Win32:Malware-gen v PC

Zpráva

LukeK · #1 Příspěvek od **LukeK** » 08 zář 2010 08:33

Zdravim, Avast mi hlasi detekovanou hrozbu u 2 souboru:
C:\Users\OEM\AppData\Local\Temp\BFile1.exe
C:\Users\OEM\AppData\Local\Temp\BINDED FILES.exe

s tim, ze se jedna o Win32:Malware-gen.

Hledal jsem informace na netu, podle zkusenosti uzivatelu presunuti do truhly u Avastu nepomohlo, tak jsem stahl Hijackthis, spustil sken a zkusil log vlozit na web http://www.hijackthis.cz/default.htm, kde mi to zahlasilo problem u pdftoolbar, ktery mam stejne vypnuty ve FF, ale fixnul jsem to. Pote ze je vse v poradku, ale nejde mi do hlavy, co tedy odstranit kvuli tomu Malware-gen.

Vkladam sem log z Hijackthis. Mam Win7.

Kód: Vybrat vše

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:38, on 8.9.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\OEM\Downloads\hijackthis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Google Update] "C:\Users\OEM\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: JMB36X - Unknown owner - C:\Windows\SysWOW64\XSrvSetup.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9010 bytes

Diky za pomoc.

#2 Příspěvek od **vyosek** » 08 zář 2010 08:40

Zdravim a pekne dopoledne preji

Fixovat o opravovat veci se doporucuje jen radcum a lidem, kteri maji s tim zkusenosti a vi co delaji - ne co jim nekde nekdo poradi...

Nevkladejte prosim log do code, spatne se to cte. Navic dle pravidel fora pouzivame RSIT, je podrobnejsi nez HJT, ale nebudu jej chctit, pouziji OTL - je na x64bitove systemy lepsi - navod a postup vizte nize

Stahnete OTL (viz muj podpis) a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
autochk.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 5 az 10 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

LukeK · #3 Příspěvek od **LukeK** » 08 zář 2010 08:57

OTL:

OTL logfile created on: 8.9.2010 9:47:07 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\OEM\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 438,86 Gb Free Space | 73,63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STOLNI
Current User Name: OEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.09.08 09:44:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\OEM\Desktop\OTL.exe
PRC - [2010.07.23 04:08:57 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010.07.23 04:08:55 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010.06.28 22:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010.01.19 04:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
PRC - [2010.01.08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2009.11.20 13:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

========== Modules (SafeList) ==========

MOD - [2010.09.08 09:44:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\OEM\Desktop\OTL.exe
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010.05.27 18:59:40 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.04.06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010.03.18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.19 04:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2010.01.08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2008.10.25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010.08.27 13:28:13 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.06.28 22:33:00 | 000,061,008 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010.05.27 19:39:12 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.05.27 18:25:36 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.04.27 11:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010.03.22 11:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.01.27 10:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010.01.27 05:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.11.20 13:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.11.20 13:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2007.02.07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2223249473-2328189983-3562934538-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.08.27 12:39:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.09.07 15:53:39 | 000,000,000 | ---D | M]

[2010.08.27 12:42:46 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Mozilla\Extensions
[2010.09.08 09:18:57 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\xsnhg6bt.default\extensions
[2010.08.29 14:20:02 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\xsnhg6bt.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010.09.08 09:18:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.08.27 13:43:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.27 15:08:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.23 02:28:35 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.07.23 02:28:35 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.07.23 02:28:35 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.07.23 02:28:35 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.07.23 02:28:35 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2223249473-2328189983-3562934538-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2223249473-2328189983-3562934538-1000..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2fe520bc-b1cf-11df-8541-1c6f652a469a}\Shell - "" = AutoRun
O33 - MountPoints2\{2fe520bc-b1cf-11df-8541-1c6f652a469a}\Shell\AutoRun\command - "" = 0
O33 - MountPoints2\{4b11e3d9-b1d8-11df-b769-1c6f652a469a}\Shell - "" = AutoRun
O33 - MountPoints2\{4b11e3d9-b1d8-11df-b769-1c6f652a469a}\Shell\AutoRun\command - "" = 0
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 7 Days ==========

[2010.09.08 09:45:11 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\OEM\Desktop\OTL.exe
[2010.09.08 09:42:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010.09.07 09:31:31 | 000,000,000 | ---D | C] -- C:\Users\OEM\AppData\Roaming\PSpad
[2010.09.07 09:31:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PSPad editor
[2010.09.07 09:02:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2010.09.07 09:02:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar
[2010.09.07 09:02:00 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2010.09.07 09:02:00 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX
[2010.09.07 09:01:59 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL
[2010.09.07 09:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2010.09.06 16:49:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JS Ruler
[2010.09.06 11:38:49 | 000,000,000 | ---D | C] -- C:\Users\OEM\AppData\Roaming\skypePM
[2010.09.06 11:37:56 | 000,000,000 | ---D | C] -- C:\Users\OEM\AppData\Roaming\Skype
[2010.09.06 11:37:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.09.06 11:37:36 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010.09.06 11:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.09.01 20:37:44 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
[2010.09.01 20:37:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010.09.01 20:24:25 | 000,000,000 | ---D | C] -- C:\Fiaa
[2010.09.01 19:30:03 | 000,000,000 | ---D | C] -- C:\Users\OEM\Documents\TmForever
[2010.09.01 19:30:03 | 000,000,000 | ---D | C] -- C:\ProgramData\TmForever
[2010.09.01 10:34:30 | 000,121,936 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010.09.01 10:34:30 | 000,020,048 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010.09.01 10:34:28 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010.09.01 10:34:27 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010.09.01 10:34:24 | 000,061,008 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010.09.01 10:33:37 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010.09.01 10:33:37 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010.09.01 10:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.09.01 10:33:33 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010.09.08 09:47:31 | 001,310,720 | -HS- | M] () -- C:\Users\OEM\NTUSER.DAT
[2010.09.08 09:46:00 | 000,000,954 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2223249473-2328189983-3562934538-1000UA.job
[2010.09.08 09:44:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\OEM\Desktop\OTL.exe
[2010.09.08 08:40:56 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.08 08:40:56 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.08 08:37:59 | 001,470,062 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.09.08 08:37:59 | 000,631,054 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2010.09.08 08:37:59 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.09.08 08:37:59 | 000,121,708 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2010.09.08 08:37:59 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.09.08 08:33:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.08 08:33:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.08 08:33:22 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.07 23:39:27 | 002,584,408 | -H-- | M] () -- C:\Users\OEM\AppData\Local\IconCache.db
[2010.09.07 15:53:39 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.09.07 12:46:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2223249473-2328189983-3562934538-1000Core.job
[2010.09.07 09:46:35 | 000,046,043 | -H-- | M] () -- C:\treeinfo.wc
[2010.09.07 09:03:37 | 000,087,298 | ---- | M] () -- C:\Users\OEM\Desktop\CZ-vypis.pdf
[2010.09.07 08:57:49 | 000,039,936 | ---- | M] () -- C:\Users\OEM\Desktop\SK-od unora.xls
[2010.09.06 11:38:49 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.09.06 11:37:39 | 000,002,533 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.09.01 20:28:03 | 000,000,734 | ---- | M] () -- C:\Users\OEM\Desktop\OPERATION7.lnk
[2010.09.01 20:27:36 | 000,065,536 | ---- | M] () -- C:\Windows\IFinst27.exe
[2010.09.01 19:29:20 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\TmNationsForever.lnk
[2010.09.01 10:34:31 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.09.01 10:34:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.09.07 15:53:39 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.09.07 09:19:55 | 000,046,043 | -H-- | C] () -- C:\treeinfo.wc
[2010.09.07 09:03:37 | 000,087,298 | ---- | C] () -- C:\Users\OEM\Desktop\CZ-vypis.pdf
[2010.09.07 09:02:00 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\pdfcmnnt.dll
[2010.09.07 08:57:49 | 000,039,936 | ---- | C] () -- C:\Users\OEM\Desktop\SK-od unora.xls
[2010.09.06 11:38:49 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.09.06 11:37:39 | 000,002,533 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.09.01 20:27:36 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2010.09.01 20:24:25 | 000,000,734 | ---- | C] () -- C:\Users\OEM\Desktop\OPERATION7.lnk
[2010.09.01 19:29:20 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\TmNationsForever.lnk
[2010.09.01 10:34:31 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.09.01 10:34:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010.08.26 13:52:01 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== LOP Check ==========

[2010.08.27 14:16:40 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\DAEMON Tools Lite
[2010.09.07 09:29:08 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\GHISLER
[2010.08.29 14:22:34 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\IrfanView
[2010.08.29 16:54:49 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Leadertech
[2010.08.29 13:15:49 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Tropico 3
[2009.07.14 07:08:49 | 000,009,774 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Google Update" = "C:\Users\OEM\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2010.08.27 12:41:06 | 000,136,176 | ---- | M] (Google Inc.)
"DAEMON Tools Lite" = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun -- [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd)
"EA Core" = "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent -- [2009.03.28 23:11:38 | 003,325,952 | ---- | M] (Electronic Arts)

< c:\windows\*.* /U >
[1 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.09.07 09:03:38 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Adobe
[2010.08.26 14:01:38 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\ATI
[2010.08.27 14:16:40 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\DAEMON Tools Lite
[2010.09.07 09:29:08 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\GHISLER
[2010.08.26 12:58:21 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Identities
[2010.08.29 12:05:50 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\InstallShield
[2010.08.29 14:22:34 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\IrfanView
[2010.08.29 16:54:49 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Leadertech
[2010.08.27 12:46:29 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Macromedia
[2009.07.14 17:36:31 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Media Center Programs
[2010.09.01 10:25:33 | 000,000,000 | --SD | M] -- C:\Users\OEM\AppData\Roaming\Microsoft
[2010.08.27 12:42:46 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Mozilla
[2010.09.07 09:31:33 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\PSpad
[2010.09.06 12:30:58 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Skype
[2010.09.06 11:38:49 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\skypePM
[2010.08.29 13:15:49 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Tropico 3
[2010.08.27 13:05:29 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2010.08.29 15:26:36 | 000,010,134 | R--- | M] () -- C:\Users\OEM\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll

< MD5 for: IASTORV.SYS >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2010.06.14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010.06.14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009.07.14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.09.06 11:38:49 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWOW64\ezsidmv.dat
< End of report >

LukeK · #4 Příspěvek od **LukeK** » 08 zář 2010 08:59

Extras.txt

OTL Extras logfile created on: 8.9.2010 9:47:07 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\OEM\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 438,86 Gb Free Space | 73,63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STOLNI
Current User Name: OEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2223249473-2328189983-3562934538-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [RapidShareManagerMail] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -mailto "%1" (RapidShare AG)
Directory [RapidShareManagerUpload] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -sendto "%1" (RapidShare AG)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [RapidShareManagerMail] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -mailto "%1" (RapidShare AG)
Directory [RapidShareManagerUpload] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -sendto "%1" (RapidShare AG)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4B55F339-396E-29A9-B6D0-24B6D251C90A}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FBB2E98-1A3B-396A-A662-73E17009C076}" = ATI Catalyst Install Manager
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Centrum zařízení Windows Mobile
"{790E02A1-145A-3843-8C13-A4F41C9B48B7}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{ED066E02-C49A-D5D9-7ACD-1014EB7571D1}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{2EFBB82F-D0FE-460F-A12A-70D7689DC194}" = Worms Forts - V obležení
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{6CA1CD8C-2D65-491E-9467-00A3ACA4A0A9}" = Tropico 3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8B681A3B-C924-23F9-AAD0-9FB1715C763A}" = Catalyst Control Center InstallProxy
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0405-1000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{96ED9087-7A6A-22A9-135F-901AF77474AC}" = ccc-core-static
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{bd8defa4-19fa-4964-9692-f1112d8a62d9}}_is1" = Wings of Prey 1.0.3.2
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C6E6B1D1-EC88-7270-3819-AA924908CFDA}" = Catalyst Control Center Graphics Previews Vista
"{C7027BD9-C90F-79C7-8CFF-8F32E2806631}" = CCC Help English
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8365857-3233-E29E-65C6-6C0AB4F99622}" = Catalyst Control Center Graphics Previews Common
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ArmA 2" = ArmA 2 Uninstall
"avast5" = avast! Free Antivirus
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HijackThis" = HijackThis 2.0.2
"InstallShield_{2EFBB82F-D0FE-460F-A12A-70D7689DC194}" = Worms Forts - V obležení
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"IrfanView" = IrfanView (remove only)
"Mafia II_is1" = Mafia II
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"OPERATION7" = OPERATION7
"PSPad editor_is1" = PSPad editor
"RapidShare Manager" = RapidShare Manager
"SpeedFan" = SpeedFan (remove only)
"TmNationsForever_is1" = TmNationsForever
"Totalcmd" = Total Commander (Remove or Repair)
"Warlike Flyboys - WW3_is1" = Warlike Flyboys - WW3
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2223249473-2328189983-3562934538-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28.8.2010 6:07:20 | Computer Name = OEM-PC | Source = RapiMgr | ID = 8
Description = Zařízení se systémem Windows Mobile se nepodařilo připojit z důvodu
chyby communication (0x80072745) (viz data pro kód chyby).

Error - 28.8.2010 15:33:31 | Computer Name = OEM-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: mafia2.exe, verze: 1.0.0.1, časové razítko:
0x4c6d595d Název chybujícího modulu: mafia2.exe, verze: 1.0.0.1, časové razítko:
0x4c6d595d Kód výjimky: 0xc0000005 Posun chyby: 0x0120de0e ID chybujícího procesu:
0x9ac Čas spuštění chybující aplikace: 0x01cb46db1109bd7d Cesta k chybující aplikaci:
C:\_HRY\Mafia II\pc\mafia2.exe Cesta k chybujícímu modulu: C:\_HRY\Mafia II\pc\mafia2.exe
ID
zprávy: 23841e27-b2db-11df-b563-1c6f652a469a

Error - 29.8.2010 7:46:43 | Computer Name = OEM-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: GTAIV.exe, verze: 1.0.4.0, časové razítko:
0x4a1ae9b0 Název chybujícího modulu: GTAIV.exe, verze: 1.0.4.0, časové razítko:
0x4a1ae9b0 Kód výjimky: 0xc000000d Posun chyby: 0x00898f11 ID chybujícího procesu:
0xdbc Čas spuštění chybující aplikace: 0x01cb476fd8c72361 Cesta k chybující aplikaci:
C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\GTAIV.exe Cesta k chybujícímu
modulu: C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\GTAIV.exe ID zprávy:
17b606a3-b363-11df-9275-1c6f652a469a

Error - 30.8.2010 4:44:40 | Computer Name = OEM-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: acess.exe, verze: 0.0.0.0, časové razítko:
0x4bbc5e4b Název chybujícího modulu: acess.exe, verze: 0.0.0.0, časové razítko:
0x4bbc5e4b Kód výjimky: 0xc0000005 Posun chyby: 0x001739b2 ID chybujícího procesu:
0x818 Čas spuštění chybující aplikace: 0x01cb481f7f68be85 Cesta k chybující aplikaci:
C:\Program Files (x86)\Gaijin\Wings of Prey\acess.exe Cesta k chybujícímu modulu:
C:\Program Files (x86)\Gaijin\Wings of Prey\acess.exe ID zprávy: d38ed9cd-b412-11df-b2a0-1c6f652a469a

Error - 30.8.2010 9:21:58 | Computer Name = OEM-PC | Source = RapiMgr | ID = 8
Description = Zařízení se systémem Windows Mobile se nepodařilo připojit z důvodu
chyby communication (0x80072745) (viz data pro kód chyby).

Error - 30.8.2010 12:00:17 | Computer Name = OEM-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: BFile1.exe, verze: 0.0.0.0, časové razítko:
0x470fa63c Název chybujícího modulu: BFile1.exe, verze: 0.0.0.0, časové razítko:
0x470fa63c Kód výjimky: 0xc0000005 Posun chyby: 0x00007a5a ID chybujícího procesu:
0xee8 Čas spuštění chybující aplikace: 0x01cb485c6fe0d735 Cesta k chybující aplikaci:
C:\Users\OEM\AppData\Local\Temp\BFile1.exe Cesta k chybujícímu modulu: C:\Users\OEM\AppData\Local\Temp\BFile1.exe
ID
zprávy: ae756423-b44f-11df-b2a0-1c6f652a469a

Error - 1.9.2010 12:45:07 | Computer Name = OEM-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: miranda32.exe, verze: 0.7.0.14, časové razítko:
0x45cf89b2 Název chybujícího modulu: mtv.dll, verze: 0.0.0.0, časové razítko: 0x2a425e19
Kód
výjimky: 0xc0000005 Posun chyby: 0x00001bc3 ID chybujícího procesu: 0xe74 Čas spuštění
chybující aplikace: 0x01cb499f36be9ff1 Cesta k chybující aplikaci: C:\Program Files
(x86)\Miranda IM\miranda32.exe Cesta k chybujícímu modulu: C:\Program Files (x86)\Miranda
IM\Plugins\mtv.dll ID zprávy: 46a99726-b5e8-11df-8dce-1c6f652a469a

Error - 1.9.2010 13:14:55 | Computer Name = OEM-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: miranda32.exe, verze: 0.7.0.14, časové razítko:
0x45cf89b2 Název chybujícího modulu: popup.dll, verze: 2.0.3.96, časové razítko:
0x4455f0bf Kód výjimky: 0xc0000005 Posun chyby: 0x00012116 ID chybujícího procesu:
0x12ac Čas spuštění chybující aplikace: 0x01cb49f9291106c4 Cesta k chybující aplikaci:
C:\Program Files (x86)\Miranda IM\miranda32.exe Cesta k chybujícímu modulu: C:\Program
Files (x86)\Miranda IM\Plugins\popup.dll ID zprávy: 703615cd-b5ec-11df-8dce-1c6f652a469a

Error - 5.9.2010 13:46:05 | Computer Name = OEM-PC | Source = Google Update | ID = 20
Description =

Error - 7.9.2010 4:58:41 | Computer Name = Stolni | Source = Application Error | ID = 1000
Description = Název chybující aplikace: miranda32.exe, verze: 0.7.0.14, časové razítko:
0x45cf89b2 Název chybujícího modulu: popup.dll, verze: 2.0.3.96, časové razítko:
0x4455f0bf Kód výjimky: 0xc0000005 Posun chyby: 0x000117db ID chybujícího procesu:
0x288 Čas spuštění chybující aplikace: 0x01cb4e6ad69cf1d1 Cesta k chybující aplikaci:
C:\Program Files (x86)\Miranda IM\miranda32.exe Cesta k chybujícímu modulu: C:\Program
Files (x86)\Miranda IM\Plugins\popup.dll ID zprávy: 1c2b0734-ba5e-11df-b6a2-1c6f652a469a

[ System Events ]
Error - 26.8.2010 6:57:59 | Computer Name = OEM-PC | Source = NetBT | ID = 4321
Description = Název OEM-PC :0 nelze zaregistrovat v rozhraní s IP adresou
10.0.1.163. Počítač s IP adresou 10.0.1.17 nepovolil získání názvu tímto počítačem.

Error - 26.8.2010 7:36:49 | Computer Name = OEM-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Instalace se nezdařila: Instalování následující aktualizace se nezdařilo
z důvodu chyby (0x800f0902): Kumulativní aktualizace zabezpečení aplikace Internet
Explorer 8 pro systém Windows 7 pro systémy platformy x64 (KB2183461).

Error - 26.8.2010 7:36:49 | Computer Name = OEM-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Instalace se nezdařila: Instalování následující aktualizace se nezdařilo
z důvodu chyby (0x800f0902): Aktualizace zabezpečení systému Windows 7 pro systémy
na platformě x64 (KB981852).

Error - 26.8.2010 7:36:49 | Computer Name = OEM-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Instalace se nezdařila: Instalování následující aktualizace se nezdařilo
z důvodu chyby (0x800f0902): Aktualizace zabezpečení rozhraní Microsoft .NET Framework
3.5 SP1 pro systémy Windows 7 a Windows Server 2008 R2 pro systémy platformy x64
(KB979916).

Error - 26.8.2010 7:36:53 | Computer Name = OEM-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Instalace se nezdařila: Instalování následující aktualizace se nezdařilo
z důvodu chyby (0x800f0902): Aktualizace zabezpečení systému Windows 7 pro systémy
na platformě x64 (KB978886).

Error - 26.8.2010 7:56:29 | Computer Name = OEM-PC | Source = Service Control Manager | ID = 7030
Description = Služba JMB36X je označena jako interaktivní služba. Avšak systém je
nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude
fungovat správně.

Error - 27.8.2010 9:05:00 | Computer Name = OEM-PC | Source = Service Control Manager | ID = 7009
Description = Při čekání na připojení služby Windows Search bylo dosaženo časového
limitu (30000 ms).

Error - 27.8.2010 9:05:00 | Computer Name = OEM-PC | Source = Service Control Manager | ID = 7000
Description = Služba Windows Search neuspěla při spuštění v důsledku následující
chyby: %%1053

Error - 1.9.2010 10:35:49 | Computer Name = OEM-PC | Source = volsnap | ID = 393252
Description = Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného
uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error - 8.9.2010 2:33:26 | Computer Name = Stolni | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (8:31:32, ?8.?9.?2010) bylo neočekávané.

< End of report >

#5 Příspěvek od **vyosek** » 08 zář 2010 09:05

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O33 - MountPoints2\{2fe520bc-b1cf-11df-8541-1c6f652a469a}\Shell - "" = AutoRun
O33 - MountPoints2\{4b11e3d9-b1d8-11df-b769-1c6f652a469a}\Shell - "" = AutoRun
[2010.09.07 09:02:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=-
"DAEMON Tools Lite"=-
"EA Core"=-

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

LukeK · #6 Příspěvek od **LukeK** » 08 zář 2010 09:15

All processes killed
========== OTL ==========
Prefs.js: "chr-greentree_ff&type=302398" removed from browser.search.param.yahoo-fr
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88FED34C-F0CA-4636-A375-3CB6248B04CD}\ not found.
File {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}\ not found.
File {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fe520bc-b1cf-11df-8541-1c6f652a469a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fe520bc-b1cf-11df-8541-1c6f652a469a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b11e3d9-b1d8-11df-b769-1c6f652a469a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b11e3d9-b1d8-11df-b769-1c6f652a469a}\ not found.
C:\Program Files (x86)\pdfforge Toolbar\SSFF\components folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\SSFF\chrome\skin folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\SSFF\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\SSFF\chrome\locale folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\SSFF\chrome\content folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\SSFF\chrome folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\SSFF folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\Res folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2 folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF\components folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF\chrome\skin folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF\chrome\locale\EN-US folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF\chrome\locale folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF\chrome\content folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF\chrome folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar folder moved successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
C:\WINDOWS\Temp\DMIF842.tmp moved successfully.
C:\WINDOWS\Temp\TS_228.tmp moved successfully.
C:\WINDOWS\Temp\TS_42B.tmp moved successfully.
C:\WINDOWS\Temp\TS_7B27.tmp moved successfully.
C:\WINDOWS\Temp\TS_E9C3.tmp moved successfully.
C:\WINDOWS\Temp\TS_ED9A.tmp moved successfully.
C:\WINDOWS\Temp\TS_F47E.tmp moved successfully.
C:\WINDOWS\Temp\TS_F624.tmp moved successfully.
C:\WINDOWS\Temp\TS_F82.tmp moved successfully.
C:\WINDOWS\Temp\TS_FB63.tmp moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: OEM
->Temp folder emptied: 247335486 bytes
->Temporary Internet Files folder emptied: 47777529 bytes
->Java cache emptied: 942981 bytes
->FireFox cache emptied: 51530781 bytes
->Flash cache emptied: 8201 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 790830 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50507 bytes
RecycleBin emptied: 1130782523 bytes

Total Files Cleaned = 1 411,00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: OEM
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.11.0 log created on 09082010_100909

Files\Folders moved on Reboot...
C:\Users\OEM\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#7 Příspěvek od **vyosek** » 08 zář 2010 09:17

Vypada to, ze Avast havet zachytil, ale pro jistotu udelame jeste jeden sken

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

Provedte aktualizaci - treti zalozka
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

LukeK · #8 Příspěvek od **LukeK** » 08 zář 2010 09:49

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4569

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8.9.2010 10:49:25
mbam-log-2010-09-08 (10-49-25).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 252451
Uplynulý čas: 20 minuta(y), 1 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Users\OEM\Downloads\backups\backup-20100908-092616-438.dll (Adware.WidgiToolbar) -> No action taken.
C:\_OTL\MovedFiles\09082010_100909\C_Program Files (x86)\pdfforge Toolbar\WidgiHelper.exe (Adware.WidgiToolbar) -> No action taken.
C:\_OTL\MovedFiles\09082010_100909\C_Program Files (x86)\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> No action taken.

#9 Příspěvek od **vyosek** » 08 zář 2010 10:01

Vse co nasel MBAM smazte

Jak se chova PC, Avast neco signalizuje

LukeK · #10 Příspěvek od **LukeK** » 08 zář 2010 10:19

PC je v pořádku, Avast nic nehlásí.

Díky za pomoc

Ještě by mě zajímalo, zda mi můžete doporučit nějaký kvalitní free firewall (pokud existuje), případně placený.

#11 Příspěvek od **vyosek** » 08 zář 2010 10:21

Jeste uklidime a udelame kontrolu ci je vse OK

MBAM muzete odinstalovat nebo nechat na obcasny sken - v pripade nalezu velmi doporucuji dat sem log na posouzeni, at si neodstrelite neco legitimniho

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u yahoo toolbaru
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

K Vasemu dotazu na FW

k cemu je dobry http://www.viry.cz/forum/viewtopic.php?f=41&t=20980
prehled osobnich firewallu http://www.viry.cz/forum/viewtopic.php?f=41&t=6523
K Avastu doporucuji ZoneAlarm

Vlozte novy log ze RSITu

LukeK · #12 Příspěvek od **LukeK** » 08 zář 2010 11:00

Logfile of random's system information tool 1.08 (written by random/random)
Run by OEM at 2010-09-08 11:58:13
Microsoft Windows 7 Home Premium
System drive C: has 451 GB (74%) free of 610 GB
Total RAM: 4094 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:58:14, on 8.9.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\CCleaner\CCleaner.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\OEM.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: JMB36X - Unknown owner - C:\Windows\SysWOW64\XSrvSetup.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7893 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\Explorer.EXE
"C:\Windows\system32\Dwm.exe"
"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Windows\WindowsMobile\wmdc.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\XSrvSetup.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\CCleaner\CCleaner.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Users\OEM\Downloads\RSITx64.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=3808.85c1f20.66712922 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" 3808 plugin \\.\pipe\gecko-crash-server-pipe.3808
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2223249473-2328189983-3562934538-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2223249473-2328189983-3562934538-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-04-06 10144288]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 660360]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2010-01-19 43632]
"NUSB3MON"=C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2009-11-20 106496]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-05-27 98304]
"ATICustomerCare"=C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [2010-03-04 311296]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-06-28 2837864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-09-08 11:58:13 ----D---- C:\rsit
2010-09-08 11:58:13 ----D---- C:\Program Files\trend micro
2010-09-08 11:50:45 ----D---- C:\Program Files (x86)\CCleaner
2010-09-08 10:25:10 ----D---- C:\Users\OEM\AppData\Roaming\Malwarebytes
2010-09-08 10:25:03 ----A---- C:\Windows\SYSWOW64\drivers\mbamswissarmy.sys
2010-09-08 10:25:02 ----D---- C:\ProgramData\Malwarebytes
2010-09-08 10:25:02 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-09-08 10:25:02 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-09-07 09:31:31 ----D---- C:\Users\OEM\AppData\Roaming\PSpad
2010-09-07 09:31:27 ----D---- C:\Program Files (x86)\PSPad editor
2010-09-07 09:02:13 ----D---- C:\Program Files (x86)\Application Updater
2010-09-07 09:02:00 ----A---- C:\Windows\system32\pdfcmnnt.dll
2010-09-07 09:01:59 ----D---- C:\Program Files (x86)\PDFCreator
2010-09-07 09:01:59 ----A---- C:\Windows\SYSWOW64\MSMPIDE.DLL
2010-09-06 16:49:48 ----D---- C:\Program Files (x86)\JS Ruler
2010-09-06 11:38:49 ----D---- C:\Users\OEM\AppData\Roaming\skypePM
2010-09-06 11:37:56 ----D---- C:\Users\OEM\AppData\Roaming\Skype
2010-09-06 11:37:36 ----RD---- C:\Program Files (x86)\Skype
2010-09-06 11:37:34 ----D---- C:\ProgramData\Skype
2010-09-01 20:37:42 ----D---- C:\Windows\SYSWOW64\directx
2010-09-01 20:27:36 ----A---- C:\Windows\IFinst27.exe
2010-09-01 20:24:25 ----D---- C:\Fiaa
2010-09-01 19:30:03 ----D---- C:\ProgramData\TmForever
2010-09-01 10:34:30 ----A---- C:\Windows\system32\drivers\aswSP.sys
2010-09-01 10:34:30 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2010-09-01 10:34:28 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2010-09-01 10:34:27 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2010-09-01 10:34:24 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2010-09-01 10:33:37 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2010-09-01 10:33:33 ----D---- C:\ProgramData\Alwil Software
2010-09-01 10:33:33 ----D---- C:\Program Files\Alwil Software
2010-08-30 19:37:20 ----D---- C:\Program Files (x86)\SpeedFan
2010-08-30 10:04:19 ----D---- C:\__LUKAS
2010-08-30 08:48:05 ----D---- C:\Program Files (x86)\Gaijin
2010-08-29 21:44:51 ----D---- C:\ProgramData\WOP
2010-08-29 16:56:23 ----D---- C:\ProgramData\Electronic Arts
2010-08-29 16:54:49 ----D---- C:\Users\OEM\AppData\Roaming\Leadertech
2010-08-29 15:26:36 ----D---- C:\Program Files (x86)\Microsoft WSE
2010-08-29 15:18:40 ----D---- C:\Program Files (x86)\Electronic Arts
2010-08-29 14:22:34 ----D---- C:\Users\OEM\AppData\Roaming\IrfanView
2010-08-29 14:22:34 ----D---- C:\Program Files (x86)\IrfanView
2010-08-29 12:13:31 ----D---- C:\Users\OEM\AppData\Roaming\Tropico 3
2010-08-29 12:05:50 ----D---- C:\Users\OEM\AppData\Roaming\InstallShield
2010-08-29 12:03:06 ----D---- C:\Users\OEM\AppData\Roaming\GHISLER
2010-08-29 12:03:06 ----D---- C:\Program Files (x86)\totalcmd
2010-08-29 12:03:06 ----A---- C:\Windows\UC.PIF
2010-08-29 12:03:06 ----A---- C:\Windows\RAR.PIF
2010-08-29 12:03:06 ----A---- C:\Windows\PKZIP.PIF
2010-08-29 12:03:06 ----A---- C:\Windows\PKUNZIP.PIF
2010-08-29 12:03:06 ----A---- C:\Windows\NOCLOSE.PIF
2010-08-29 12:03:06 ----A---- C:\Windows\LHA.PIF
2010-08-29 12:03:06 ----A---- C:\Windows\ARJ.PIF
2010-08-28 10:52:51 ----D---- C:\Windows\WindowsMobile
2010-08-27 18:53:10 ----D---- C:\Windows\Sun
2010-08-27 15:29:17 ----A---- C:\Windows\SYSWOW64\CmdLineExt_x64.dll
2010-08-27 15:28:33 ----D---- C:\Windows\SYSWOW64\xlive
2010-08-27 15:28:33 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2010-08-27 15:27:13 ----D---- C:\Program Files (x86)\Miranda IM
2010-08-27 15:12:51 ----D---- C:\Program Files (x86)\Rockstar Games
2010-08-27 15:08:49 ----A---- C:\Windows\SYSWOW64\javaws.exe
2010-08-27 15:08:49 ----A---- C:\Windows\SYSWOW64\javaw.exe
2010-08-27 15:08:49 ----A---- C:\Windows\SYSWOW64\java.exe
2010-08-27 15:07:54 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2010-08-27 15:07:13 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2010-08-27 15:07:13 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2010-08-27 15:07:13 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2010-08-27 15:07:13 ----A---- C:\Windows\system32\XAudio2_7.dll
2010-08-27 15:07:13 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2010-08-27 15:07:13 ----A---- C:\Windows\system32\xactengine3_7.dll
2010-08-27 15:07:12 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2010-08-27 15:07:12 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2010-08-27 15:07:12 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2010-08-27 15:07:12 ----A---- C:\Windows\system32\d3dx11_43.dll
2010-08-27 15:07:12 ----A---- C:\Windows\system32\d3dcsx_43.dll
2010-08-27 15:07:12 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2010-08-27 15:07:09 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2010-08-27 15:07:09 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2010-08-27 15:07:09 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2010-08-27 15:07:09 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2010-08-27 15:07:09 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2010-08-27 15:07:09 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2010-08-27 15:07:09 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-08-27 15:07:09 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-08-27 15:07:09 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-08-27 15:07:09 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-08-27 15:07:09 ----A---- C:\Windows\system32\D3DX9_43.dll
2010-08-27 15:07:09 ----A---- C:\Windows\system32\d3dx10_43.dll
2010-08-27 15:07:08 ----A---- C:\Windows\SYSWOW64\XAudio2_5.dll
2010-08-27 15:07:08 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2010-08-27 15:07:08 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2010-08-27 15:07:08 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2010-08-27 15:07:08 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-08-27 15:07:08 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-08-27 15:07:08 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-08-27 15:07:08 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-08-27 15:07:07 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2010-08-27 15:07:07 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2010-08-27 15:07:07 ----A---- C:\Windows\SYSWOW64\d3dx10_42.dll
2010-08-27 15:07:07 ----A---- C:\Windows\SYSWOW64\d3dx10_41.dll
2010-08-27 15:07:07 ----A---- C:\Windows\SYSWOW64\D3DCompiler_41.dll
2010-08-27 15:07:07 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-08-27 15:07:07 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-08-27 15:07:07 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-08-27 15:07:07 ----A---- C:\Windows\system32\d3dx10_41.dll
2010-08-27 15:07:07 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2010-08-27 15:07:06 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2010-08-27 15:07:06 ----A---- C:\Windows\SYSWOW64\XAPOFX1_3.dll
2010-08-27 15:07:06 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2010-08-27 15:07:06 ----A---- C:\Windows\system32\XAudio2_4.dll
2010-08-27 15:07:06 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-08-27 15:07:06 ----A---- C:\Windows\system32\D3DX9_41.dll
2010-08-27 15:07:05 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2010-08-27 15:07:05 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2010-08-27 15:07:05 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2010-08-27 15:07:05 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2010-08-27 15:07:05 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2010-08-27 15:07:05 ----A---- C:\Windows\system32\xactengine3_4.dll
2010-08-27 15:07:05 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2010-08-27 15:07:05 ----A---- C:\Windows\system32\D3DX9_40.dll
2010-08-27 15:07:05 ----A---- C:\Windows\system32\d3dx10_40.dll
2010-08-27 15:07:05 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2010-08-27 15:07:04 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2010-08-27 15:07:04 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2010-08-27 15:07:04 ----A---- C:\Windows\system32\XAudio2_3.dll
2010-08-27 15:07:04 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2010-08-27 15:07:03 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2010-08-27 15:07:03 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2010-08-27 15:07:03 ----A---- C:\Windows\system32\xactengine3_3.dll
2010-08-27 15:07:03 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2010-08-27 15:07:02 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2010-08-27 15:07:02 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2010-08-27 15:07:02 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2010-08-27 15:07:02 ----A---- C:\Windows\system32\XAudio2_2.dll
2010-08-27 15:07:02 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2010-08-27 15:07:02 ----A---- C:\Windows\system32\xactengine3_2.dll
2010-08-27 15:07:01 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2010-08-27 15:07:01 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2010-08-27 15:07:01 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2010-08-27 15:07:01 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2010-08-27 15:07:01 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2010-08-27 15:07:01 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2010-08-27 15:07:01 ----A---- C:\Windows\system32\XAudio2_1.dll
2010-08-27 15:07:01 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2010-08-27 15:07:01 ----A---- C:\Windows\system32\xactengine3_1.dll
2010-08-27 15:07:01 ----A---- C:\Windows\system32\D3DX9_39.dll
2010-08-27 15:07:01 ----A---- C:\Windows\system32\d3dx10_39.dll
2010-08-27 15:07:01 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2010-08-27 15:07:00 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2010-08-27 15:07:00 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2010-08-27 15:06:59 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2010-08-27 15:06:59 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2010-08-27 15:06:59 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2010-08-27 15:06:59 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2010-08-27 15:06:59 ----A---- C:\Windows\system32\XAudio2_0.dll
2010-08-27 15:06:59 ----A---- C:\Windows\system32\D3DX9_38.dll
2010-08-27 15:06:59 ----A---- C:\Windows\system32\d3dx10_38.dll
2010-08-27 15:06:59 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2010-08-27 15:06:58 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2010-08-27 15:06:58 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2010-08-27 15:06:58 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2010-08-27 15:06:58 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2010-08-27 15:06:58 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2010-08-27 15:06:58 ----A---- C:\Windows\system32\xactengine3_0.dll
2010-08-27 15:06:58 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2010-08-27 15:06:58 ----A---- C:\Windows\system32\D3DX9_37.dll
2010-08-27 15:06:58 ----A---- C:\Windows\system32\d3dx10_37.dll
2010-08-27 15:06:58 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2010-08-27 15:06:57 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2010-08-27 15:06:57 ----A---- C:\Windows\system32\xactengine2_10.dll
2010-08-27 15:06:55 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2010-08-27 15:06:55 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2010-08-27 15:06:55 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2010-08-27 15:06:55 ----A---- C:\Windows\system32\d3dx9_36.dll
2010-08-27 15:06:55 ----A---- C:\Windows\system32\d3dx10_36.dll
2010-08-27 15:06:55 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2010-08-27 15:06:54 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2010-08-27 15:06:54 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2010-08-27 15:06:54 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2010-08-27 15:06:54 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2010-08-27 15:06:54 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2010-08-27 15:06:54 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2010-08-27 15:06:54 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2010-08-27 15:06:54 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2010-08-27 15:06:54 ----A---- C:\Windows\system32\xactengine2_9.dll
2010-08-27 15:06:54 ----A---- C:\Windows\system32\xactengine2_8.dll
2010-08-27 15:06:54 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2010-08-27 15:06:54 ----A---- C:\Windows\system32\d3dx9_35.dll
2010-08-27 15:06:54 ----A---- C:\Windows\system32\d3dx10_35.dll
2010-08-27 15:06:54 ----A---- C:\Windows\system32\d3dx10_34.dll
2010-08-27 15:06:54 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2010-08-27 15:06:54 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2010-08-27 15:06:53 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2010-08-27 15:06:53 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2010-08-27 15:06:53 ----A---- C:\Windows\SYSWOW64\d3dx9_34.dll
2010-08-27 15:06:53 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2010-08-27 15:06:53 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2010-08-27 15:06:53 ----A---- C:\Windows\system32\xinput1_3.dll
2010-08-27 15:06:53 ----A---- C:\Windows\system32\xactengine2_7.dll
2010-08-27 15:06:53 ----A---- C:\Windows\system32\d3dx9_34.dll
2010-08-27 15:06:53 ----A---- C:\Windows\system32\d3dx10_33.dll
2010-08-27 15:06:53 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2010-08-27 15:06:52 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll
2010-08-27 15:06:52 ----A---- C:\Windows\SYSWOW64\xactengine2_5.dll
2010-08-27 15:06:52 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2010-08-27 15:06:52 ----A---- C:\Windows\system32\xactengine2_6.dll
2010-08-27 15:06:52 ----A---- C:\Windows\system32\xactengine2_5.dll
2010-08-27 15:06:52 ----A---- C:\Windows\system32\d3dx9_33.dll
2010-08-27 15:06:51 ----A---- C:\Windows\SYSWOW64\xactengine2_4.dll
2010-08-27 15:06:51 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2010-08-27 15:06:51 ----A---- C:\Windows\SYSWOW64\d3dx9_32.dll
2010-08-27 15:06:51 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll
2010-08-27 15:06:51 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2010-08-27 15:06:51 ----A---- C:\Windows\system32\xactengine2_4.dll
2010-08-27 15:06:51 ----A---- C:\Windows\system32\x3daudio1_1.dll
2010-08-27 15:06:51 ----A---- C:\Windows\system32\d3dx9_32.dll
2010-08-27 15:06:51 ----A---- C:\Windows\system32\d3dx9_31.dll
2010-08-27 15:06:51 ----A---- C:\Windows\system32\d3dx10.dll
2010-08-27 15:06:50 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2010-08-27 15:06:50 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll
2010-08-27 15:06:50 ----A---- C:\Windows\system32\xinput1_2.dll
2010-08-27 15:06:50 ----A---- C:\Windows\system32\xactengine2_3.dll
2010-08-27 15:06:49 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2010-08-27 15:06:49 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2010-08-27 15:06:49 ----A---- C:\Windows\system32\xinput1_1.dll
2010-08-27 15:06:49 ----A---- C:\Windows\system32\xactengine2_2.dll
2010-08-27 15:06:48 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2010-08-27 15:06:48 ----A---- C:\Windows\system32\xactengine2_1.dll
2010-08-27 15:06:45 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2010-08-27 15:06:45 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2010-08-27 15:06:45 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2010-08-27 15:06:45 ----A---- C:\Windows\system32\xactengine2_0.dll
2010-08-27 15:06:45 ----A---- C:\Windows\system32\x3daudio1_0.dll
2010-08-27 15:06:45 ----A---- C:\Windows\system32\d3dx9_30.dll
2010-08-27 15:06:44 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2010-08-27 15:06:44 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2010-08-27 15:06:44 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2010-08-27 15:06:44 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2010-08-27 15:06:44 ----A---- C:\Windows\system32\d3dx9_29.dll
2010-08-27 15:06:44 ----A---- C:\Windows\system32\d3dx9_28.dll
2010-08-27 15:06:44 ----A---- C:\Windows\system32\d3dx9_27.dll
2010-08-27 15:06:44 ----A---- C:\Windows\system32\d3dx9_26.dll
2010-08-27 15:06:43 ----A---- C:\Windows\SYSWOW64\d3dx9_25.dll
2010-08-27 15:06:43 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2010-08-27 15:06:43 ----A---- C:\Windows\system32\d3dx9_25.dll
2010-08-27 15:06:43 ----A---- C:\Windows\system32\d3dx9_24.dll
2010-08-27 14:20:16 ----D---- C:\Program Files (x86)\Microsoft Works
2010-08-27 14:20:05 ----D---- C:\Program Files (x86)\Microsoft Visual Studio
2010-08-27 14:19:57 ----D---- C:\Windows\PCHEALTH
2010-08-27 14:18:37 ----D---- C:\Program Files\Microsoft Office
2010-08-27 14:18:33 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2010-08-27 14:18:05 ----D---- C:\ProgramData\Microsoft Help
2010-08-27 14:18:05 ----D---- C:\Program Files (x86)\Microsoft Office
2010-08-27 14:17:32 ----RHD---- C:\MSOCache
2010-08-27 13:44:10 ----D---- C:\ProgramData\Sun
2010-08-27 13:44:10 ----D---- C:\Program Files (x86)\RapidShareManager
2010-08-27 13:43:39 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2010-08-27 13:43:32 ----D---- C:\Program Files (x86)\Java
2010-08-27 13:39:04 ----D---- C:\_OSTATNI
2010-08-27 13:38:49 ----D---- C:\_FILMY
2010-08-27 13:37:46 ----D---- C:\_FOTO
2010-08-27 13:37:35 ----D---- C:\_HUDBA
2010-08-27 13:37:23 ----D---- C:\_HRY
2010-08-27 13:30:56 ----D---- C:\Program Files (x86)\WinRARx86
2010-08-27 13:28:13 ----A---- C:\Windows\system32\drivers\sptd.sys
2010-08-27 13:27:58 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2010-08-27 13:27:37 ----D---- C:\Users\OEM\AppData\Roaming\DAEMON Tools Lite
2010-08-27 13:27:35 ----D---- C:\ProgramData\DAEMON Tools Lite
2010-08-27 13:05:29 ----D---- C:\Users\OEM\AppData\Roaming\WinRAR
2010-08-27 12:48:40 ----D---- C:\ProgramData\Adobe
2010-08-27 12:48:40 ----D---- C:\Program Files (x86)\Adobe
2010-08-27 12:46:29 ----D---- C:\Users\OEM\AppData\Roaming\Macromedia
2010-08-27 12:46:29 ----D---- C:\Users\OEM\AppData\Roaming\Adobe
2010-08-27 12:45:23 ----D---- C:\Windows\SYSWOW64\Macromed
2010-08-27 12:42:43 ----D---- C:\Users\OEM\AppData\Roaming\Mozilla
2010-08-27 12:39:52 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-08-26 14:01:38 ----D---- C:\Users\OEM\AppData\Roaming\ATI
2010-08-26 14:01:38 ----D---- C:\ProgramData\ATI
2010-08-26 14:00:30 ----D---- C:\Program Files\Common Files\ATI Technologies
2010-08-26 14:00:29 ----D---- C:\Program Files (x86)\ATI
2010-08-26 14:00:09 ----D---- C:\Program Files (x86)\ATI Technologies
2010-08-26 13:59:43 ----D---- C:\Program Files\ATI Technologies
2010-08-26 13:59:42 ----D---- C:\Program Files\ATI
2010-08-26 13:58:38 ----D---- C:\ATI
2010-08-26 13:56:55 ----D---- C:\ProgramData\InstallShield
2010-08-26 13:56:54 ----D---- C:\Program Files\GIGABYTE
2010-08-26 13:56:54 ----D---- C:\Program Files (x86)\GIGABYTE
2010-08-26 13:56:54 ----A---- C:\Windows\system32\drivers\AppleCharger.sys
2010-08-26 13:56:54 ----A---- C:\Windows\system32\AppleChargerSrv.exe
2010-08-26 13:56:34 ----D---- C:\Program Files (x86)\NEC Electronics
2010-08-26 13:56:24 ----R---- C:\Windows\SYSWOW64\xRaidAPI.dll
2010-08-26 13:56:23 ----R---- C:\Windows\SYSWOW64\XSrvSetup.exe
2010-08-26 13:56:23 ----R---- C:\Windows\SYSWOW64\xRaidSetup.exe
2010-08-26 13:56:23 ----D---- C:\RaidTool
2010-08-26 13:56:08 ----A---- C:\Windows\system32\drivers\jraid.sys
2010-08-26 13:56:05 ----D---- C:\Windows\RaidTool
2010-08-26 13:55:27 ----A---- C:\Windows\system32\RTNUninst64.dll
2010-08-26 13:55:27 ----A---- C:\Windows\system32\RtNicProp64.dll
2010-08-26 13:55:27 ----A---- C:\Windows\system32\drivers\Rt64win7.sys
2010-08-26 13:53:29 ----D---- C:\Windows\SYSWOW64\RTCOM
2010-08-26 13:53:29 ----D---- C:\Program Files\Realtek
2010-08-26 13:53:19 ----A---- C:\Windows\system32\RtkHDM64.dll
2010-08-26 13:53:19 ----A---- C:\Windows\system32\RTEEP64H.dll
2010-08-26 13:53:19 ----A---- C:\Windows\system32\RTEEL64H.dll
2010-08-26 13:53:19 ----A---- C:\Windows\system32\RTEEG64H.dll
2010-08-26 13:53:19 ----A---- C:\Windows\system32\RTEED64H.dll
2010-08-26 13:53:19 ----A---- C:\Windows\system32\RHDMEx64.dll
2010-08-26 13:53:19 ----A---- C:\Windows\system32\RHCoInst64.dll
2010-08-26 13:53:19 ----A---- C:\Windows\system32\RH3DHT64.dll
2010-08-26 13:53:19 ----A---- C:\Windows\system32\RH3DAA64.dll
2010-08-26 13:53:19 ----A---- C:\Windows\system32\drivers\RtHDMIVX.sys
2010-08-26 13:53:17 ----A---- C:\Windows\system32\WavesGUILib.dll
2010-08-26 13:53:17 ----A---- C:\Windows\system32\SRSWOW64.dll
2010-08-26 13:53:17 ----A---- C:\Windows\system32\SRSTSX64.dll
2010-08-26 13:53:17 ----A---- C:\Windows\system32\SRSTSH64.dll
2010-08-26 13:53:17 ----A---- C:\Windows\system32\SRSHP64.dll
2010-08-26 13:53:16 ----A---- C:\Windows\system32\RtlCPAPI64.dll
2010-08-26 13:53:16 ----A---- C:\Windows\system32\RtkCfg64.dll
2010-08-26 13:53:15 ----A---- C:\Windows\system32\RtPgEx64.dll
2010-08-26 13:53:15 ----A---- C:\Windows\system32\RtkAPO64.dll
2010-08-26 13:53:15 ----A---- C:\Windows\system32\RtkApi64.dll
2010-08-26 13:53:15 ----A---- C:\Windows\system32\RTEEP64A.dll
2010-08-26 13:53:15 ----A---- C:\Windows\system32\RTCOM64.dll
2010-08-26 13:53:15 ----A---- C:\Windows\system32\drivers\RTKVHD64.sys
2010-08-26 13:53:14 ----A---- C:\Windows\system32\RTEEL64A.dll
2010-08-26 13:53:14 ----A---- C:\Windows\system32\RTEEG64A.dll
2010-08-26 13:53:14 ----A---- C:\Windows\system32\RTEED64A.dll
2010-08-26 13:53:14 ----A---- C:\Windows\system32\RP3DHT64.dll
2010-08-26 13:53:14 ----A---- C:\Windows\system32\RP3DAA64.dll
2010-08-26 13:53:14 ----A---- C:\Windows\system32\RCoInst64.dll
2010-08-26 13:53:13 ----A---- C:\Windows\system32\MaxxAudioEQ.dll
2010-08-26 13:53:13 ----A---- C:\Windows\system32\MaxxAudioAPO20.dll
2010-08-26 13:53:12 ----A---- C:\Windows\system32\FMAPO64.dll
2010-08-26 13:53:11 ----A---- C:\Windows\system32\DTSVoiceClarityDLL64.dll
2010-08-26 13:53:11 ----A---- C:\Windows\system32\DTSSymmetryDLL64.dll
2010-08-26 13:53:11 ----A---- C:\Windows\system32\DTSS2SpeakerDLL64.dll
2010-08-26 13:53:11 ----A---- C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2010-08-26 13:53:11 ----A---- C:\Windows\system32\DTSNeoPCDLL64.dll
2010-08-26 13:53:11 ----A---- C:\Windows\system32\DTSLimiterDLL64.dll
2010-08-26 13:53:11 ----A---- C:\Windows\system32\DTSLFXAPO64.dll
2010-08-26 13:53:11 ----A---- C:\Windows\system32\DTSGFXAPONS64.dll
2010-08-26 13:53:11 ----A---- C:\Windows\system32\DTSGFXAPO64.dll
2010-08-26 13:53:11 ----A---- C:\Windows\system32\DTSGainCompensatorDLL64.dll
2010-08-26 13:53:11 ----A---- C:\Windows\system32\DTSBoostDLL64.dll
2010-08-26 13:53:11 ----A---- C:\Windows\system32\DTSBassEnhancementDLL64.dll
2010-08-26 13:53:10 ----HD---- C:\Program Files (x86)\Temp
2010-08-26 13:53:10 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-08-26 13:53:10 ----D---- C:\Program Files (x86)\Realtek
2010-08-26 13:53:10 ----A---- C:\Windows\system32\AERTAR64.dll
2010-08-26 13:53:10 ----A---- C:\Windows\system32\AERTAC64.dll
2010-08-26 13:53:09 ----R---- C:\Windows\RtlExUpd.dll
2010-08-26 13:52:01 ----A---- C:\Windows\GSetup.ini
2010-08-26 13:42:24 ----D---- C:\Windows\SYSWOW64\Wat
2010-08-26 13:42:24 ----D---- C:\Windows\system32\Wat
2010-08-26 13:37:30 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2010-08-26 13:37:30 ----A---- C:\Windows\system32\msv1_0.dll
2010-08-26 13:35:31 ----D---- C:\Program Files (x86)\Microsoft.NET
2010-08-26 13:35:13 ----SHD---- C:\Windows\Installer
2010-08-26 13:34:21 ----A---- C:\Windows\system32\drivers\sffp_sd.sys
2010-08-26 13:33:51 ----A---- C:\Windows\SYSWOW64\PresentationHostProxy.dll
2010-08-26 13:33:51 ----A---- C:\Windows\SYSWOW64\PresentationHost.exe
2010-08-26 13:33:51 ----A---- C:\Windows\SYSWOW64\netfxperf.dll
2010-08-26 13:33:51 ----A---- C:\Windows\SYSWOW64\mscoree.dll
2010-08-26 13:33:51 ----A---- C:\Windows\SYSWOW64\dfshim.dll
2010-08-26 13:33:51 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-08-26 13:33:51 ----A---- C:\Windows\system32\PresentationHost.exe
2010-08-26 13:33:51 ----A---- C:\Windows\system32\netfxperf.dll
2010-08-26 13:33:51 ----A---- C:\Windows\system32\mscoree.dll
2010-08-26 13:33:51 ----A---- C:\Windows\system32\dfshim.dll
2010-08-26 13:33:42 ----A---- C:\Windows\system32\browserchoice.exe
2010-08-26 13:31:48 ----A---- C:\Windows\system32\MRT.exe
2010-08-26 13:31:13 ----A---- C:\Windows\system32\wmp.dll
2010-08-26 13:31:12 ----A---- C:\Windows\SYSWOW64\wmp.dll
2010-08-26 13:31:11 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2010-08-26 13:31:11 ----A---- C:\Windows\SYSWOW64\CertEnroll.dll
2010-08-26 13:31:11 ----A---- C:\Windows\system32\CertEnroll.dll
2010-08-26 13:31:10 ----A---- C:\Windows\system32\wmploc.DLL
2010-08-26 13:31:09 ----A---- C:\Windows\system32\mshtml.dll
2010-08-26 13:31:08 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2010-08-26 13:31:08 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2010-08-26 13:31:08 ----A---- C:\Windows\system32\ieframe.dll
2010-08-26 13:31:07 ----A---- C:\Windows\SYSWOW64\mstime.dll
2010-08-26 13:31:07 ----A---- C:\Windows\system32\wininet.dll
2010-08-26 13:31:07 ----A---- C:\Windows\system32\urlmon.dll
2010-08-26 13:31:07 ----A---- C:\Windows\system32\mstime.dll
2010-08-26 13:31:06 ----A---- C:\Windows\SYSWOW64\wininet.dll
2010-08-26 13:31:06 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2010-08-26 13:31:06 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2010-08-26 13:31:06 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2010-08-26 13:31:06 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2010-08-26 13:31:06 ----A---- C:\Windows\SYSWOW64\ieui.dll
2010-08-26 13:31:06 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2010-08-26 13:31:06 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2010-08-26 13:31:06 ----A---- C:\Windows\system32\msfeedssync.exe
2010-08-26 13:31:06 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-08-26 13:31:06 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-26 13:31:06 ----A---- C:\Windows\system32\ieui.dll
2010-08-26 13:31:06 ----A---- C:\Windows\system32\iepeers.dll
2010-08-26 13:31:06 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-26 13:31:03 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-26 13:31:02 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2010-08-26 13:31:02 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2010-08-26 13:31:02 ----A---- C:\Windows\system32\shell32.dll
2010-08-26 13:31:01 ----A---- C:\Windows\SYSWOW64\shell32.dll
2010-08-26 13:31:01 ----A---- C:\Windows\SYSWOW64\secproc_isv.dll
2010-08-26 13:31:01 ----A---- C:\Windows\SYSWOW64\secproc.dll
2010-08-26 13:31:01 ----A---- C:\Windows\SYSWOW64\RMActivate_isv.exe
2010-08-26 13:31:01 ----A---- C:\Windows\SYSWOW64\RMActivate.exe
2010-08-26 13:31:01 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-08-26 13:31:01 ----A---- C:\Windows\system32\secproc_isv.dll
2010-08-26 13:31:01 ----A---- C:\Windows\system32\secproc.dll
2010-08-26 13:31:01 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-08-26 13:31:01 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-08-26 13:31:01 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-08-26 13:31:01 ----A---- C:\Windows\system32\RMActivate.exe
2010-08-26 13:31:00 ----A---- C:\Windows\SYSWOW64\t2embed.dll
2010-08-26 13:31:00 ----A---- C:\Windows\SYSWOW64\secproc_ssp_isv.dll
2010-08-26 13:31:00 ----A---- C:\Windows\SYSWOW64\secproc_ssp.dll
2010-08-26 13:31:00 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp_isv.exe
2010-08-26 13:31:00 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp.exe
2010-08-26 13:31:00 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2010-08-26 13:31:00 ----A---- C:\Windows\system32\t2embed.dll
2010-08-26 13:31:00 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-08-26 13:31:00 ----A---- C:\Windows\system32\ntdll.dll
2010-08-26 13:30:59 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2010-08-26 13:30:59 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2010-08-26 13:30:59 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2010-08-26 13:30:59 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2010-08-26 13:30:59 ----A---- C:\Windows\system32\asycfilt.dll
2010-08-26 13:30:58 ----A---- C:\Windows\SYSWOW64\tzres.dll
2010-08-26 13:30:58 ----A---- C:\Windows\system32\tzres.dll
2010-08-26 13:30:56 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2010-08-26 13:30:56 ----A---- C:\Windows\system32\oleaut32.dll
2010-08-26 13:30:55 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2010-08-26 13:30:55 ----A---- C:\Windows\SYSWOW64\secur32.dll
2010-08-26 13:30:55 ----A---- C:\Windows\system32\lsasrv.dll
2010-08-26 13:30:55 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2010-08-26 13:30:54 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2010-08-26 13:30:54 ----A---- C:\Windows\system32\inetcomm.dll
2010-08-26 13:30:54 ----A---- C:\Windows\system32\drivers\fvevol.sys
2010-08-26 13:30:53 ----A---- C:\Windows\SYSWOW64\iccvid.dll
2010-08-26 13:30:52 ----A---- C:\Windows\SYSWOW64\CPFilters.dll
2010-08-26 13:30:52 ----A---- C:\Windows\system32\CPFilters.dll
2010-08-26 13:30:51 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2010-08-26 13:30:51 ----A---- C:\Windows\system32\psisdecd.dll
2010-08-26 13:30:51 ----A---- C:\Windows\system32\msdri.dll
2010-08-26 13:30:49 ----A---- C:\Windows\SYSWOW64\explorer.exe
2010-08-26 13:30:49 ----A---- C:\Windows\system32\winlogon.exe
2010-08-26 13:30:49 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-26 13:30:49 ----A---- C:\Windows\explorer.exe
2010-08-26 13:30:48 ----A---- C:\Windows\SYSWOW64\tsbyuv.dll
2010-08-26 13:30:48 ----A---- C:\Windows\SYSWOW64\schannel.dll
2010-08-26 13:30:48 ----A---- C:\Windows\SYSWOW64\quartz.dll
2010-08-26 13:30:48 ----A---- C:\Windows\SYSWOW64\msyuv.dll
2010-08-26 13:30:48 ----A---- C:\Windows\SYSWOW64\msvidc32.dll
2010-08-26 13:30:48 ----A---- C:\Windows\SYSWOW64\msrle32.dll
2010-08-26 13:30:48 ----A---- C:\Windows\SYSWOW64\mciavi32.dll
2010-08-26 13:30:48 ----A---- C:\Windows\SYSWOW64\iyuv_32.dll
2010-08-26 13:30:48 ----A---- C:\Windows\SYSWOW64\avifil32.dll
2010-08-26 13:30:48 ----A---- C:\Windows\system32\tsbyuv.dll
2010-08-26 13:30:48 ----A---- C:\Windows\system32\schannel.dll
2010-08-26 13:30:48 ----A---- C:\Windows\system32\quartz.dll
2010-08-26 13:30:48 ----A---- C:\Windows\system32\msyuv.dll
2010-08-26 13:30:48 ----A---- C:\Windows\system32\msvidc32.dll
2010-08-26 13:30:48 ----A---- C:\Windows\system32\msrle32.dll
2010-08-26 13:30:48 ----A---- C:\Windows\system32\iyuv_32.dll
2010-08-26 13:30:48 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-08-26 13:30:48 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-26 13:30:48 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-26 13:30:47 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2010-08-26 13:30:47 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2010-08-26 13:30:47 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2010-08-26 13:30:47 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2010-08-26 13:30:47 ----A---- C:\Windows\system32\msxml3.dll
2010-08-26 13:30:47 ----A---- C:\Windows\system32\fontsub.dll
2010-08-26 13:30:47 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2010-08-26 13:30:47 ----A---- C:\Windows\system32\cdd.dll
2010-08-26 13:30:47 ----A---- C:\Windows\system32\atmlib.dll
2010-08-26 13:30:47 ----A---- C:\Windows\system32\atmfd.dll
2010-08-26 13:30:46 ----A---- C:\Windows\SYSWOW64\wow32.dll
2010-08-26 13:30:46 ----A---- C:\Windows\SYSWOW64\user.exe
2010-08-26 13:30:46 ----A---- C:\Windows\SYSWOW64\setup16.exe
2010-08-26 13:30:46 ----A---- C:\Windows\SYSWOW64\rtutils.dll
2010-08-26 13:30:46 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2010-08-26 13:30:46 ----A---- C:\Windows\SYSWOW64\msasn1.dll
2010-08-26 13:30:46 ----A---- C:\Windows\SYSWOW64\instnm.exe
2010-08-26 13:30:46 ----A---- C:\Windows\system32\wow64.dll
2010-08-26 13:30:46 ----A---- C:\Windows\system32\rtutils.dll
2010-08-26 13:30:46 ----A---- C:\Windows\system32\msasn1.dll
2010-08-26 13:30:45 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2010-08-26 13:30:45 ----A---- C:\Windows\SYSWOW64\jscript.dll
2010-08-26 13:30:45 ----A---- C:\Windows\system32\win32k.sys
2010-08-26 13:30:45 ----A---- C:\Windows\system32\vbscript.dll
2010-08-26 13:30:45 ----A---- C:\Windows\system32\jscript.dll
2010-08-26 13:21:43 ----D---- C:\Windows\Panther
2010-08-26 13:15:23 ----N---- C:\Windows\system32\MpSigStub.exe
2010-08-26 12:59:19 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2010-08-26 12:59:19 ----A---- C:\Windows\system32\wintrust.dll
2010-08-26 12:59:18 ----A---- C:\Windows\SYSWOW64\cabview.dll
2010-08-26 12:59:18 ----A---- C:\Windows\system32\cabview.dll
2010-08-26 12:58:21 ----D---- C:\Users\OEM\AppData\Roaming\Identities
2010-08-26 12:58:03 ----SD---- C:\Users\OEM\AppData\Roaming\Microsoft
2010-08-26 12:58:03 ----D---- C:\Users\OEM\AppData\Roaming\Media Center Programs
2010-08-26 12:57:52 ----SHD---- C:\Recovery
2010-08-26 12:57:52 ----SHD---- C:\ProgramData\Šablony
2010-08-26 12:57:52 ----SHD---- C:\ProgramData\Plocha
2010-08-26 12:57:52 ----SHD---- C:\ProgramData\Oblíbené položky
2010-08-26 12:57:52 ----SHD---- C:\ProgramData\Nabídka Start
2010-08-26 12:57:52 ----SHD---- C:\ProgramData\Dokumenty
2010-08-26 12:57:52 ----SHD---- C:\ProgramData\Data aplikací
2010-08-26 12:57:48 ----D---- C:\Windows\SoftwareDistribution
2010-08-26 12:22:35 ----D---- C:\Windows\Prefetch
2010-08-26 12:22:24 ----ASH---- C:\pagefile.sys
2010-08-26 12:22:21 ----SHD---- C:\System Volume Information
2010-08-26 12:22:21 ----ASH---- C:\hiberfil.sys

======List of files/folders modified in the last 1 months======

2010-09-08 11:58:14 ----D---- C:\Windows\Temp
2010-09-08 11:58:13 ----RD---- C:\Program Files
2010-09-08 11:53:44 ----D---- C:\Windows\debug
2010-09-08 11:53:44 ----D---- C:\Windows
2010-09-08 11:51:21 ----D---- C:\Windows\System32
2010-09-08 11:51:21 ----D---- C:\Windows\inf
2010-09-08 11:51:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-09-08 11:50:45 ----RD---- C:\Program Files (x86)
2010-09-08 11:49:56 ----D---- C:\Windows\system32\config
2010-09-08 10:25:03 ----D---- C:\Windows\SYSWOW64\drivers
2010-09-08 10:25:02 ----HD---- C:\ProgramData
2010-09-08 10:25:02 ----D---- C:\Windows\system32\drivers
2010-09-08 10:09:20 ----D---- C:\Windows\system32\drivers\etc
2010-09-07 15:53:34 ----D---- C:\Windows\SysWOW64
2010-09-07 09:02:16 ----D---- C:\Windows\winsxs
2010-09-06 20:52:41 ----SD---- C:\ProgramData\Microsoft
2010-09-06 11:37:55 ----D---- C:\Windows\system32\Tasks
2010-09-06 11:37:39 ----D---- C:\Program Files (x86)\Common Files
2010-09-01 19:29:56 ----RSD---- C:\Windows\assembly
2010-08-30 08:52:00 ----D---- C:\Windows\system32\catroot2
2010-08-28 20:01:34 ----D---- C:\Windows\system32\LogFiles
2010-08-28 17:38:12 ----D---- C:\Windows\system32\wdi
2010-08-28 11:25:58 ----D---- C:\Windows\system32\catroot
2010-08-28 11:25:57 ----D---- C:\Windows\system32\DriverStore
2010-08-28 10:53:40 ----D---- C:\Windows\system32\drivers\UMDF
2010-08-27 15:23:26 ----D---- C:\Windows\Microsoft.NET
2010-08-27 15:06:11 ----D---- C:\Windows\Logs
2010-08-27 15:02:10 ----RSD---- C:\Windows\Fonts
2010-08-27 14:56:07 ----A---- C:\Windows\win.ini
2010-08-27 14:20:10 ----D---- C:\Program Files (x86)\MSBuild
2010-08-27 14:20:05 ----D---- C:\Windows\ShellNew
2010-08-27 14:19:24 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-08-27 12:41:07 ----D---- C:\Windows\Tasks
2010-08-27 12:34:36 ----D---- C:\Windows\SYSWOW64\migration
2010-08-27 12:34:36 ----D---- C:\Windows\system32\migration
2010-08-27 12:34:36 ----D---- C:\Program Files\Internet Explorer
2010-08-27 12:34:36 ----D---- C:\Program Files (x86)\Internet Explorer
2010-08-26 14:42:05 ----D---- C:\Windows\rescache
2010-08-26 14:00:30 ----D---- C:\Program Files\Common Files
2010-08-26 13:56:54 ----D---- C:\Windows\Downloaded Program Files
2010-08-26 13:42:28 ----D---- C:\Program Files\Windows Media Player
2010-08-26 13:42:28 ----D---- C:\Program Files (x86)\Windows Media Player
2010-08-26 13:42:27 ----D---- C:\Program Files\Windows Mail
2010-08-26 13:42:27 ----D---- C:\Program Files (x86)\Windows Mail
2010-08-26 13:42:26 ----D---- C:\Windows\AppPatch
2010-08-26 13:42:25 ----D---- C:\Windows\SYSWOW64\cs-CZ
2010-08-26 13:42:25 ----D---- C:\Windows\system32\cs-CZ
2010-08-26 13:42:24 ----D---- C:\Windows\ehome
2010-08-26 13:35:31 ----D---- C:\Windows\SYSWOW64\en-US
2010-08-26 13:35:31 ----D---- C:\Windows\system32\en-US
2010-08-26 12:59:20 ----D---- C:\Windows\system32\restore
2010-08-26 12:58:17 ----SHD---- C:\$Recycle.Bin
2010-08-26 12:58:00 ----RD---- C:\Users
2010-08-26 12:57:52 ----D---- C:\Windows\system32\Recovery
2010-08-26 12:57:52 ----D---- C:\Program Files\Windows NT
2010-08-26 12:35:58 ----D---- C:\Windows\system32\CodeIntegrity
2010-08-26 12:25:06 ----D---- C:\Windows\system32\sysprep

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2010-01-27 115312]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2007-02-07 14104]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-08-27 834544]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 21544]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-06-28 28752]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-06-28 121936]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-06-28 51280]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-06-28 20048]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-06-28 61008]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-05-27 6856192]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-05-27 264192]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-04-06 2337440]
R3 netr28x;Ralink 802.11n – bezdrátový ovladač pro systém Windows Vista; C:\Windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2010-01-27 231328]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-03-22 347680]
S3 a2kn1jtx;a2kn1jtx; C:\Windows\system32\drivers\a2kn1jtx.sys []
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 WINUSB;Ovladač WinUsb; C:\Windows\system32\DRIVERS\WinUSB.SYS [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-05-27 203264]
R2 Application Updater;Application Updater; C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 JMB36X;JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-08-26 1255736]

-----------------EOF-----------------

#13 Příspěvek od **vyosek** » 08 zář 2010 11:09

Otevrete si poznamkovy blok

Start->spustit->notepad
Vlozte text nize

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-

Soubor ulozte jako oprava.reg
Pri ukladani dejte ulozit jako typ Vsechny soubory (nastevni je uvedeno na obrazku nize)
Zavrit notepad a spustit dvojklikem oprava.reg
Pripadny dotaz na zmenu registru potvrdte
Okno jen problikne a opravi regsitry - soubor muzete smazat

Rucne smazte tyto soubory

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2223249473-2328189983-3562934538-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2223249473-2328189983-3562934538-1000UA.job

Doinstalujte firewall

Jinak log vypada OK

LukeK · #14 Příspěvek od **LukeK** » 08 zář 2010 11:13

Vše uděláno

ještě jednou díky.

Jinak jsem chtěl Kerio, protože to jsem vždy používal (firewal NOD 32), ale zjistil jsem, že Kerio mi nepůjde na 64bit OS, to je škoda. Se ZA nemám nejlepší zkušenosti.

#15 Příspěvek od **vyosek** » 08 zář 2010 11:15

Projedte si sekci fw na nasem foru, pripadne tam hodte dotaz na fw na x64, kolegove co se tim zabyvaji, jiste radi poradi...

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

VIRY.CZ

Win32:Malware-gen v PC

Win32:Malware-gen v PC

Re: Win32:Malware-gen v PC

Re: Win32:Malware-gen v PC

Re: Win32:Malware-gen v PC

Re: Win32:Malware-gen v PC

Re: Win32:Malware-gen v PC

Re: Win32:Malware-gen v PC

Re: Win32:Malware-gen v PC

Re: Win32:Malware-gen v PC

Re: Win32:Malware-gen v PC

Re: Win32:Malware-gen v PC

Re: Win32:Malware-gen v PC

Re: Win32:Malware-gen v PC

Re: Win32:Malware-gen v PC

Re: Win32:Malware-gen v PC