[Preventivní] Kontrola HJT

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Odpovědět
Uživatelský avatar
CZechBoY
Master Level 9.5
Master Level 9.5
Příspěvky: 8813
Registrován: srpen 08
Bydliště: Brno
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele CZechBoY

Re: [Preventivní] Kontrola HJT

Příspěvekod CZechBoY » 17 úno 2011 10:48

jo večer udělám ten OTL, myslim že to vypíná všechny okna tak až večer ;-)
ten ComboFix to neodinstalovalo z důvodu že příkaz nebyl nalezen ;-)
PHP, Nette, MySQL, C#, TypeScript, Python
IntelliJ Idea, Docker, Opera browser, Linux Mint
iPhone XS
Raspberry PI 3 (KODI, Raspbian)
XBox One S, PS 4, nVidia GeForce NOW
Nahoru
Reklama
Top
Uživatelský avatar
bledulka
Level 5
Level 5
Příspěvky: 2242
Registrován: srpen 09
Pohlaví: Žena
Stav:
Offline

Re: [Preventivní] Kontrola HJT

Příspěvekod bledulka » 17 úno 2011 23:04

ok
Nahoru
Uživatelský avatar
CZechBoY
Master Level 9.5
Master Level 9.5
Příspěvky: 8813
Registrován: srpen 08
Bydliště: Brno
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele CZechBoY

Re: [Preventivní] Kontrola HJT

Příspěvekod CZechBoY » 21 úno 2011 23:51

tak jsem udělal to OTL, ten screen je z nějakýho starýho, nebo 32bitovýho OTL, mám tma úplně jiný možnosti na zatržení :(


OTL logfile created on: 21.2.2011 23:43:49 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\CZechBoY\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 65,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): c:\pagefile.sys 2048 8192 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 37,25 Gb Total Space | 14,24 Gb Free Space | 38,22% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 4,95 Gb Free Space | 25,33% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 38,98 Gb Free Space | 79,84% Space Free | Partition Type: NTFS
Drive F: | 164,51 Gb Total Space | 31,64 Gb Free Space | 19,23% Space Free | Partition Type: NTFS

Computer Name: MNO | User Name: CZechBoY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.02.21 23:42:05 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\CZechBoY\Desktop\OTL.exe
PRC - [2011.02.21 21:43:09 | 000,015,872 | ---- | M] (Microsoft) -- C:\Users\CZechBoY\Desktop\new server\Chmat Tools objednavky async.exe
PRC - [2011.02.20 23:38:19 | 000,016,896 | ---- | M] (Microsoft) -- C:\Users\CZechBoY\Desktop\new server\CH admin UDP async_prava.exe
PRC - [2011.01.28 20:51:48 | 000,943,472 | ---- | M] (Opera Software) -- F:\Programy(x86)\Opera\opera.exe
PRC - [2011.01.27 16:51:04 | 007,626,104 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
PRC - [2011.01.27 16:51:04 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.12.23 17:52:10 | 006,012,800 | ---- | M] () -- F:\Programy(x86)\QIP Infium\infium.exe
PRC - [2010.12.09 11:47:04 | 001,595,744 | ---- | M] (Nullsoft, Inc.) -- F:\Programy(x86)\Winamp\winamp.exe
PRC - [2010.10.20 18:20:26 | 001,168,175 | ---- | M] () -- C:\Users\CZechBoY\Desktop\new server\ServerJabko2.exe
PRC - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.06.15 02:54:22 | 002,320,304 | ---- | M] (Beepa P/L) -- F:\Programy(x86)\Fraps\fraps.exe
PRC - [2010.06.09 15:15:34 | 000,417,906 | ---- | M] () -- F:\Programy(x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
PRC - [2004.09.04 12:57:44 | 001,126,400 | ---- | M] (Idea2) -- F:\Programy(x86)\Desktop Sidebar_old\dsidebar.exe
PRC - [2004.03.23 08:41:36 | 000,831,488 | ---- | M] () -- E:\WPE\WPE PRO.exe


========== Modules (SafeList) ==========

MOD - [2011.02.21 23:42:05 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\CZechBoY\Desktop\OTL.exe
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010.06.15 02:54:34 | 000,206,768 | ---- | M] (Beepa P/L) -- F:\Programy(x86)\Fraps\fraps32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010.12.14 14:39:14 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010.11.25 08:47:08 | 003,152,200 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV:64bit: - [2010.08.26 02:57:14 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.01.27 16:51:04 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.12.14 14:42:40 | 002,019,648 | ---- | M] (TuneUp Software) [Auto | Running] -- F:\Programz(x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.12.14 14:39:10 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.12.06 08:31:50 | 002,101,640 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- F:\Programy(x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.07.16 17:23:30 | 006,638,080 | ---- | M] () [Auto | Stopped] -- F:\Programy(x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (AllShare)
SRV - [2010.06.14 11:28:50 | 002,069,880 | ---- | M] (RealVNC Ltd.) [On_Demand | Stopped] -- F:\Programy\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011.01.12 10:42:16 | 000,016,376 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TVMonitor.sys -- (MonitorFunction)
DRV:64bit: - [2011.01.12 10:42:12 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2010.12.22 15:08:50 | 000,154,256 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010.09.28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.08.26 04:37:26 | 007,767,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.08.26 02:20:56 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.08.25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.07.15 13:47:42 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.06.14 11:17:04 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror)
DRV:64bit: - [2010.02.03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 21:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2010.11.24 15:32:22 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\Programy(x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2010.11.18 14:38:39 | 000,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010.10.07 12:34:32 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- F:\Programz(x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.03.17 22:34:36 | 000,068,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\Programy(x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys -- (VSPerfDrv100)
DRV - [2010.01.29 10:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- F:\Programy(x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2007.02.07 19:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1913805740-196726431-4255557853-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
IE - HKU\S-1-5-21-1913805740-196726431-4255557853-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.cz/"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: F:\Programy(x86)\Mozilla Firefox\components [2011.01.10 15:53:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: F:\Programy(x86)\Mozilla Firefox\plugins [2011.01.10 15:53:09 | 000,000,000 | ---D | M]

[2010.10.13 17:52:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CZechBoY\AppData\Roaming\Mozilla\Extensions
[2011.02.06 20:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CZechBoY\AppData\Roaming\Mozilla\Firefox\Profiles\s4n70o8v.default\extensions
[2010.12.24 03:53:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\CZechBoY\AppData\Roaming\Mozilla\Firefox\Profiles\s4n70o8v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.02.06 20:46:54 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\CZechBoY\AppData\Roaming\Mozilla\Firefox\Profiles\s4n70o8v.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.02.06 20:46:52 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\CZechBoY\AppData\Roaming\Mozilla\Firefox\Profiles\s4n70o8v.default\extensions\firebug@software.joehewitt.com
[2010.11.06 21:08:30 | 000,000,000 | ---D | M] (Java Console) -- F:\PROGRAMY(X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

Hosts file not found
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Programy\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - F:\Programy(x86)\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - F:\Programy(x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKU\S-1-5-21-1913805740-196726431-4255557853-1001..\Run: [Infium] F:\Programy(x86)\QIP Infium\infium.exe ()
O4 - HKU\S-1-5-21-1913805740-196726431-4255557853-1001..\Run: [SIDEBAR] F:\Programy(x86)\Desktop Sidebar_old\dsidebar.exe (Idea2)
O4 - HKU\S-1-5-21-1913805740-196726431-4255557853-1001..\Run: [uTorrent] F:\Programy(x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1913805740-196726431-4255557853-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1913805740-196726431-4255557853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1913805740-196726431-4255557853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Download with GetRight - F:\Programy(x86)\GetRight\GRDownload.htm ()
O8:64bit: - Extra context menu item: E&xportovat do aplikace Microsoft Excel - F:\Programy\Microsoft Office 2010\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Open with GetRight Browser - F:\Programy(x86)\GetRight\GRBrowse.htm ()
O8:64bit: - Extra context menu item: Subscribe in Desktop Sidebar - F:\Programy(x86)\Desktop Sidebar_old\sbhelp.dll (Idea2)
O8 - Extra context menu item: Download with GetRight - F:\Programy(x86)\GetRight\GRDownload.htm ()
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - F:\Programy\Microsoft Office 2010\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with GetRight Browser - F:\Programy(x86)\GetRight\GRBrowse.htm ()
O8 - Extra context menu item: Subscribe in Desktop Sidebar - F:\Programy(x86)\Desktop Sidebar_old\sbhelp.dll (Idea2)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1913805740-196726431-4255557853-1001\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-1913805740-196726431-4255557853-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011.02.21 23:42:05 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\CZechBoY\Desktop\OTL.exe
[2011.02.21 19:33:06 | 000,000,000 | ---D | C] -- C:\Users\CZechBoY\AppData\Local\Google
[2011.02.21 19:33:02 | 000,000,000 | ---D | C] -- C:\Users\CZechBoY\AppData\Roaming\Google
[2011.02.21 11:56:18 | 000,000,000 | ---D | C] -- C:\Users\CZechBoY\AppData\Local\{CC67FAEF-AAAC-483D-BD3B-1D3E11997106}
[2011.02.20 23:55:49 | 000,000,000 | ---D | C] -- C:\Users\CZechBoY\AppData\Local\{5BB7EFC7-9624-4F7C-9DCD-442F6CE6BD74}
[2011.02.20 11:55:20 | 000,000,000 | ---D | C] -- C:\Users\CZechBoY\AppData\Local\{6BFBC12C-49B5-40E3-812A-F68974A7F351}
[2011.02.19 23:54:51 | 000,000,000 | ---D | C] -- C:\Users\CZechBoY\AppData\Local\{00577CCB-7D69-47E8-9EC2-18FE97A2E6E5}
[2011.02.19 11:54:22 | 000,000,000 | ---D | C] -- C:\Users\CZechBoY\AppData\Local\{ACE56369-6261-433A-96F9-75632D7E2945}
[2011.02.18 23:53:53 | 000,000,000 | ---D | C] -- C:\Users\CZechBoY\AppData\Local\{8FF7A69A-4E6D-4031-B84F-22D38659A05B}
[2011.02.18 12:17:06 | 000,000,000 | ---D | C] -- C:\Users\CZechBoY\Documents\Games for Windows - LIVE Demos
[2011.02.18 11:53:24 | 000,000,000 | ---D | C] -- C:\Users\CZechBoY\AppData\Local\{9BE5AB80-6A8D-42C5-BCC1-DD50F18455D8}
[2011.02.18 03:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011.02.18 03:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2011.02.17 23:52:55 | 000,000,000 | ---D | C] -- C:\Users\CZechBoY\AppData\Local\{327DF527-B7C0-4489-8C3B-EB34FB54F3C1}
[2011.02.17 11:52:26 | 000,000,000 | ---D | C] -- C:\Users\CZechBoY\AppData\Local\{E595C6BF-389C-4230-902B-70D4ED0EFE0A}
[2011.02.17 11:28:36 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.02.16 23:52:08 | 000,000,000 | ---D | C] -- C:\Users\CZechBoY\AppData\Local\{7F46419C-D9A8-42C9-8A3C-F83BC63AE861}
[2011.02.15 18:51:15 | 000,000,000 | ---D | C] -- C:\Users\CZechBoY\AppData\Local\{C6A94F33-F3D9-4D63-B9DD-9268E9E7B19F}
[2011.02.15 18:50:42 | 000,000,000 | ---D | C] -- C:\Windows\cs
[2011.02.15 18:46:52 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2011.02.15 18:46:52 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2011.02.15 18:46:52 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2011.02.15 18:46:50 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2011.02.15 18:46:50 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2011.02.15 18:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.02.15 18:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011.02.10 23:21:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011.02.10 10:40:23 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.02.10 10:40:23 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.02.10 10:40:22 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.02.10 10:40:22 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.02.10 10:40:22 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.02.10 10:40:22 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.02.10 10:40:22 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.02.10 10:40:22 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.02.10 10:40:22 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.02.10 10:40:22 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.02.10 10:40:22 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.02.10 10:40:22 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.02.10 10:40:19 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011.02.10 10:40:19 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.02.10 10:40:19 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011.02.10 10:40:19 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.02.10 10:40:18 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.02.10 10:40:16 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011.02.10 10:40:16 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011.02.10 10:40:15 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.02.10 10:40:15 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.02.10 10:40:15 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011.02.10 10:40:15 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2011.02.10 10:40:15 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011.02.10 10:40:15 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011.02.10 10:40:15 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011.02.10 10:40:15 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011.02.10 10:40:14 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011.02.10 10:40:14 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.02.10 10:40:14 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011.02.10 10:40:14 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.02.10 10:40:14 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011.02.10 10:40:14 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.02.10 10:40:14 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.02.10 10:40:13 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011.02.10 10:40:13 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011.02.10 10:40:13 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011.02.10 10:40:13 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.02.10 10:40:13 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.02.10 10:40:13 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011.02.10 10:40:13 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.02.10 10:40:13 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011.02.10 10:40:13 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011.02.10 10:40:13 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011.02.10 10:40:13 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011.02.10 10:40:13 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011.02.10 10:40:13 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011.02.10 10:40:13 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011.02.10 10:40:08 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.02.10 10:40:08 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.02.10 10:40:08 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.02.10 10:40:08 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011.02.07 22:21:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.02.07 22:19:19 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011.02.07 22:13:00 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.02.07 22:13:00 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.02.07 22:13:00 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.02.07 22:12:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.02.07 22:12:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.02.07 22:12:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.02.07 19:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.02.07 19:03:14 | 000,000,000 | ---D | C] -- C:\Users\CZechBoY\AppData\Local\Diagnostics
[2011.01.28 23:04:56 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\rewire.dll
[2011.01.28 23:04:54 | 000,000,000 | ---D | C] -- C:\Users\CZechBoY\AppData\Local\OpenCandy
[2011.01.28 23:04:52 | 000,000,000 | ---D | C] -- C:\Users\CZechBoY\AppData\Roaming\OpenCandy
[2011.01.28 23:04:51 | 000,000,000 | ---D | C] -- C:\Users\CZechBoY\Documents\Image-Line
[2011.01.28 23:04:43 | 001,554,944 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\SysWow64\vorbis.acm
[2011.01.28 23:04:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VstPlugins
[2011.01.28 23:04:38 | 000,000,000 | ---D | C] -- C:\Users\CZechBoY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2011.01.28 23:04:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outsim
[2011.01.28 23:04:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image-Line
[2011.01.28 23:02:08 | 000,000,000 | ---D | C] -- C:\Users\CZechBoY\Desktop\FLStudioXXL9_by_jofiel
[2011.01.23 20:39:10 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011.01.23 20:39:09 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.02.21 23:42:05 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\CZechBoY\Desktop\OTL.exe
[2011.02.21 23:25:04 | 000,025,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.21 23:25:04 | 000,025,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.21 21:57:37 | 000,002,423 | ---- | M] () -- C:\Users\CZechBoY\Desktop\filtry na SS.flt
[2011.02.21 21:55:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.21 21:55:24 | 000,052,316 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2011.02.18 16:27:54 | 000,000,600 | ---- | M] () -- C:\Users\CZechBoY\AppData\Local\PUTTY.RND
[2011.02.18 15:59:11 | 000,020,495 | ---- | M] () -- C:\Users\CZechBoY\.recently-used.xbel
[2011.02.17 13:14:33 | 000,002,030 | -H-- | M] () -- C:\Users\CZechBoY\Documents\Default.rdp
[2011.02.12 12:28:43 | 000,013,787 | ---- | M] () -- C:\Users\CZechBoY\Desktop\WinSCP.ini
[2011.02.12 12:28:43 | 000,000,600 | ---- | M] () -- C:\Users\CZechBoY\AppData\Roaming\winscp.rnd
[2011.02.11 17:20:58 | 000,463,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.01.28 23:04:56 | 000,000,679 | ---- | M] () -- C:\Users\CZechBoY\Desktop\FL Studio 9.lnk
[2011.01.26 07:53:10 | 000,265,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011.01.26 07:31:20 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.02.18 15:59:11 | 000,020,495 | ---- | C] () -- C:\Users\CZechBoY\.recently-used.xbel
[2011.02.15 18:49:01 | 000,001,378 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011.02.15 18:48:15 | 000,002,522 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011.02.07 23:30:15 | 000,000,512 | ---- | C] () -- C:\Users\CZechBoY\Desktop\Avira Premium Security Suite HBEDV KEY [until 2011 August 10].KEY
[2011.02.07 22:13:00 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.02.07 22:13:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.02.07 22:13:00 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.02.07 22:13:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.02.07 22:13:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.02.03 13:47:05 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011.01.28 23:04:56 | 000,000,679 | ---- | C] () -- C:\Users\CZechBoY\Desktop\FL Studio 9.lnk
[2010.12.16 14:30:04 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010.12.13 21:52:18 | 000,007,614 | ---- | C] () -- C:\Users\CZechBoY\AppData\Local\Resmon.ResmonCfg
[2010.11.24 20:52:08 | 000,000,600 | ---- | C] () -- C:\Users\CZechBoY\AppData\Roaming\winscp.rnd
[2010.11.18 20:20:01 | 000,000,110 | ---- | C] () -- C:\Windows\GMouse.ini
[2010.11.07 22:41:20 | 000,000,321 | ---- | C] () -- C:\Windows\WpePro_0delay.INI
[2010.11.03 16:26:10 | 000,000,600 | ---- | C] () -- C:\Users\CZechBoY\AppData\Local\PUTTY.RND
[2010.10.14 09:40:12 | 001,600,262 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.10.13 19:00:59 | 000,000,800 | ---- | C] () -- C:\Users\CZechBoY\AppData\Local\SRDownloader.nast
[2010.10.13 18:56:00 | 000,000,889 | ---- | C] () -- C:\Users\CZechBoY\AppData\Local\SRDownloader.err
[2010.10.13 17:47:35 | 000,003,497 | ---- | C] () -- C:\Windows\WINCMD.INI
[2010.10.13 16:33:05 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010.08.25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.08.25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[1993.07.23 18:31:02 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\Msvcrt10.dll

========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"msnmsgr" = "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background -- [2010.11.10 02:54:18 | 004,240,760 | ---- | M] (Microsoft Corporation)
"uTorrent" = "F:\Programy(x86)\uTorrent\uTorrent.exe" -- [2010.12.15 16:07:12 | 000,395,640 | ---- | M] (BitTorrent, Inc.)
"SIDEBAR" = "F:\Programy(x86)\Desktop Sidebar_old\dsidebar.exe" -- [2004.09.04 12:57:44 | 001,126,400 | ---- | M] (Idea2)
"Skype" = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized -- [2011.01.26 17:05:34 | 015,026,056 | R--- | M] (Skype Technologies S.A.)
"Infium" = "F:\Programy(x86)\QIP Infium\infium.exe" /autorun -- [2010.12.23 17:52:10 | 006,012,800 | ---- | M] ()

< c:\windows\*.* /U >


< MD5 for: AGP440.SYS >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\ERDNT\cache86\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\SysNative\hal.dll
[2009.07.14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll

< MD5 for: IASTORV.SYS >
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: LSASS.EXE >
[2009.07.14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\ERDNT\cache64\lsass.exe
[2009.07.14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\SysNative\lsass.exe
[2009.07.14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009.07.14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009.07.14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\ERDNT\cache64\ndis.sys
[2009.07.14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\SysNative\drivers\ndis.sys
[2009.07.14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache86\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache86\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\ERDNT\cache64\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\SysNative\smss.exe
[2009.07.14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009.07.14 02:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\ERDNT\cache64\ws2_32.dll
[2009.07.14 02:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\SysNative\ws2_32.dll
[2009.07.14 02:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\ERDNT\cache86\ws2_32.dll
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009.07.14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll
[2010.12.18 06:29:18 | 000,185,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\iepeers.dll
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
PHP, Nette, MySQL, C#, TypeScript, Python
IntelliJ Idea, Docker, Opera browser, Linux Mint
iPhone XS
Raspberry PI 3 (KODI, Raspbian)
XBox One S, PS 4, nVidia GeForce NOW
Nahoru
Uživatelský avatar
bledulka
Level 5
Level 5
Příspěvky: 2242
Registrován: srpen 09
Pohlaví: Žena
Stav:
Offline

Re: [Preventivní] Kontrola HJT

Příspěvekod bledulka » 22 úno 2011 10:18

Tohle znáš?
C:\Users\CZechBoY\.recently-used.xbel

Prosím tě, mrkni co je v těch složkách
C:\Users\CZechBoY\AppData\Local\{CC67FAEF-AAAC-483D-BD3B-1D3E11997106}
C:\Users\CZechBoY\AppData\Local\{5BB7EFC7-9624-4F7C-9DCD-442F6CE6BD74}
C:\Users\CZechBoY\AppData\Local\{6BFBC12C-49B5-40E3-812A-F68974A7F351}
C:\Users\CZechBoY\AppData\Local\{00577CCB-7D69-47E8-9EC2-18FE97A2E6E5}
C:\Users\CZechBoY\AppData\Local\{ACE56369-6261-433A-96F9-75632D7E2945}
C:\Users\CZechBoY\AppData\Local\{8FF7A69A-4E6D-4031-B84F-22D38659A05B}
Nahoru
Uživatelský avatar
CZechBoY
Master Level 9.5
Master Level 9.5
Příspěvky: 8813
Registrován: srpen 08
Bydliště: Brno
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele CZechBoY

Re: [Preventivní] Kontrola HJT

Příspěvekod CZechBoY » 22 úno 2011 13:57

nevim co to je zač, soubory nepojmenovávám na začátku tečkou(mám windows, používám jen .htaccess na webech :lol: )
v těch složkách nic nebylo, smazáno

nahodil jsem MWAV - pro informaci, už čistí i v neplacené verzi ;-)
našel mi pár virů - nějaký ICQsniffer, atd.
MWAV píše:Object "Backdoor (IRCBot) Trojans Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "Spyware.ICQSniffer Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "AntiSpyware Pro XP Corrupted Adware/Spyware" found in File System! Action Taken: Entries Removed.
Object "XP AntiMalware Spyware/Adware" found in File System! Action Taken: Entries Removed.
File C:\Windows\KMSAct.exe infected by "Dropped:Application.Keygen.BR (DB)" Virus! Action Taken: File Deleted.
File C:\Windows\NIRCMD.exe infected by "Malware.Win32 (ES)" Virus! Action Taken: File Renamed.
File D:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\INFECTED\4157cea5.qua infected by "Trojan.Generic.1773851 (DB)" Virus! Action Taken: File Renamed.
File D:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\INFECTED\42d7af08.qua infected by "Application.Sniffer.Wpepro.E (DB)" Virus! Action Taken: File Renamed.
File D:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\INFECTED\43332a64.qua infected by "Application.Sniffer.Wpepro.E (DB)" Virus! Action Taken: File Renamed.
File D:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\INFECTED\4ac61f8d.qua infected by "Win32.Induc.A (DB)" Virus! Action Taken: File Renamed.
File D:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\INFECTED\4af816b7.qua infected by "Trojan.Generic.1773851 (DB)" Virus! Action Taken: File Renamed.
File D:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\INFECTED\4b0c7f35.qua infected by "Trojan.Generic.1773851 (DB)" Virus! Action Taken: File Renamed.
File D:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\INFECTED\4b0c7f3a.qua infected by "Application.Sniffer.Wpepro.E (DB)" Virus! Action Taken: File Renamed.
File D:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\INFECTED\4b198973.qua infected by "Virtool.WWHacker.A (DB)" Virus! Action Taken: File Renamed.
File D:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\INFECTED\4b24896c.qua infected by "Trojan.Generic.2101447 (DB)" Virus! Action Taken: File Renamed.
File D:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\INFECTED\4b31906d.qua infected by "Trojan.Generic.1773851 (DB)" Virus! Action Taken: File Renamed.
File D:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\INFECTED\4b31906e.qua infected by "Application.Sniffer.Wpepro.E (DB)" Virus! Action Taken: File Renamed.
File D:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\INFECTED\4b4c8971.qua infected by "Backdoor.Flood.F (DB)" Virus! Action Taken: File Renamed.
File D:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\INFECTED\4b5a48ec.qua infected by "Application.Sniffer.Wpepro.E (DB)" Virus! Action Taken: File Renamed.
File D:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\INFECTED\4b5d54db.qua infected by "Trojan.Generic.1773851 (DB)" Virus! Action Taken: File Renamed.
File D:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\INFECTED\4b675059.qua infected by "Application.Sniffer.Wpepro.E (DB)" Virus! Action Taken: File Renamed.
File E:\Documents and Settings\C Z e ch B o Y\Local Settings\Temp\astlog.exe infected by "Trojan.Generic.KDV.91718 (DB)" Virus! Action Taken: File Renamed.
File E:\Documents and Settings\C Z e ch B o Y\Local Settings\Temp\ipscan.exe infected by "Trojan.Generic.5352136 (DB)" Virus! Action Taken: File Renamed.
File E:\Documents and Settings\C Z e ch B o Y\Local Settings\Temp\mailpv.exe infected by "Gen:Application.Heur.fq0@baweTenO (DB)" Virus! Action Taken: File Renamed.
File E:\Documents and Settings\C Z e ch B o Y\Local Settings\Temp\WirelessKeyView.exe infected by "Gen:Application.Heur.fq0@bWowC9pO (DB)" Virus! Action Taken: File Renamed.

celkem zajímavé že našel viry v karanténě aviry :D
test stále jede, ještě projede program files a už bude nejspíš konec
doufám že až to dojede tak bude PC po restartu v pohodě :-)
PHP, Nette, MySQL, C#, TypeScript, Python
IntelliJ Idea, Docker, Opera browser, Linux Mint
iPhone XS
Raspberry PI 3 (KODI, Raspbian)
XBox One S, PS 4, nVidia GeForce NOW
Nahoru
Uživatelský avatar
bledulka
Level 5
Level 5
Příspěvky: 2242
Registrován: srpen 09
Pohlaví: Žena
Stav:
Offline

Re: [Preventivní] Kontrola HJT

Příspěvekod bledulka » 22 úno 2011 16:24

Ten soubor je ok.
MWAW nemám ráda, občas maže blbosti, nemůžeš si vybrat, jeslti to smazat nebo ne. Smazal mi reg. soubor na obnovu autorunu, ale ten v raru nechal :roll: .
Až dojede, dej vědět, jaký je stav počítače.
Nahoru
Uživatelský avatar
CZechBoY
Master Level 9.5
Master Level 9.5
Příspěvky: 8813
Registrován: srpen 08
Bydliště: Brno
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele CZechBoY

Re: [Preventivní] Kontrola HJT

Příspěvekod CZechBoY » 23 úno 2011 07:51

kde je umístěn log z MWAV?
asi jsem ho přemazal spuštěním MWAVu :(
PHP, Nette, MySQL, C#, TypeScript, Python
IntelliJ Idea, Docker, Opera browser, Linux Mint
iPhone XS
Raspberry PI 3 (KODI, Raspbian)
XBox One S, PS 4, nVidia GeForce NOW
Nahoru
Uživatelský avatar
bledulka
Level 5
Level 5
Příspěvky: 2242
Registrován: srpen 09
Pohlaví: Žena
Stav:
Offline

Re: [Preventivní] Kontrola HJT

Příspěvekod bledulka » 23 úno 2011 08:42

U toho nového nevím, já MWAW nepoužívám, nemám ho ráda :roll: . Kde jsou ty časy, kdy patřil mezi ty lepší skenery.

Spusť OTL
-do bílého okna dole zkopíruj:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:0B4227B4
C:\Users\CZechBoY\AppData\Local\{9BE5AB80-6A8D-42C5-BCC1-DD50F18455D8}
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

:COMMANDS
[emptytemp]
[EMPTYFLASH]
[reboot]

-klikni na tlačítko opravit.
-log vlož zde
Nahoru
Uživatelský avatar
CZechBoY
Master Level 9.5
Master Level 9.5
Příspěvky: 8813
Registrován: srpen 08
Bydliště: Brno
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele CZechBoY

Re: [Preventivní] Kontrola HJT

Příspěvekod CZechBoY » 25 úno 2011 01:33

už zase to nepřihlásilo, jen černá obrazovka a kurzor, musel jsem dát ctrl+alt+del a přepnout uživatele, dal jsem sebe a už tma bylo vše načtené, tohle nechápu...

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\ not found.
File {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ deleted successfully.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: CZechBoY
->Temp folder emptied: 673289965 bytes
->Temporary Internet Files folder emptied: 26386475 bytes
->Java cache emptied: 724557 bytes
->FireFox cache emptied: 43429894 bytes
->Opera cache emptied: 240 bytes
->Flash cache emptied: 6648 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 6336 bytes
%systemroot%\System32 (64bit) .tmp files removed: 6354 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17052669 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50641 bytes
RecycleBin emptied: 31164556 bytes

Total Files Cleaned = 755,00 mb


[EMPTYFLASH]

User: All Users

User: CZechBoY
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02252011_012816

Files\Folders moved on Reboot...
C:\Users\CZechBoY\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
PHP, Nette, MySQL, C#, TypeScript, Python
IntelliJ Idea, Docker, Opera browser, Linux Mint
iPhone XS
Raspberry PI 3 (KODI, Raspbian)
XBox One S, PS 4, nVidia GeForce NOW
Nahoru
Uživatelský avatar
bledulka
Level 5
Level 5
Příspěvky: 2242
Registrován: srpen 09
Pohlaví: Žena
Stav:
Offline

Re: [Preventivní] Kontrola HJT

Příspěvekod bledulka » 25 úno 2011 10:22

Já bych to spíš tipla na nabořený uživatelský profil?
Jinak se počítač chová jak?
Nahoru
Uživatelský avatar
CZechBoY
Master Level 9.5
Master Level 9.5
Příspěvky: 8813
Registrován: srpen 08
Bydliště: Brno
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele CZechBoY

Re: [Preventivní] Kontrola HJT

Příspěvekod CZechBoY » 25 úno 2011 12:02

MSn se laguje celkem...
jinak je PC v poho, už se nelaguje jako před skenem MWAVu
PHP, Nette, MySQL, C#, TypeScript, Python
IntelliJ Idea, Docker, Opera browser, Linux Mint
iPhone XS
Raspberry PI 3 (KODI, Raspbian)
XBox One S, PS 4, nVidia GeForce NOW
Nahoru
Uživatelský avatar
bledulka
Level 5
Level 5
Příspěvky: 2242
Registrován: srpen 09
Pohlaví: Žena
Stav:
Offline

Re: [Preventivní] Kontrola HJT

Příspěvekod bledulka » 25 úno 2011 17:35

Stahni ATF Cleaner http://www.slunecnice.cz/sw/atf-cleaner/
- Na záložce main zaškrtni All users temp a potvrď Empty selected


Ještě znovu otevři OTL a klikni na tlačítko Vyčisti, uklidí po sobě.


Vlož nový log z HJT. Pokud problém s uživatelským učtem přetrvává, napadá mě už jen oprava přes win7 manager.
Nahoru
Odpovědět

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 112 hostů