2013-12-25 20:48:56 ----D---- C:\rsit
2013-12-25 20:48:56 ----D---- C:\Program Files\trend micro
2013-12-25 17:51:44 ----D---- C:\Program Files\CCleaner
2013-12-11 20:50:36 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2013-12-28 14:43:43 ----D---- C:\Windows\Temp
2013-12-28 00:22:42 ----D---- C:\Windows\system32\drivers
2013-12-27 18:53:53 ----SHD---- C:\System Volume Information
2013-12-27 18:47:48 ----D---- C:\Windows\Prefetch
2013-12-27 14:26:19 ----D---- C:\Windows\System32
2013-12-26 21:10:45 ----D---- C:\Windows\Debug
2013-12-26 21:03:01 ----RD---- C:\Program Files
2013-12-26 14:28:53 ----D---- C:\Windows\ShellNew
2013-12-26 12:49:47 ----D---- C:\Windows
2013-12-25 20:52:48 ----HD---- C:\ProgramData
2013-12-25 20:51:53 ----D---- C:\Windows\inf
2013-12-25 18:14:11 ----D---- C:\Users\Sabina\AppData\Roaming\Media Player Classic
2013-12-25 18:13:13 ----D---- C:\Windows\panther
2013-12-25 18:13:09 ----D---- C:\Windows\Minidump
2013-12-25 17:51:54 ----D---- C:\Windows\system32\Tasks
2013-12-25 17:08:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-12-25 16:41:20 ----SHD---- C:\Windows\Installer
2013-12-15 18:08:59 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-12-11 01:45:44 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-12-01 14:42:48 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-09-29 308248]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-11-28 34392]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-11-28 435032]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-11-28 314456]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-11-28 52952]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-11-28 20568]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-25 155136]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-05-30 735232]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-02-27 201728]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-20 1790976]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2007-04-23 50176]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2007-12-13 132864]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-10-11 176640]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-20 1790976]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 TrueSight;TrueSight; \??\ []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-11-28 44768]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-15 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11 257416]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-15 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-12-11 119408]

-----------------EOF-----------------

Jeste jeden sken a budem mazat.

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

Vkládám logy

OTL logfile created on: 28.12.2013 15:03:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sabina\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,99 Gb Total Physical Memory | 0,67 Gb Available Physical Memory | 33,45% Memory free
4,19 Gb Paging File | 2,64 Gb Available in Paging File | 63,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224,60 Gb Total Space | 179,30 Gb Free Space | 79,83% Space Free | Partition Type: NTFS
Drive D: | 8,28 Gb Total Space | 2,70 Gb Free Space | 32,58% Space Free | Partition Type: NTFS
Drive E: | 1,39 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: SABINA-PC | User Name: Sabina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.12.28 15:01:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sabina\Desktop\OTL.exe
PRC - [2013.12.27 14:24:22 | 003,810,304 | ---- | M] () -- C:\Users\Sabina\Desktop\RogueKiller.exe
PRC - [2013.12.04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.06.07 20:12:12 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010.06.07 20:12:08 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.12.13 07:24:36 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 14:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.07.12 04:00:36 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe


========== Modules (No Company Name) ==========

MOD - [2013.12.04 03:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013.12.04 03:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013.12.04 03:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013.12.04 03:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013.12.04 03:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2011.07.05 20:59:47 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2007.09.30 18:33:32 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007.08.20 13:10:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Services (SafeList) ==========

SRV - [2013.12.11 20:51:04 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.12.11 01:45:44 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007.12.13 07:24:36 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.03.05 09:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (TrueSight)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2011.11.28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.11.28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.11.28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.11.28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.11.28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.11.28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008.02.27 05:26:04 | 000,201,728 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007.10.11 12:17:56 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007.07.10 15:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.06.25 12:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.06.18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.05.30 14:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.04.23 22:51:08 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006.06.28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2423492711-2225796970-908866897-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE - HKU\S-1-5-21-2423492711-2225796970-908866897-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
IE - HKU\S-1-5-21-2423492711-2225796970-908866897-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2423492711-2225796970-908866897-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2423492711-2225796970-908866897-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={ ... rer:source?}
IE - HKU\S-1-5-21-2423492711-2225796970-908866897-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.01.15 00:50:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012.02.05 21:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabina\AppData\Roaming\Mozilla\Extensions
[2013.12.25 16:40:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabina\AppData\Roaming\Mozilla\Firefox\Profiles\u74nv9ti.default\extensions
[2013.12.11 20:50:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.12.11 20:51:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - Extension: Lone Tree = C:\Users\Sabina\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfmkllfplegemejikoabfpjdaoncphip\1.2_0\
CHR - Extension: Purple flowers = C:\Users\Sabina\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgplpejojljhgndghinonhjpmbdmjamk\1.0.0.2_0\
CHR - Extension: Cute Kitten 2 = C:\Users\Sabina\AppData\Local\Google\Chrome\User Data\Default\Extensions\knhilgggnegappnkfbeaeeiioopeamlc\1_0\
CHR - Extension: Pen\u011B\u017Eenka Google = C:\Users\Sabina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Cute Kitten Theme = C:\Users\Sabina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnpakemckpkcpilpphdmcfehofhefmoa\1.1_0\

O1 HOSTS File: ([2013.12.28 00:24:12 | 000,000,741 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-2423492711-2225796970-908866897-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2423492711-2225796970-908866897-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Sabina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12DB1974-2C06-4A16-92B6-B7A2D5C7C1B7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{142C88B8-4F0A-4005-B6CF-DBB48AD55568}: NameServer = 10.10.3.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sabina\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sabina\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{394717b9-9b79-11df-a3a0-001eec20b194}\Shell - "" = AutoRun
O33 - MountPoints2\{394717b9-9b79-11df-a3a0-001eec20b194}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{bdf228ad-8e39-11e1-bb16-001eec20b194}\Shell - "" = Autorun
O33 - MountPoints2\{bdf228ad-8e39-11e1-bb16-001eec20b194}\Shell\downloadsb\command - "" = C:\Windows\explorer.exe -- [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{bdf228b2-8e39-11e1-bb16-001eec20b194}\Shell - "" = AutoRun
O33 - MountPoints2\{bdf228b2-8e39-11e1-bb16-001eec20b194}\Shell\AutoRun\command - "" = F:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\Windows\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.lags - C:\Windows\System32\Lagarith.dll ( )
Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2013.12.28 15:01:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sabina\Desktop\OTL.exe
[2013.12.28 14:47:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.12.27 14:28:40 | 000,015,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmilib.sys.bak
[2013.12.27 14:28:40 | 000,008,704 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys.bak
[2013.12.27 14:28:39 | 000,035,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys.bak
[2013.12.27 14:28:39 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys.bak
[2013.12.27 14:28:37 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\videoprt.sys.bak
[2013.12.27 14:28:35 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys.bak
[2013.12.27 14:28:35 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys.bak
[2013.12.27 14:28:34 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys.bak
[2013.12.27 14:28:34 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys.bak
[2013.12.27 14:28:34 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys.bak
[2013.12.27 14:28:32 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys.bak
[2013.12.27 14:28:31 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tape.sys.bak
[2013.12.27 14:28:30 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys.bak
[2013.12.27 14:28:30 | 000,117,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys.bak
[2013.12.27 14:28:30 | 000,052,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys.bak
[2013.12.27 14:28:29 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\smclib.sys.bak
[2013.12.27 14:28:27 | 000,140,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys.bak
[2013.12.27 14:28:27 | 000,050,176 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\System32\drivers\Rtnicxp.sys.bak
[2013.12.27 14:28:27 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys.bak
[2013.12.27 14:28:26 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys.bak
[2013.12.27 14:28:24 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys.bak
[2013.12.27 14:28:23 | 000,045,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys.bak
[2013.12.27 14:28:20 | 000,213,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys.bak
[2013.12.27 14:28:15 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mcd.sys.bak
[2013.12.27 14:28:14 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys.bak
[2013.12.27 14:28:09 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys.bak
[2013.12.27 14:28:09 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys.bak
[2013.12.27 14:28:09 | 000,016,768 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\System32\drivers\HpqKbFiltr.sys.bak
[2013.12.27 14:28:08 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS.bak
[2013.12.27 14:28:06 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys.bak
[2013.12.27 14:28:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxapi.sys.bak
[2013.12.27 14:28:05 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys.bak
[2013.12.27 14:28:05 | 000,026,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys.bak
[2013.12.27 14:28:05 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys.bak
[2013.12.27 14:28:04 | 000,033,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys.bak
[2013.12.27 14:28:04 | 000,009,472 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\System32\drivers\CPQBttn.sys.bak
[2013.12.27 14:28:03 | 000,201,728 | ---- | C] (Conexant Systems Inc.) -- C:\Windows\System32\drivers\CHDRT32.sys.bak
[2013.12.27 14:28:03 | 000,176,640 | ---- | C] (Conexant Systems Inc.) -- C:\Windows\System32\drivers\CHDART.sys.bak
[2013.12.27 14:28:03 | 000,125,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys.bak
[2013.12.27 14:28:00 | 000,735,232 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys.bak
[2013.12.27 14:28:00 | 000,028,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\battc.sys.bak
[2013.12.27 14:28:00 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bdasup.sys.bak
[2013.12.27 14:27:59 | 000,155,136 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\System32\drivers\Apfiltr.sys.bak
[2013.12.27 14:27:59 | 000,109,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys.bak
[2013.12.27 14:27:56 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\1394bus.sys.bak
[2013.12.27 14:25:14 | 000,000,000 | ---D | C] -- C:\Users\Sabina\Desktop\RK_Quarantine
[2013.12.26 21:10:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013.12.26 14:34:18 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.12.25 20:53:08 | 000,000,000 | ---D | C] -- C:\Users\Sabina\AppData\Roaming\Malwarebytes
[2013.12.25 20:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.12.25 20:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013.12.25 20:48:56 | 000,000,000 | ---D | C] -- C:\rsit
[2013.12.25 17:51:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.12.25 17:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.12.11 20:50:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013.12.28 15:07:23 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{120C37D5-B427-42A8-A86E-CC65335376AF}.job
[2013.12.28 15:06:49 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.12.28 15:01:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sabina\Desktop\OTL.exe
[2013.12.28 14:47:10 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.12.28 14:45:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.12.28 14:42:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.12.28 14:42:15 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.12.28 14:42:15 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.12.28 00:28:33 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.12.28 00:22:42 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys.bak
[2013.12.28 00:22:41 | 000,035,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys.bak
[2013.12.28 00:22:41 | 000,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmilib.sys.bak
[2013.12.28 00:22:40 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys.bak
[2013.12.28 00:22:38 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\videoprt.sys.bak
[2013.12.28 00:22:36 | 000,224,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys.bak
[2013.12.28 00:22:36 | 000,005,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys.bak
[2013.12.28 00:22:35 | 000,025,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys.bak
[2013.12.28 00:22:35 | 000,025,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys.bak
[2013.12.28 00:22:35 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys.bak
[2013.12.28 00:22:33 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys.bak
[2013.12.28 00:22:32 | 000,052,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys.bak
[2013.12.28 00:22:32 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tape.sys.bak
[2013.12.28 00:22:31 | 000,117,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys.bak
[2013.12.28 00:22:30 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys.bak
[2013.12.28 00:22:30 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smclib.sys.bak
[2013.12.28 00:22:28 | 000,140,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys.bak
[2013.12.28 00:22:28 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\Windows\System32\drivers\Rtnicxp.sys.bak
[2013.12.28 00:22:27 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys.bak
[2013.12.28 00:22:27 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys.bak
[2013.12.28 00:22:25 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys.bak
[2013.12.28 00:22:24 | 000,045,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys.bak
[2013.12.28 00:22:21 | 000,213,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys.bak
[2013.12.28 00:22:16 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mcd.sys.bak
[2013.12.28 00:22:15 | 000,148,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys.bak
[2013.12.28 00:22:09 | 000,025,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys.bak
[2013.12.28 00:22:09 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\System32\drivers\HpqKbFiltr.sys.bak
[2013.12.28 00:22:08 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys.bak
[2013.12.28 00:22:07 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS.bak
[2013.12.28 00:22:06 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys.bak
[2013.12.28 00:22:05 | 000,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys.bak
[2013.12.28 00:22:05 | 000,026,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys.bak
[2013.12.28 00:22:05 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys.bak
[2013.12.28 00:22:05 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxapi.sys.bak
[2013.12.28 00:22:04 | 000,125,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys.bak
[2013.12.28 00:22:04 | 000,033,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys.bak
[2013.12.28 00:22:04 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\System32\drivers\CPQBttn.sys.bak
[2013.12.28 00:22:03 | 000,201,728 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\System32\drivers\CHDRT32.sys.bak
[2013.12.28 00:22:03 | 000,176,640 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\System32\drivers\CHDART.sys.bak
[2013.12.28 00:22:02 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bdasup.sys.bak
[2013.12.28 00:22:01 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys.bak
[2013.12.28 00:22:01 | 000,109,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys.bak
[2013.12.28 00:22:01 | 000,028,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\battc.sys.bak
[2013.12.28 00:22:00 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Windows\System32\drivers\Apfiltr.sys.bak
[2013.12.28 00:21:59 | 000,053,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\1394bus.sys.bak
[2013.12.27 14:26:19 | 000,026,624 | ---- | M] () -- C:\Windows\System32\TrueSight.sys
[2013.12.27 14:24:22 | 003,810,304 | ---- | M] () -- C:\Users\Sabina\Desktop\RogueKiller.exe
[2013.12.26 21:03:51 | 000,000,166 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2013.12.26 21:03:23 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.12.26 21:03:02 | 2137,014,272 | -HS- | M] () -- C:\hiberfil.sys
[2013.12.26 14:32:25 | 001,233,962 | ---- | M] () -- C:\Users\Sabina\Desktop\adwcleaner.exe
[2013.12.26 12:50:25 | 000,305,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.12.25 17:08:12 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.12.25 17:08:12 | 000,473,598 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2013.12.25 17:08:12 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.12.25 17:08:12 | 000,081,404 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2013.12.11 01:45:44 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.12.11 01:45:43 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2013.12.28 15:06:49 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.12.28 14:47:10 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.12.27 14:26:19 | 000,026,624 | ---- | C] () -- C:\Windows\System32\TrueSight.sys
[2013.12.27 14:24:19 | 003,810,304 | ---- | C] () -- C:\Users\Sabina\Desktop\RogueKiller.exe
[2013.12.26 14:32:21 | 001,233,962 | ---- | C] () -- C:\Users\Sabina\Desktop\adwcleaner.exe
[2012.08.21 04:17:16 | 000,039,904 | ---- | C] () -- C:\Windows\System32\dischandler.exe
[2012.08.21 04:15:22 | 003,978,240 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll
[2012.08.21 04:14:04 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.08.21 04:12:48 | 000,271,360 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2012.08.21 04:12:34 | 000,099,840 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2012.08.21 04:12:32 | 000,157,184 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2012.08.21 04:12:30 | 000,147,456 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2012.08.21 04:12:28 | 001,525,760 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2012.08.21 04:12:28 | 000,211,968 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2012.08.21 04:12:28 | 000,114,688 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2012.08.21 04:12:24 | 000,330,240 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2012.07.19 19:56:08 | 000,172,544 | ---- | C] () -- C:\Windows\System32\libbluray.dll
[2012.07.19 19:56:02 | 006,894,331 | ---- | C] () -- C:\Windows\System32\avcodec-lav-54.dll
[2012.07.19 19:56:02 | 001,111,581 | ---- | C] () -- C:\Windows\System32\avformat-lav-54.dll
[2012.07.19 19:56:02 | 000,401,685 | ---- | C] () -- C:\Windows\System32\swscale-lav-2.dll
[2012.07.19 19:56:02 | 000,232,895 | ---- | C] () -- C:\Windows\System32\avutil-lav-51.dll
[2012.07.19 19:56:02 | 000,162,743 | ---- | C] () -- C:\Windows\System32\avfilter-lav-3.dll
[2012.07.19 19:56:02 | 000,101,820 | ---- | C] () -- C:\Windows\System32\avresample-lav-0.dll
[2012.06.17 22:15:04 | 000,198,144 | ---- | C] () -- C:\Windows\System32\spdif_test.exe
[2012.06.17 22:14:58 | 000,097,792 | ---- | C] () -- C:\Windows\System32\ac3config.exe
[2012.06.17 22:14:42 | 001,021,440 | ---- | C] () -- C:\Windows\System32\ac3filter_intl.dll
[2012.05.12 23:42:16 | 001,272,320 | ---- | C] () -- C:\Windows\System32\avcodec-53.dll
[2012.05.12 23:42:16 | 000,146,432 | ---- | C] () -- C:\Windows\System32\avutil-51.dll
[2009.05.28 18:40:41 | 000,005,648 | ---- | C] () -- C:\Users\Sabina\AppData\Local\d3d9caps.dat
[2008.12.27 11:27:21 | 000,044,032 | ---- | C] () -- C:\Users\Sabina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.29 10:45:54 | 000,000,600 | ---- | C] () -- C:\Users\Sabina\AppData\Local\PUTTY.RND
[2008.07.02 07:43:45 | 000,001,024 | ---- | C] () -- C:\Users\Sabina\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2008.11.06 13:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:16:12 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 10:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013.09.18 15:09:12 | 000,000,000 | ---D | M] -- C:\Users\Sabina\AppData\Roaming\Mikrotik
[2011.07.05 21:00:46 | 000,000,000 | ---D | M] -- C:\Users\Sabina\AppData\Roaming\OpenOffice.org
[2008.07.02 07:43:45 | 000,000,000 | ---D | M] -- C:\Users\Sabina\AppData\Roaming\Template

========== Purity Check ==========



========== Custom Scans ==========

< >
[2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 14:01:49 | 000,032,544 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2008.07.03 13:17:10 | 000,000,420 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{120C37D5-B427-42A8-A86E-CC65335376AF}.job
[2011.11.15 21:58:09 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011.11.15 21:58:10 | 000,000,940 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013.03.28 17:15:04 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< >

< MD5 for: AGP440.SYS >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\40f104edd8fff18ebca7c9e5389c3391\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\c4ef3219980caf2ac7867273ff08a64b\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2007.12.13 08:45:57 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007.12.13 08:45:57 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007.12.13 08:45:57 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\40f104edd8fff18ebca7c9e5389c3391\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.07.03 02:10:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys
[2008.07.03 02:10:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.07.03 02:10:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.07.03 02:10:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.01.19 08:33:01 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\SoftwareDistribution\Download\40f104edd8fff18ebca7c9e5389c3391\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2008.01.19 08:33:01 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\SoftwareDistribution\Download\c4ef3219980caf2ac7867273ff08a64b\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2006.11.02 10:44:50 | 000,640,000 | ---- | M] (Microsoft Corporation) MD5=C08D1FE284C3330934E45D6E5F5B768B -- C:\Windows\System32\autochk.exe
[2006.11.02 10:44:50 | 000,640,000 | ---- | M] (Microsoft Corporation) MD5=C08D1FE284C3330934E45D6E5F5B768B -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6000.16386_none_dfbd2b4dc4d6121b\autochk.exe

< MD5 for: CDROM.SYS >
[2008.01.19 06:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\SoftwareDistribution\Download\40f104edd8fff18ebca7c9e5389c3391\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2008.01.19 06:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\SoftwareDistribution\Download\c4ef3219980caf2ac7867273ff08a64b\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2006.11.02 09:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\drivers\cdrom.sys
[2006.11.02 09:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2006.11.02 10:46:03 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=1C26FB097170A2A91066D1E3A24366E3 -- C:\Windows\System32\cryptsvc.dll
[2006.11.02 10:46:03 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=1C26FB097170A2A91066D1E3A24366E3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6000.16386_none_73c8d7689de43d15\cryptsvc.dll
[2008.01.19 08:34:00 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\SoftwareDistribution\Download\40f104edd8fff18ebca7c9e5389c3391\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll
[2008.01.19 08:34:00 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\SoftwareDistribution\Download\c4ef3219980caf2ac7867273ff08a64b\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.07.03 02:14:04 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.07.03 02:14:04 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\40f104edd8fff18ebca7c9e5389c3391\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\c4ef3219980caf2ac7867273ff08a64b\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: HAL.DLL >
[2007.12.13 07:22:42 | 000,160,872 | ---- | M] (Microsoft Corporation) MD5=779D32272A54384807A4424D90293378 -- C:\Windows\System32\hal.dll

< MD5 for: IASTOR.SYS >
[2007.09.29 22:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007.09.30 13:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\SwSetup\Drivers\IMSM\Files\64\iastor.sys
[2007.09.29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007.09.30 13:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\SwSetup\Drivers\IMSM\Files\32\iastor.sys
[2007.09.29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007.09.29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\40f104edd8fff18ebca7c9e5389c3391\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\c4ef3219980caf2ac7867273ff08a64b\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2006.11.02 10:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- C:\Windows\System32\drivers\isapnp.sys
[2006.11.02 10:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\isapnp.sys
[2008.01.19 08:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\SoftwareDistribution\Download\40f104edd8fff18ebca7c9e5389c3391\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\isapnp.sys
[2008.01.19 08:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\SoftwareDistribution\Download\c4ef3219980caf2ac7867273ff08a64b\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\isapnp.sys
[2007.12.13 08:45:57 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=B5B664CFE3B8C4E426B164103373DFFD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\isapnp.sys
[2007.12.13 08:45:57 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=C756DC995A7E81A66E0D59305EE4A25F -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\isapnp.sys
[2007.12.13 08:45:57 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=C756DC995A7E81A66E0D59305EE4A25F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.06.15 13:51:56 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=203D86EBD6D8E4C8501B222421E81506 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[2009.09.10 15:44:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=2D3AC5E7AC01E905F3ABD2D745FE3A9B -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[2009.06.15 13:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[2009.02.13 08:26:04 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=59DE082968FDD257FFF0D209B9A5B460 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[2006.11.02 10:45:21 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=6A0E382E74280E4CC0DF17FE2661D003 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\lsass.exe
[2009.06.15 14:03:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=6F1F23D3599EAE17734451936B7F17C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[2009.06.15 13:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[2009.02.13 05:58:37 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=AFF8A58280863629CA4FFA9E0B259F1E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[2009.06.15 13:59:08 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=BA9A67672E025078C77967731BCFC560 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[2009.06.15 14:10:12 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\System32\lsass.exe
[2009.06.15 14:10:12 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[2009.09.09 12:09:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=CB7E838C140B4087B2DA323F2D4523C5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[2009.09.10 15:47:51 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D09A5DA84B7C9CA9B02EBCD7FAE41C8D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[2008.01.19 08:33:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\SoftwareDistribution\Download\40f104edd8fff18ebca7c9e5389c3391\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[2008.01.19 08:33:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\SoftwareDistribution\Download\c4ef3219980caf2ac7867273ff08a64b\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[2008.01.19 08:33:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[2009.02.13 09:20:29 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=F4C62B07E5BF96F1FDCA9DB393ECED22 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe

< MD5 for: NDIS.SYS >
[2006.11.02 10:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\System32\drivers\ndis.sys
[2006.11.02 10:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008.01.19 08:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\SoftwareDistribution\Download\40f104edd8fff18ebca7c9e5389c3391\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

< MD5 for: NETLOGON.DLL >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\40f104edd8fff18ebca7c9e5389c3391\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008.01.19 08:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\SoftwareDistribution\Download\40f104edd8fff18ebca7c9e5389c3391\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\drivers\nvraid.sys
[2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\40f104edd8fff18ebca7c9e5389c3391\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\40f104edd8fff18ebca7c9e5389c3391\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< MD5 for: SMSS.EXE >
[2008.01.19 08:33:31 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\SoftwareDistribution\Download\40f104edd8fff18ebca7c9e5389c3391\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\smss.exe
[2006.11.02 10:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=CAA75757BB3695478C23CB0624342A61 -- C:\Windows\System32\smss.exe
[2006.11.02 10:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=CAA75757BB3695478C23CB0624342A61 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6000.16386_none_aa03e6011c468ee6\smss.exe

< MD5 for: SVCHOST.EXE >
[2006.11.02 10:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\System32\svchost.exe
[2006.11.02 10:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008.01.19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SoftwareDistribution\Download\40f104edd8fff18ebca7c9e5389c3391\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TCPIP.SYS >
[2009.08.15 22:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009.08.14 18:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2010.02.18 12:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010.02.18 15:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2009.08.14 15:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2010.02.18 15:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010.02.18 13:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\System32\drivers\tcpip.sys
[2010.02.18 13:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2008.07.03 02:09:50 | 000,806,400 | ---- | M] (Microsoft Corporation) MD5=52A8BD6294F7D1443C6184C67AE13AF4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys
[2008.07.03 02:09:51 | 000,803,328 | ---- | M] (Microsoft Corporation) MD5=5DF77458AA92FDB36FCE79C60F74AB5D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
[2009.08.14 17:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2009.08.14 18:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010.02.18 18:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2006.11.02 09:58:38 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=D944522B048A5FEB7700B5170D3D9423 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
[2010.02.18 15:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2008.01.19 08:43:39 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\SoftwareDistribution\Download\40f104edd8fff18ebca7c9e5389c3391\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009.08.14 17:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\40f104edd8fff18ebca7c9e5389c3391\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\40f104edd8fff18ebca7c9e5389c3391\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.01.19 08:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SoftwareDistribution\Download\40f104edd8fff18ebca7c9e5389c3391\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
[2006.11.02 10:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=D99A071C1018BB3D4ABAAD4B62048AC2 -- C:\Windows\System32\ws2_32.dll
[2006.11.02 10:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=D99A071C1018BB3D4ABAAD4B62048AC2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[9 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\972a547ce93d5138b313a124cb8b137a\*.tmp files -> C:\Windows\SoftwareDistribution\Download\972a547ce93d5138b313a124cb8b137a\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\c4ef3219980caf2ac7867273ff08a64b\*.tmp files -> C:\Windows\SoftwareDistribution\Download\c4ef3219980caf2ac7867273ff08a64b\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.11.09 14:11:29 | 000,000,000 | ---D | M] -- C:\Users\Sabina\AppData\Roaming\Adobe
[2010.07.27 22:57:05 | 000,000,000 | ---D | M] -- C:\Users\Sabina\AppData\Roaming\CyberLink
[2011.11.16 20:16:12 | 000,000,000 | ---D | M] -- C:\Users\Sabina\AppData\Roaming\Google
[2008.07.01 21:30:45 | 000,000,000 | ---D | M] -- C:\Users\Sabina\AppData\Roaming\Hewlett-Packard
[2010.07.27 22:57:02 | 000,000,000 | ---D | M] -- C:\Users\Sabina\AppData\Roaming\HP
[2008.07.01 21:38:47 | 000,000,000 | ---D | M] -- C:\Users\Sabina\AppData\Roaming\Identities
[2008.07.01 21:31:44 | 000,000,000 | ---D | M] -- C:\Users\Sabina\AppData\Roaming\Macromedia
[2013.12.25 20:53:08 | 000,000,000 | ---D | M] -- C:\Users\Sabina\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Sabina\AppData\Roaming\Media Center Programs
[2013.12.25 18:14:11 | 000,000,000 | ---D | M] -- C:\Users\Sabina\AppData\Roaming\Media Player Classic
[2013.03.28 17:15:39 | 000,000,000 | --SD | M] -- C:\Users\Sabina\AppData\Roaming\Microsoft
[2013.09.18 15:09:12 | 000,000,000 | ---D | M] -- C:\Users\Sabina\AppData\Roaming\Mikrotik
[2012.02.05 21:18:52 | 000,000,000 | ---D | M] -- C:\Users\Sabina\AppData\Roaming\Mozilla
[2011.07.05 21:00:46 | 000,000,000 | ---D | M] -- C:\Users\Sabina\AppData\Roaming\OpenOffice.org
[2008.07.01 21:39:21 | 000,000,000 | ---D | M] -- C:\Users\Sabina\AppData\Roaming\Symantec
[2008.07.02 07:43:45 | 000,000,000 | ---D | M] -- C:\Users\Sabina\AppData\Roaming\Template

< %APPDATA%\*.exe /s >
[2010.11.09 14:11:08 | 002,827,728 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Sabina\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2013.12.28 15:42:15 | 000,003,072 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.12.28 15:42:15 | 000,003,072 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.12.26 12:50:25 | 000,305,976 | ---- | M] () -- C:\Windows\system32\FNTCACHE.DAT
[2013.12.25 17:08:12 | 000,081,404 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2013.12.25 17:08:12 | 000,103,924 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2013.12.25 17:08:12 | 000,473,598 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2013.12.25 17:08:12 | 000,610,142 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2013.12.25 17:08:12 | 001,259,320 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
[2013.12.27 14:26:19 | 000,026,624 | ---- | M] () -- C:\Windows\system32\TrueSight.sys

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2008.07.03 02:06:42 | 001,232,896 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" = rundll32.exe oobefldr.dll,ShowWelcomeCenter
"ehTray.exe" = C:\Windows\ehome\ehTray.exe -- [2006.11.02 13:35:32 | 000,125,440 | ---- | M] (Microsoft Corporation)
"WMPNSCFG" = C:\Program Files\Windows Media Player\WMPNSCFG.exe -- [2006.11.02 13:36:04 | 000,201,728 | ---- | M] (Microsoft Corporation)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013.12.28 15:06:49 | 000,000,512 | ---- | M] () MD5=561763325B416C4D326310A81EAB93DF -- C:\PhysicalMBR.bin

< >

< *crack* /s >

< *keygen* /s >

< *AntiWPA* /s >

< *loader* /s >